01-24-2012 10:33 AM - edited 01-24-2012 10:40 AM
Did I suggest running the Scans in Safe Mode?
Please run the NIS and MBAM scans from a full boot, not in Safe Mode.
There is a known bug in Safe Mode Scan under NIS 2012 with Compressed Files.
Please read this thread for more information.
Since they are probably being detected as False Positives (FP's) I would suggest also reading this thread as well in order to restore these files from Quarantine. Once done, you should be able to re-run the NIS scan much more reliably.
Symantec is working on a patch (NIS update) to fix this problem and others in NIS 2012.
Please post back with your results.
01-25-2012 07:58 AM
I ran it in Safe mode because the PC had locked up when I left in normal mode. Anyway, I retreived the quarantined items, mostly from my archive backups and a couple from the quarantine list.
I then ran MBAM - with no problems
Malwarebytes Anti-Malware 184.108.40.2060 www.malwarebytes.org
Database version: v2012.01.24.04
Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: FREYR [administrator]
24/01/2012 19:39:12 mbam-log-2012-01-24 (19-39-12).txt
Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 540952 Time elapsed: 55 minute(s), 59 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 0 (No malicious items detected)
I then Norton Full Scan, and kept checking that it was running. The PC did lock at the end, and Norton quarantine a few files:
Category: Quarantine Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename 2012-01-24 21:56:11,High,Suspicious.Cloud.7.L detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\updates\stickies\pnotes_7_0_107\pnskin
Checking that list, the PNotes file 'pen 1.skn' and the Magenta 'diskfmt.exe' had picked up before. The Helmuth file 'profnavi14.dll' and the 'felix2.exe' had not been picked before. Personally, I suspect that the files are not viruses, given that are official install files, but I can ignore that.
I ran the scan again this morning which came up clean, apart from some cookie files.
OK, so the system is good, which puts me back to the original question - Why does Norton give me errors on accessing Ancestry.co.uk and how do i tell Norton that the site is 'safe'.
01-25-2012 08:27 AM - edited 01-25-2012 08:38 AM
Good. Now we are back to the starting point.
May I suggest flushing all your cookies from IE 9 (you will need to temporarily uncheck Preserve Favorites website data.) then restart IE 9 and try the Ancestry.co.uk website again. If that does not work, I would reset IE 9 back to it's default state and retry the website one more time.
Another thought is installing another browser such as Firefox or Chrome just to test the URL.
Something on your system is not working right anyway, hence the lockups.
We can go from there, OK?
01-25-2012 09:45 AM - last edited on 01-25-2012 11:42 AM by Gayathri_R
Do we think that the problem is with cookies? I can always get into Ancestry with no problems. The problem is with Norton blocking access to some pages, and these are generally images such as census pages which are normally Adobe Flash images. My copy of Adobe is up to date - 220.127.116.11.
I have just loaded a census page and then worked forward through the census. After about 10 pages I get a failure:
symres:C:\Program Files (x86)\Norton Internet Security\MUI\18.104.22.168\09\01\coUICtlr.loc/SUSPICIO
Suspicious Web Page Blocked
You attempted to access:
http:// search . ancestry . co.uk/ Browse/ view.aspx?dbid=8860&path=Gloucestershire. Bristol+St+Philip+and+St+Jacob.St+Philip+and+Jacob
For your protection, this web page has been blocked and submitted for review. Visit Symantec to learn more about phishing and internet security.
Visiting the site gives me the 'static' web page, but with the display as solid black. Norton is not reporting anything in the full history. The normal HTML parts seem to be working. When I clicked on the Custom drop down I got any error that IE has stopped working. In that case IE then closed the page, but at other times it manages to reload it. I have then reconnected backto Ancestry, gone back to the census page I had started with and then jumped to the one that had failed.It did load, but seem to take longer.
The next page again come up black, with very little network activity. No effect to a request to pit the image and a reload recovers the basic page, but still no image. The next page loaded normally, and a step back still fails, so that page may be a problem so I have reported it to Ancestry.
Rather than removing the cookies, I will try out Chrome tomorrow.
