---

dtuuri wrote:

Norton 360 did not stop the "Vista Internet Security 2012" virus yesterday. As soon as I got it, I started a scan and it found nothing! So I called support, since I couldn't get on the internet. After failing with the steps the tech was trained to do, he told me I would have to PAY for removal! No way! I paid  to catch these things, but I won't pay for the errors too!

 

So, I used a friend's computer to find a site www.spywarehelpcenter.com that gave instructions for downloading their removal tool: www.spywarehelpcenter.com/nuke . I followed the instructions on my infected computer, but Norton 360 would not allow me to install it! Said it was suspicious. I was beginning to wonder which side Norton was on, mine or the virus'. So, I disabled Norton, downloaded the file and ran it. That got back control of my computer. Then I ran Norton's Power Eraser which found and fixed one file.

 

Now, I'm conflicted. Was the site and file I used safe? Is my computer secured again or did I just fall into a trap and download yet another virus, silently stealing my personal information or worse? How do I make sure everything is back to normal and why didn't/doesn't Norton 360 catch this?

 

Thanks

---

Welcome,

No one program is going to protect you from every threat that is created all of the time. It is a fact and there's not much that can be done to change it. They say locks are to keep honest people honest. The crooks still get past them.

The team at Symantec/Norton do their very best to keep their protectioin software as close to the edge as possible so a minimum number of threats slip past. This is one of the reasons that the pulse updates are pushed out every few minutes, in some cases.

The site appears to be valid and the software offered safe. I don't have any experience with them so I am not positive of any of it. I was unable to download the nuke file with my copy of 360 active and current. It might be a good idea to uninstall it as part of your clean up activities.

If you have updated 360 and all of the panels are green you should be good to go. For your peace of mind I'd recommend a full scan with 360. After rebooting I would download, install, update and run Malwarebytes free scanner found here:  http://www.malwarebytes.org/products/malwarebytes_free

it is Norton compatible so you can keep it handy for when you feel the need for a second opinion.

Stay well and surf safe

Hi,

I am curious. How do you know the name of the virus on your machine?

For myself, i would likely restore the computer to a date prior to the virus attack if possible after clearing that violent file of the machine. I would likely run every utilities and rescans including all the DOS scans (found in the harddrive properties window) all of them several times until my paranoia with the event has passed. Also helpful to have a separate harddrive and a test machine and the backups safe.

Cheers,

Lyle.

---

dickevans wrote:

---

---

Welcome,

No one program is going to protect you from every threat that is created all of the time. It is a fact and there's not much that can be done to change it. They say locks are to keep honest people honest. The crooks still get past them.

The team at Symantec/Norton do their very best to keep their protectioin software as close to the edge as possible so a minimum number of threats slip past. This is one of the reasons that the pulse updates are pushed out every few minutes, in some cases.

The site appears to be valid and the software offered safe. I don't have any experience with them so I am not positive of any of it. I was unable to download the nuke file with my copy of 360 active and current. It might be a good idea to uninstall it as part of your clean up activities.

If you have updated 360 and all of the panels are green you should be good to go. For your peace of mind I'd recommend a full scan with 360. After rebooting I would download, install, update and run Malwarebytes free scanner found here:  http://www.malwarebytes.org/products/malwarebytes_free

it is Norton compatible so you can keep it handy for when you feel the need for a second opinion.

Stay well and surf safe

---

I took your advice and Malwarebytes found three more files. It looks like Norton 360 ran a Quick Scan during idle time too, but didn't find anything. I was away from the computer, so don't know for sure if that scan was during or after Malwarebytes scan. The time stamp seemed to indicate during.

Thanks for checking the site I downloaded a fix from. I deleted Nuke-M. I also called the tel. number yesterday and was not impressed with the person I spoke with. Seemed to be a scam artist and got rid of me pronto. Was very evasive and unprofessional. Reverse-lookup on the number indicated it's a third-party assigned number. Why would a legit business use those unless trying to avoid being traced? (Rhetorical question.)

At this point, I'd expect Norton to be on the case and solving it. Doesn't look like it to me. Not happy. Not happy. Not happy! Grrr.

Thanks again for your help.

---

Lyle wrote:

Hi,

 

I am curious. How do you know the name of the virus on your machine?

 

For myself, i would likely restore the computer to a date prior to the virus attack if possible after clearing that violent file of the machine. I would likely run every utilities and rescans including all the DOS scans (found in the harddrive properties window) all of them several times until my paranoia with the event has passed. Also helpful to have a separate harddrive and a test machine and the backups safe.

 

Cheers,

 

Lyle.

