United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
pasie17
Visitor
pasie17
Posts: 4
Registered: ‎06-02-2012
Accepted Solution

Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-02-2012 10:03 AM

Hi, i am having a serious problem with a virus on my computer. I have Norton anti virus 2012 and two trojans   called 80000000.@ hacktool.rootkit and 80000032.@ trojan.gen 2 keeps attacking my computer no matter how many times it is blocked. It seems as f norton is not able to get rid of the virus therefore it always reappears. Is anyone aware of why this happening so that I can fix my computer? Thank you. 

Report Inappropriate Content
Message 1 of 12 (2,082 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-02-2012 01:34 PM

Don't touch it I will get to you in the line of others.

 

Quads

Report Inappropriate Content
Message 2 of 12 (2,067 Views)
0 Kudos
shannons
Posts: 10,669
Topics: 44
Kudos: 104
Solutions: 7
Registered: ‎01-07-2009

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-03-2012 02:07 PM

Moved: http://community.norton.com/t5/Norton-Internet-Security-Norton/80000032-trojan-gen-2-and-80000000-hacktool-rootkit-being/m-p/731012#U731012

Moved to own message for better exposure.

Report Inappropriate Content
Message 3 of 12 (1,926 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-03-2012 05:24 PM

pasie17 are you still there??

 

Quads

Report Inappropriate Content
Message 4 of 12 (1,955 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-03-2012 09:42 PM

I see you have appeared online

 

Download OTL   hxxp://oldtimer.geekstogo.com/OTL.exe   (change the hxxp to http) save it to your Desktop.

Double click on OTL.exe to run it.  Right click OTL.exe and select run as administator for Vista and Win 7.

 

Disable Norton for say 30 minutes

 

Start OTL,  

Click the Scan All Users checkbox.

Change file age to 60 days

under  Copy and paste what is below between the lines


 

msconfig
activex
drivers32
netsvcs
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
services.exe

/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

 

Press the 

 

 

An OTL.txt will be created.

 

Quads

Report Inappropriate Content
Message 5 of 12 (1,921 Views)
0 Kudos
Volunteer
Volunteer
Vineeth
Posts: 1,652
Registered: ‎07-31-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-04-2012 10:05 AM

Hi pasie17,

 

Please go to the quarantine folder and submit the detected file to Symantec. That will help the team to analyze the file.

 

-Vineeth

Report Inappropriate Content
Message 6 of 12 (1,856 Views)
0 Kudos
pasie17
Visitor
pasie17
Posts: 4
Registered: ‎06-02-2012

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-06-2012 11:05 AM

sorry I was unable to get back to you earlier but here is the OTL log that I got

Attachment OTL.Txt ‏481 KB
Report Inappropriate Content
Message 7 of 12 (1,671 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-06-2012 01:23 PM

You have the zeroaccess rootkit that involves services.exe.

We have to break the firstly break the CSLID.

 

What is the location of the files Norton is detecting,   for example   C:\Windows\installer.........

 

Quads

Report Inappropriate Content
Message 8 of 12 (1,652 Views)
0 Kudos
pasie17
Visitor
pasie17
Posts: 4
Registered: ‎06-02-2012

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-06-2012 11:29 PM

c:\Windows\installer\{4210416d-54a9-7e55-83b8-a5b90e1e8d09}\U\80000000.@

c:\Windows\installer\{4210416d-54a9-7e55-83b8-a5b90e1e8d09}\U\80000032.@

c:\Windows\assembly\GAC_32\Desktop.ini

c:\Windows\assembly\GAC_64\Desktop.ini

 

 

Report Inappropriate Content
Message 9 of 12 (1,607 Views)
0 Kudos
Quads
Bot Obliterator
Krazy Kiwi (Norton Users Discussion Forum)
Quads
Posts: 13,248
Registered: ‎07-21-2008

Re: Norton keeps blocking 80000032.@ trojan.gen 2 and 80000000.@ hacktool.rootkit

Options

‎06-06-2012 11:46 PM

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  •  Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Please read carefully at all times

 

Remember this takes steps to safely clean and check the system is clean.

 

Disable Norton for say 30 minutes

 

Start OTL,   under   Copy and paste the custom script attached which you open in for instance Notepad,(include the : at the start of :OTL and all the way to the end / bottom)  and run the script. (Red Run Fix Button)

 

The output log, should be placed in the C:\ _OTL folder after.

 

Quads

 

Quads

Attachment pasie17_script.txt ‏1 KB
Report Inappropriate Content
Message 10 of 12 (1,600 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+