Is there any information on why Norton would regard the pages as 'phishing' ??
01-26-2012 06:54 AM - edited 01-26-2012 07:12 AM
You might also wish to consider cleanly uninstalling and reinstalling Java and Flash Player with the latest revisions. It can't hurt.
I feel that something else is in play here but I'm not sitting in front of our computer, so it's hard to pass judgment.
The Antiphishing component analyzes the security level of the Web sites that you visit. I don't know exactly why it is detecting this state. Could be that some element on the website is initiating it but everything ties in with your browser, java and flash, I think.
Please try all the steps which I had mentioned and let's see what happens. You can always backup your cookies to a folder.
Let us know how you do.
01-26-2012 08:01 AM
I have started testing it with Chrome - so far no problems. I picked the same census that I was reading yesterday and went through some 20 pages with no errors. I then loaded IE and ran the same test. It failed after 11? pages - it got the one that had failed yesterday and then errored on the next page, which had been showing up without the image yesterday. So it looks like a problem with Norton and IE?
01-26-2012 08:36 AM
From Message #13 -
"May I suggest flushing all your cookies from IE 9 (you will need to temporarily uncheck Preserve Favorites website data.) then restart IE 9 and try the Ancestry.co.uk website again. If that does not work, I would reset IE 9 back to it's default state and retry the website one more time."
This is what I would suggest as the next step.
01-27-2012 09:38 AM
Some test results before I clear the cookies and reset IE.
I removed FlashPlayer, rebooted and reinstalled it. Java is not installed. Left the Cookies installed. Checked through the web pages - got any error about 11 pages through the census pages. Went to the page and only got part of the page shown, and other parts appeared as I moved the cursor over them. Tried to move back to the page with the signout option, which me need to jump back to one of the earlier pages and thne jump back again (right clicks on <= button). Got a Norton error and tried to jump back again - got a long wait. Tried again and got an error message that IE had crashed and it then reloaded the page. Jumped back and signed out, and then rebooted.
Tried again while running Task Manager. As I go through the pages, system memory is being used. Currently I am using 3.1GB, and it gets up to about 4.3GB and then gets a problem. It gets the Norton error and then going to the page just gets a black image with no data. Try move forward or back then and I get IE going 100% CPU for a period and having 1.27GB memory. After a timeout in the system, IE reloads the page and the saved memory is released. Then again moving forward works for 12 - 15 pages, with memory growing until it errors again. It either puts up a dialog in the centre of the display or shows it as a warning on the bottom 'ancestry.co.uk is not responding' with a 'recover webpage' button. The dialog then appeared saying that 'Windows was looking for a solution to the problem', the memory is released and the page then reloads. Even if I just view a page, go back to the list of images and open the next one, the memory still grows until I get an error. Also, I normally have several tabs open in Ancestry and I suspect that the problem occurs within the tab, as I can happily use the other tabs while the failed one is recovering.
I have just tried it with Chrome and the memory is not growing as I go through the images.
Checking through the system, the Adobe Flash Player was last updated on 4th December. NIS 2012 was installed in 1st January and the problem has only occured since then, and as far as I can tell since the last set of Windows updates on 11th January. There were some security issue fixes installed then, as well as updates to .NET 3.5 and 4.
I am wondering if are getting a problem between IE, NIS 2012 and Flash Player not releasing memory as it move from one image to another page, and then getting problems with the amount of memory that NIS needs to scan as the number of images grows.
01-27-2012 03:32 PM
If no-one suggested it already you might try a standard fix for IE problems -- the RESET button that is accessed:
Menu bar / Tools / Intenet Options / Advanced TAB > RESET button.
Some of the things you have tried are included in what that does but it's a good way to get back to basics in IE and then if it is OK like that reintroduce the add-ons that were disabled, that will include the Norton Toolbar and other stuff.
01-28-2012 08:19 AM
Just noticed that you had posted and huwyngr responded (thanks, Hugh.)
If you take a look at my post #17 above, I had recommended a RESET of IE 9. Did you do that just yet?
Here is another resource for you should you have difficulty locating the RESET button...
Please let us know your current status.