11-30-2011 01:24 PM
Yesterday I start receiving Norton warnings from the autoprotect, in regards to Trojan.Gen.2, trojan horse and downloader. The message indicated that autoprotect blocked those threats. However I notice that the windows firewall and the MS antimalware tool were not working. Now I can't launch any of those. And when I try to run a symantec scan I receive an error (Norton error 0x00003f4) and the scan does not start. Apparently also my antivirus is not working. Another symptom was that when I rebooted my PC yesterday, it could not start normally and start searching for repair. I have Windows Vista 32 and Symantec Norton Internet Security. How can I clean my system? Thanks.
12-01-2011 08:11 AM - edited 12-01-2011 08:42 AM
Welcome to the Norton community.
I have a 32-bit Vista OS, and It is normal for the Windows Firewall and Windows Defender to be disabled when NIS 2012 is installed. NIS 2012 does this automatically because it's dangerous to run more that one firewall and/or anti-virus program in real-time protection mode because it could cause a conflict if malware ever attacks your system. Essentially, the two anti-virus programs will "argue" about which software should handle the malware and allow the malware to infect your system.
You should run a thorough Check Disk (chkdsk.exe) scan on your system to see if this can repair your Windows OS. Instructions are posted here (see Section C).
You might also want to try running a full system scan with the free Malwarebytes' Anti-Malware (MBAM) scanner. MBAM will occasionally detect malware missed by a NIS full system scan. During your MBAM installation, decline the 15-day trial offer to use the advanced Pro features, since you don't want to activate the real-time protection mode in MBAM during the trial period. MBAM might find some old registry entries and PUPs (potentially unwanted programs), which are often just inert files on your hard drive left over from uninstalled toolbars, etc., and these types of detections often aren't a cause for concern.
Are you certain the 0x00003f4 error you're getting is a Norton error? This looks similar to the format of many Windows errors.
Just FYI, Trojan.Gen.2 and Trojan.ADH.2 are generic heuristic detections Norton products will flag if they see any sort of suspicious behavior and don't recognize the name of the executable file. If you look in your security history (click the HIstory link on the main window of your Norton product) and click on More Details, you might be able to see the file name and path where the suspicious file is located. Links for submitting suspicious files to Symantec for analysis can be found here in Tony Weiss' post How to Troubleshoot a Suspected Malware Infection.
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 22.214.171.124 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
12-01-2011 03:10 PM
Imacri: Thank you for your reply, I appreciated. Unfortunately I need additional help!.
My first talk on an infection was that even when I understand the MS Firewall and Windows defenders should be disabled, they also should be able to run and allow you to decide if you want to activate them or not. That was not possible, the application did not run at all and sent a message they could no be execute. The same was occurring with my Norton Internet Security, and yes I'm sure about the error message, I wrote it. I was not able to execute an Scan.
Yesterday I ran Malware bytes, initially in Secure Mode with Network. After some time to run, it was stopped and an application call Privacy Protection start running. I knew that was not good, and I restarted my desktop. Then I initiate in Secure Mode only and started running Malware Bytes. It finished and detected and cleaned: backdoor.0Access, Trojan.fakealert (Privacy), Malware trace and backdoor.Agent.
As a second step, I try to run again Norton Internet Security in Secure Mode. This time the application start running a full scan and ended. Unfortunately it also detected a lot of infected files, something about 140. The first detection was w32.spyrat but most of the files were indicating different types of spyware-Keyloggers, maybe 8 or 10 different. For the moment I remember other like Halt.exe. I will add the list as soon I get it.
Of course I'm very concern right know about the level of infection or attack my desktop is having. In Secure Mode, Norton Internet Security did not started automatically (not showed on the bottom right menu), I don't know if this is normal or is because it was disabled. Also I would like to understand why the Product did not avoid the infection even when the signatures update is setup to be automatically, and the firewall was activated with no important rule exceptions? Is there a possibility that the spyware sent information out of my desktop?
I will need to continue with the cleansing of my system, what can I do? How I will know when the system is clean? It looks like the attack disabled my antivirus and the corresponding firewall, how can I reactivated? Need a reinstall? Can a system restore dated let say a couple of weeks ago stop the issue?
12-01-2011 03:55 PM
At this point, IMHO it is best to refer you to the recommended forums, where a real malware expert can work with you one-on-one in real time to dig these things out. Some of our best folks here have checked them out to make sure that they are capable, and competent to deal with rootkits and other nasties. Most of them handle tricky Windows problems as well.
Just sign up for one of their free accounts--where required--and go to the forums; don't click on any of the ads! Note that some of these forums (like bleepingcomputer) require that once they begin working with you, you not consult any other sources on your infection until it's resolved--and will close your case if you do. This is important, to avoid confusion (and really bad outcomes) resulting from trying to follow several people's advice at once! LOL
Good luck, and please let us know how it turns out!