Hi welcome to Norton Community

Please update your product and run a full system scan.

Change norton earl load to Agressive.

 

 

 

 

http://www.ipillion.com/ip/115.163.188.181

 

here are details on the ip adress

 

 

 

I am not a professional my self but their may be threat/rootkit in your system so if you want to be on the safer side I suggest you use one of these forums to get expert help.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

 

These Links were suggested by   "Delphinium"

 

You  may as well wait for the "GURUS" in this forum as they may have valuable information/Advice.

Hi Akuji,

 

you can read more about that detection here: http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23179

As I see this infection affects mostly Windows XP SP1 and SP2. In XP Service Pack 3 the security whole in Windows has been fixed.

 

What you should do is:

1. First run Live Update manually to get all the latest virus definitons and updates for your Norton product

2. Do a Full System Scan in Safe Mode (reboot, and during boot press F8 until you see a list, select Safe Mode, and hit enter)

3. If you are clean now, plese check if the Security Update for Windows XP (KB958644) is installed on your machine.

4. Run Windows Update as well to get all the latest updates for your Windows (install all Service Packs as well)

5. If you use an older Norton product (2006-2010), please go to the Norton Update Center to get the latest version, it is a free update

 

 

Here are the steps for the Norton product update:

1. Backup your Identity Safe data
2. Download latest Norton product you have from the Norton Update Center: www.norton.com/nuc
3. Download Norton Removal Tool: www.norton.com/nrt
4. Disconnect from internet
5. Remove your Norton product from Start Menu or from Control Panel -> Add or Remove programs
6. Reboot
7. Run the Norton Removal Tool, reboot (repeat it 2-3 times)
8. Install the latest Norton product
9. Run Live Update until you get no new updates
10. Restore your Identity Safe data

 

Let us know the results.

Hi,

 

Thanks for the reply. I'm currently on windows XP service pack 3.

 

Will be doin the safe mode scan latter. Hope everything is fine.

Hi, I have run in safe mode and NAV did not detect anything last week. However, now I have another problem. When I try to do a normal scan, I got a rundll error. Please refer to the attached. But when I scan in safe mode, no such error was prompt. Is the virus defination file corrupted or something?

Hi,

 

sorry cant seem to attached the document but the error message is :-

 

error loading c:\documents and settings\all users\application data\norton\ {0C55C096-0F1D-4F28-AAA2-85EF591126E7}\norton\definitions\virusdefs\20110103.033\cceraser.dll

 

Access is denied.

 

Please help. Thank you.

Can you please try to download and run a scan with the free version of Malwerbytes' AntiMalware or SuperAntiSpyware?

Hi

 

I install and scan in safe mode.

 

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org

Database version: 5470 Windows 5.1.2600

Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13 1/6/2011 11:25:00 PM

mbam-log-2011-01-06 (23-25-00).txt

Scan type: Full scan (C:\|)

Objects scanned: 221224 Time elapsed: 49 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected: (No malicious items detected)

Memory Modules Infected: (No malicious items detected)

Registry Keys Infected: (No malicious items detected)

Registry Values Infected: (No malicious items detected)

Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected: (No malicious items detected)

Files Infected: (No malicious items detected)

 

Did a search on the forum http://community.norton.com/t5/Norton-Internet-Security-Norton/pum-disabled-securitycenter-alert-in-...

 

So does this means there is no cause for concern?

 

I will do another normal scan to see if I still get the rundll error.

It means that Windows Security Center's regkey were modified by one of the programs you used, and Malwarebytes' fixed it, but nothing is infected.

 

If you get the Norton alert again, can you please check Task Manager what programs are running? If you notice anything suspicious, please let us know the program's name (filename).