United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Regular Visitor
tragic82
Posts: 9
Registered: ‎09-02-2009

NIS 2009 disabled

Options

‎09-02-2009 06:10 AM

Hello, I hope I'm not being a complete idiot here, but I could really use some help. I believe my computer has become infected with some form of virus or malware. I am subscribed to NIS 2009, but this has stopped working, following an my accidental opening of a pop-up... Although the icons for Live Update and NIS 2009 can still be found in my programs list, they do not launch when clicked. Alongside this, system tools such as disk defrag and system restore refuse to operate. I have run anti-malware software (Malwarebyte's Anti-Malware) which discovered some infected files and removed them. The problems have persisted. I have also run online malware scanners which failed to find a problem, and repeated uses of Anti-Malware have not uncovered any further infected files. Any help would be greatly appreciated! Thank you.
Report Inappropriate Content
Message 1 of 18 (5,182 Views)
0 Kudos
Norton Fighter
Norton Fighter
mdturner
Posts: 5,308
Registered: ‎04-11-2008

Re: NIS 2009 disabled

Options

‎09-02-2009 06:33 AM

Welcome to the Norton Community

 

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan, as well as any other antimalware program you may have installed on your PC.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and then scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Report Inappropriate Content
Message 2 of 18 (5,170 Views)
0 Kudos
Regular Visitor
tragic82
Posts: 9
Registered: ‎09-02-2009

Re: NIS 2009 disabled

Options

‎09-02-2009 06:43 AM

thanks for your help, here's the SysProt log
Attachment SysProtLog.txt ‏40 KB
Report Inappropriate Content
Message 3 of 18 (5,160 Views)
0 Kudos
Norton Fighter
Norton Fighter
mdturner
Posts: 5,308
Registered: ‎04-11-2008

Re: NIS 2009 disabled

Options

‎09-02-2009 06:48 AM

You appear to have a rootkit infection on your system. I will pass your deatils on to someone who will be able to assist with removal. In the meantime please do not attempt cleanup yourself as often this can make thngs worse.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Report Inappropriate Content
Message 4 of 18 (5,152 Views)
0 Kudos
Regular Visitor
tragic82
Posts: 9
Registered: ‎09-02-2009

Re: NIS 2009 disabled

Options

‎09-02-2009 07:11 AM

thank you very much, I'll try not to do anything too stupid in the meantime!
Report Inappropriate Content
Message 5 of 18 (5,145 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 disabled

Options

‎09-03-2009 03:48 PM

Hi

 

I have sent you a personal Message, look for the Yellow Envelope near the upper right hand corner.

 

Quads 

Report Inappropriate Content
Message 6 of 18 (5,048 Views)
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 disabled

Options

‎09-04-2009 01:02 PM

Hi

 

Continuation of Stage 1,  File removal  (same program to continue step 1)

 

Now the registry entries will be greyed out I think, will get them later.

 

Tick (check) these entries (little square box beside each entry) Only the entries below, not the others

 

C:\WINDOWS\system32\rotscxlsrttimm.dll
C:\WINDOWS\system32\rotscxbnrjlksr.dat

C:\WINDOWS\system32\drivers\rotscxkdulrscp.sys
C:\WINDOWS\system32\rotscxamryfwxi.dll
C:\WINDOWS\system32\rotscxdvblovrb.dat


Then click the Clean items button

Follow the prompts to remove them and restart your computer.

After reboot, a dialog box displays the files you selected for removal and the action taken.

 

Step 2 after  Once I know that is completed

 

Quads 

Report Inappropriate Content
Message 7 of 18 (5,015 Views)
Regular Visitor
tragic82
Posts: 9
Registered: ‎09-02-2009

Re: NIS 2009 disabled

Options

‎09-05-2009 08:55 AM

I've cleaned those files and rebooted, Norton appears to be functioning normally now. However,  I'm assuming there are still some issues to deal with, so onto Stage 2 I guess?
Report Inappropriate Content
Message 8 of 18 (4,954 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: NIS 2009 disabled

Options

‎09-05-2009 11:37 AM

Hi

 

Step 2. Detect - Delete any buddies
 
Download, Install, Update the definitions and run a Full Scan with Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/

By the way did you already have Norton install and everything running Ok before you got infected??
 
There could be a step 3 depending on what happens 


Quads  

Report Inappropriate Content
Message 9 of 18 (4,933 Views)
0 Kudos
Regular Visitor
tragic82
Posts: 9
Registered: ‎09-02-2009

Re: NIS 2009 disabled

Options

‎09-05-2009 03:17 PM

yes, NIS was installed and running normally before the infection. I have run a full scan with Malwarebytes, I'll attach a logfile of what it found.

Attachment mbam-log-2009-09-05 (23-16-10).txt ‏1 KB
Report Inappropriate Content
Message 10 of 18 (4,906 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+