---

The virus immediately shuts down Internet Explorer and mimics an anti-virus program called "Vista Internet Security 2012". It posts alarming warnings that the computer is under attack (criminals have black humor, apparently) and runs a fake scan listing all the alleged files that are infected. Then it tries to sell the solution. Any attempt to open email or a browser results in more warnings. It has many aliases too, not just Vista (Google was my friend).

As for restoring... right after the virus struck, Norton Ghost started doing a backup I had missed to an external HD I leave connected. I probably should have stopped it, but with everything else going on, i.e., "Warning! Your system is under attack!", etc. I thought backing up was a good thing. Now I wonder if I backed up the virus too. Malwarebytes found three files, but I couldn't tell where they came from. Does Norton Ghost use the same restore points Windows uses? Once a restore point is created after a virus hits, I'd think it's too late to use it. My settings for Ghost are just one point because it seemed to lock up with more. Took forever to back up. Stuck on 5 %. Not happy about that either, btw.

I don't, and never will, understand these machines. Lord knows I've tried, though. Been chasing my tail with them for 20 years now. The folks who explain it cant seem to relate to me. They either go over my head or insult my intelligence. Never connect on my level. <rant off>

You're right about my paranoia.

i was thinking about my own paranoia when these things happen.

I have seen one of those pseudo-scanner apps, got rid of it by going to an earlier restore point.

I use norton utilities each couple of weeks and the registry scanner creates a restore point before each fix, so I generally have a restore point to go to. If i am doing anything risky, i manually create one.

On the backup, use your virus scanner on the backup drive. I was more thinking of the importance of a regular backup in case windows needs to be reloaded.

Good luck

Hi dtuuri,

I can understand your unhappiness but I cannot offer a way to relieve it. Security software is a defensive product. It has components that try to be proactive but they are not perfect or complete. It works best against known threats. As each new way to 'work around' a security product is discovered Norton, and the other security product vendors, do their best to provide a block, also known as pulse updates. They also work to include a better way to detect the threat in other parts of the program so it can't harm you again.

The best security software you have available is you. Being aware of where you are going on the Internet and what you are clicking on will reduce the risk of infection. Reporting problems helps to insure that they are addressed in a timely manner so others are protected before they discover they too are infected.

I cannot and do not speak for Norton. It may not 'look' like anything is being done but you can be sure that they aren't sleeping on the job or ignoring the fact that customers are still being infected by various threats. Updates continue to be pushed out to all subscribers in hopes of reducing the damage that a threat can cause.

Good as it is Norton does not promise that you will not be infected. I don't know of any vendor who would, or even could, make such a rash promise. Over the past 25 years of playing with computers the only sure way I have found to keep a system completely safe is to leave it in the sealed box that it came in.

Too many words. Stay well and surf safe

Hi dtuuri:

This thread might be of interest to you -

http://community.norton.com/t5/Norton-Internet-Security-Norton/Does-NIS-protect-angainst-Vista-Secur...

I know how you feel. Even I could not get an answer to this.

Atomic_Blast :)

Lyle, Dick--

I appreciate your responses.

My impression is that the author can change the code in response to published solutions on these forums. While trying to resolve the issue after Norton Support refused to help me without more money, I tried using the four different "Keys" that are supposed to trick the malware into thinking a credit card payment was received. These are supposed to be entered via input fields in the imposter AV's solicitation. None worked for me, but several forum posts at various websites had posts claiming success with this method. It's supposed to be a way of regaining, temporarily, the ability to access the internet and/or load a removal tool.

The bleeping.com website was very intimidating for my talents. Too many technical buzzwords. Too many caveats, i.e., "If it does 'such and such', do 'so and so', unless it does 'this or that'." Visually, I found the page confusing with hyperlinks and instructions seemly spread all around. Maybe it's just me? If I recall, I downloaded a so-called "NCR" (?) file from another machine that was supposed to fix the registry and plugged it into the USB port. It didn't work, so I bleeping walked away from bleepingcomputer.com at that point. That's when I found the site I wound up having to disable Norton 360 to install. Still wondering what I got myself into. Here's their number if someone better than I can scope them out: Spyware Help Center nuke-M : 888-801-8751.

So, as for Norton, 360 with all the updates didn't find it even when it was running. After I got control of my computer again using nuke-M and ran Norton's updated Power Eraser, it only found one file. Malwarebytes found three more after that. Now I'm wondering if the virus is simply hiding for awhile. Or worse.

One last thing. I'm always careful about surfing. Don't go to porn sites. I seem to have got this thing while researching vitamins.

Thanks again guys. I hope someone is smart enough to put this guy out of business (and behind bars).

dtuuri