For the past week or so I have had an Avast One pop-up saying it has aborted connection to smb://187.213.183.60/nsa:cve-2017-0144_EternalBlue, because it was infected with SMB:CVE-2017-0144 [Expl]

This keeps happening over and over again, without me doing anything. A few times I was able to see a small black screen appear for a few milliseconds, but then be replaced with the avast pop-up.

I looked this up here, and multiple people a few years ago had the same thing happen. The fix usually recommended was simply to close port 445. I did this, but it has not helped in the least. Is this a false positive, or is this an actual problem that needs to be fixed?

If it helps, I am on a HP windows 8.1 device.

I will give you a screenshot of the avast pop-up:

In the short time it took to write this post, the pop-up appeared 2 more times.

Edit: In each pop-up, the IP specified is always different, and is from all over the world.

Hi,

I would suggest that you follow the information in this guide:https://support.avast.com/article/EternalBlue-vulnerability/#idt_020

Hi. Thank you for replying.
I followed the guide but it, unfortunately, has not worked. In the past few hours (after I updated my PC), the pop-up has appeared 5 more times.

I ran the avast network inspector and a deep PC scan, but nothing showed up.

Is there anything else I am able to do? I am glad Avast has been able to stop the exploit from being successful, but I would like to fix the actual problem.

Hi,

Which steps did you follow? Perhaps you missed a step. A system restart is required after you apply the security update.
You need to run the MS17-010 security update, or at least disable SMBv1.
https://support.microsoft.com/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server