Not what you were looking for? Ask our experts!
Reply
SPS
Visitor
SPS
Posts: 6
Registered: ‎07-18-2010

Norton Live Chat Support

Norton support led me to an online Live Chat  to resolve an issue.   Is this legit ?   Seemed strange that the first thing he wanted to do was gain remote access to my computer.

I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.

My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search.  His next best solution was hit "stop notifying me".

Super Spam Squasher
cgoldman
Posts: 2,929
Registered: ‎06-25-2008

Re: Norton Live Chat Support


SPS wrote:

Norton support led me to an online Live Chat  to resolve an issue.   Is this legit ?   Seemed strange that the first thing he wanted to do was gain remote access to my computer.

I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.

My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search.  His next best solution was hit "stop notifying me".


Probably. If you access live chat via the Norton interface "Get Support"  then you are talking to Norton, and it is common that they would want to look first hand at the problem. It is not clear in what you wote if you chat session was before or after receiving trojan.fakeav.

 

Do you get the problem now? Do you get the problem if you search for "test" or only a particular search string?

HAve you run a full scan. If so and for added comfort you could try downloading and scanning with the free malwarebytes.

Administrator
Venkat_J
Posts: 1,236
Registered: ‎06-16-2010

Re: Norton Live Chat Support

 


SPS wrote:

Norton support led me to an online Live Chat  to resolve an issue.   Is this legit ?   Seemed strange that the first thing he wanted to do was gain remote access to my computer.

I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.

My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search.  His next best solution was hit "stop notifying me".


 

Did the agent ask you for your permission before gaining access. Our chat support agents will seek your permission prior to establishing a remote connection. Additionally, you will need to accept some prompts from your computer before the connection is established.

 

Thanks,

 

Venkat Jammalamadugu
Norton Forums Moderator
Consumer Products and Solutions
Symantec Corporation

SPS
Visitor
SPS
Posts: 6
Registered: ‎07-18-2010

Re: Norton Live Chat Support

Thanks for your help.

Yes, he asked permission to gain access to my computer.     Not a chance I was going to allow it though.      I thought it would be prudent to double check with the forum, just in case fake Norton chat lines were known to exist. 

 

I don't think the Trojan.FakeAV is related to my issue, actually.    I got two warnings recently, but that was after the Google warnings started.    I have seen the FakeAV screen pop up a number of times in the past.   It is obviously fake.

 

I still get a warning that an attack attempt was blocked, every time I do any Google search,      A search finds that this has happened to others, but I have not found an explanation to why it is happening.     Without understanding if this is a real attack, I am hesitant to simply click on "stop notifying me".

 

 

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Live Chat Support

Hi SPS:

 

It might be best if you tatke a screen print of the intrusion by highlighting one entry, click more details, so that the path is visible, and then paste the screen print into Paint.  You will be able to insert it on your next post by using the little green tree in the reply editor.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
floplot
Posts: 10,576
Topics: 215
Kudos: 2,051
Solutions: 365
Registered: ‎04-11-2009

Re: Norton Live Chat Support

Hello SPS

 

Trojan.FakeAv is malware which needs to be removed from your computer. It belongs to a rogue antivirus program which will continuously try to download more malware into your computer and give you more symptoms of being infected. Trojan. FakeAv is definitely a real attack. Malware can cause the problems you are having with Google. You definitely need to get this malware removed from your computer.

Success always occurs in private and failure in full view.




SPS
Visitor
SPS
Posts: 6
Registered: ‎07-18-2010

Re: Norton Live Chat Support

FakeAV is gone.  

Full system scan found nothing but a tracking cookie. ( and its gone too, now )

See attached screenprint.     You can see I tried a few Google searches just after 5:00 today.  

I am running Windows XP.

 6661i7CC5EB05132E5DE7

Regular Contributor
g_cafe_c
Posts: 361
Registered: ‎07-12-2008

Re: Norton Live Chat Support

SPS,

 

Many or at least some readers may be interested to know how you cured or fixed your infection problem.

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Live Chat Support

My guess is that it is not cured.  It looks to me as though he has a rookit on his machine trying to get access rather than something trying to get in as this post indicates.  The other malware may have been removed for the time being, but the true problem is still there.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/CONSTANT-HTTPS-Tidserv-Request-Intrus...

 

 

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
floplot
Posts: 10,576
Topics: 215
Kudos: 2,051
Solutions: 365
Registered: ‎04-11-2009

Re: Norton Live Chat Support

Hello

 

If you look up one of the ip's shown in the screen shot, you will see that it comes from the Russian Federation and will also see items there listing BleepingComputer being involved in cleaning up and also other remediation sites involved. Take a look in Google and put in the ip and you will see what I mean.

 

Success always occurs in private and failure in full view.