United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Samuelhsl
Visitor
Samuelhsl
Posts: 4
Registered: ‎08-18-2009
Accepted Solution

NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-19-2009 02:33 AM

Hi,

 

Apparently, my computer is infected with Trojan virus as NIS auto detect and shows an alert on the right-hand corner.

NIS can only block the virus but not removing it.

 

My NIS 2009 is able to start a full system scan, but stays stagnant at "Scanning commonly infected areas and start-up files...", showing 0 item scanned. The full system scan cannot be stopped and closed until I click end task in task manager.

 

I tried starting my computer in safe mode and the full system scan is only able to complete scanning around 1000 files.

 

I have also tried the GMER scan and the log is attached. Can this be resolved through Avenger tool?

 

 

Sam

Attachment GMER scan.log ‏20 KB
Report Inappropriate Content
Message 1 of 9 (4,139 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-19-2009 11:16 AM

Hi

 

I have sent you a PM (Personal Message)

 

Quads 

Report Inappropriate Content
Message 2 of 9 (4,097 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-19-2009 10:43 PM

Hi

 

You have 2 sets of "kbiwkm"

 

Stage 1,  File removal

 

Now the registry entries will be greyed out I think, will get them later.

 

Tick (check) these entries (little square box beside each entry)

 

C:\WINDOWS\system32\drivers\kbiwkmqmdoqvty.sys

C:\Windows\System32\drivers\kbiwkmorblcipi.sys 

C:\WINDOWS\system32\kbiwkmausvdkiv.dll

C:\WINDOWS\system32\kbiwkmvfoxkqmi.dll

C:\WINDOWS\system32\kbiwkmxmsxkcti.dll

C:\WINDOWS\system32\kbiwkmrvfvmonb.dll

C:\WINDOWS\system32\kbiwkmvsffippe.dat

C:\WINDOWS\system32\kbiwkmlhvmwbkw.dat

C:\WINDOWS\system32\kbiwkmnejtbote.dat

C:\Windows\System32\kbiwkmgwpbficv.dat 

C:\WINDOWS\Temp\kbiwkmujwiigiqqf.tmp

C:\Windows\Temp\kbiwkmrsetxruuqe.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmduldisgogo.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmnxgdepduhi.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmlmnoqabipv.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmydiclivggl.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmaualbnbwep.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmyoqgewbseb.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmnpjceoeyoo.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmyaetlgdpuy.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmeoqloftqkj.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmppxlwehnvq.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmesnuujtaxw.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmegntffrrcu.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmahhntgcndg.tmp

C:\Users\Samuel\AppData\Local\Temp\Low\kbiwkmdhbotedrqi.tmp 

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kbiwkmtfbytdwxlt.tmp

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kbiwkmxdeemieppo.tmp

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kbiwkmnpjrvwdfvh.tmp

C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\kbiwkmsluadxppoq.tmp 


Then click the Clean items button

Follow the prompts to remove them and restart your computer.

After reboot, a dialog box displays the files you selected for removal and the action taken.

 

 

Quads 

Report Inappropriate Content
Message 3 of 9 (4,045 Views)
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 12:32 AM

Hi

 

Where have you gone??

 

Quads 

Report Inappropriate Content
Message 4 of 9 (3,973 Views)
0 Kudos
Samuelhsl
Visitor
Samuelhsl
Posts: 4
Registered: ‎08-18-2009

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 12:41 AM

Hi,

 

Sorry for the late reply, i have a project to do yesterday. 

 

I've removed all the items as per your intructions, except for these two items, which i can't find.

 

C:\\WINDOWS\Temp\kbiwkmujwiigiqqf.tmp

C:\\Windows\Temp\kbiwkmrsetxruuqe.tmp

 

Sam

Report Inappropriate Content
Message 5 of 9 (3,966 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 12:50 AM

That's OK somethimes that happens with .tmp files

 

Now Download, Install, Update the Definitions and run a Full Scan with Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/

 

To get any of it's buddies, before getting the registry entries.

 

Quads 

 

 

Report Inappropriate Content
Message 6 of 9 (3,960 Views)
0 Kudos
Samuelhsl
Visitor
Samuelhsl
Posts: 4
Registered: ‎08-18-2009

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 03:24 AM

Ok, scan completed, no infection was found.

 

Sam

Report Inappropriate Content
Message 7 of 9 (3,928 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 12:05 PM

 

Hi

 

 

If you have Spybot S&D installed remove it 

 

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

 

1. Download Avenger to your desktop,

 

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

OR Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

 

3. In the "Input script here:" copy and paste the script between the lines

 

Drivers to disable:

kbiwkmocupyeun

kbiwkmxxpqvqxi

 

Drivers to delete: 

kbiwkmocupyeun

kbiwkmxxpqvqxi

 

Files to delete:

C:\WINDOWS\system32\drivers\kbiwkmorblcipi.sys

C:\WINDOWS\system32\drivers\kbiwkmqmdoqvty.sys

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmxxpqvqxi 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmxxpqvqxi 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmxxpqvqxi 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\kbiwkmxxpqvqxi  

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\kbiwkmxxpqvqxi

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmocupyeun 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmocupyeun 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmocupyeun 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\kbiwkmocupyeun  

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\kbiwkmocupyeun

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\kbiwkmocupyeun 

 

 

Here is a screenshot (script updated since shot)

 

Avenger.jpg

 

Make sure the "Automatically disable any rootkits found" is NOT selected

 

4. Click "Execute"

 

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

 

Quads 

 

Report Inappropriate Content
Message 8 of 9 (3,897 Views)
Samuelhsl
Visitor
Samuelhsl
Posts: 4
Registered: ‎08-18-2009

Re: NIS 2009 Full System Scan Stays Stagnant, Cannot Remove Virus

Options

‎08-21-2009 07:57 PM

Thank you so much.

It worked, and Norton is now able to perform a full system scan.

 

Thx for helping.

 

Sam

Report Inappropriate Content
Message 9 of 9 (3,865 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+