Norton internet security full scan: Files scanned stays at 0

aka_gusgus · ‎07-14-2009

Norton Internet Security

15.0.0.60

Windows Vista

When I try to run a full system scan the total files scanned stays at 0. I tried updating and running the scan in safe mode but nothing is found. I tried updateing to 2009 but the file won't load due to what it calls a Communication Error. Google serch results are rerouted when I try to access then.

Any suggestions?

delphinium · ‎11-21-2008

Hi Aka_gusgus:

Let's get you to download Malwarebytes to begin with to see if we can help with something simple first.

http://www.malwarebytes.org

Please post the log via the "add attachment" link you will find just below the post button

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

aka_gusgus · ‎07-14-2009

I tried pasting the link inot my browsers (Firefox and Explorer) with the result of neither of them finding the site. Explorer calls the link broken and firefox says trhe site is not found.

aka_gusgus · ‎07-14-2009

This may halp too? In my task manager there is a process being run from a tmp file.

file name1732530676.tmp

Quads · ‎07-21-2008

Hi

Download GMER to your desktop, http://www.gmer.net/ Right Click and Run as Administrator if running Vista

Then do a scan, and save the log,

Post the log back here.

Quads

huwyngr · ‎04-13-2008

You are in the hands of two very experienced people here on problems like this so "stay tuned"!

I think I would be correct in saying that the messages you get when you tried to get the malwarebytes download are in themselves symptomatic of a malware invasion since some of them do everything they can to stop you downloading, or if you have it already, from starting it! Sneaky!

I downloaded the new update to 1.39 that came on-line yesterday with no problems and I tried that URL and it worked fine just now.

Just so you have an idea what is going on.

Hugh

aka_gusgus · ‎07-14-2009

Thank you all for your help and encouragment!

I downloaded GMER. It stopped running every time it hit the divice section so i restarted and skipped that for now.

delphinium · ‎11-21-2008

Hang in there for a bit Aka_gusgus:

You have an MSIVX rootkit. They have been coming out pretty nicely. Don't do anything else with it for the time being. Quads is our malware guru, and he will be along with tools and instructions.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

Quads · ‎07-21-2008

Hi

Now (read carefully) If you have Spybot S&D uninstall it.

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

1. Download Avenger to your desktop,

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop

2. Click to run "Avenger.exe" (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines

Drivers to disable:

MSIVXserv.sys

Drivers to delete:

MSIVXserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\System32\drivers\MSIVXwgbxrqlqqipaqtwespfdgkiiljlsgfll.sys

C:\WINDOWS\System32\MSIVXifhpfbiprwumeaughxutgbrowgpixhwp.dll

C:\WINDOWS\System32\MSIVXpnakuhirgjwdvakmbgcipfpfbjfjtpqk.dll

C:\WINDOWS\System32\MSIVXcount

C:\WINDOWS\temp\1732530676.tmp

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX

Here is a screenshot (script updated since shot)

Make sure the "Automatically disable any rootkits found" is NOT selected

4. Click "Execute"

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

5. Restart the PC again, then see if you can install Update and run Malwarebytes

Quads

TMDaines · ‎07-13-2009

delphinium wrote:
Hang in there for a bit Aka_gusgus:

You have an MSIVX rootkit. They have been coming out pretty nicely. Don't do anything else with it for the time being. Quads is our malware guru, and he will be along with tools and instructions.

I wish I had an MSIVX rootkit instead of whatever else I have!