Norton staff using remote access.

mark56 · ‎08-27-2012

I work as a member of the Malware Removal Staff at TSG and have just come across some suspicious activity that an OP experienced when using the Norton Uninstall Tool.

Please see post 20 of this thread to see what the OP experienced: http://forums.techguy.org/virus-other-malware-removal/1062567-fbi-warning-splash-screen-virus-2.html...

This has never happened in the past so I wanted to be sure if the remote access is now normal procedure when running the Uninstall Tool.

Your advice will be most appreciated.

peterweb · ‎04-17-2008

mark56 wrote:
I work as a member of the Malware Removal Staff at TSG and have just come across some suspicious activity that an OP experienced when using the Norton Uninstall Tool.

Please see post 20 of this thread to see what the OP experienced: http://forums.techguy.org/virus-other-malware-removal/1062567-fbi-warning-splash-screen-virus-2.html...

This has never happened in the past so I wanted to be sure if the remote access is now normal procedure when running the Uninstall Tool.

Your advice will be most appreciated.

The OP was not using the Norton Removal tool in this case. From what I see in post 20, it was the Norton Support Tech that remoted into the user's computer and used the Norton Removal tool. The user initiated the online support session with Norton. "I actually had to go online with Norton and let a technician do remote access on my computer"

The Norton Removal tool does not initiate a remote session when downloaded and run by a user.

Things happen. Export/Backup your Identity Safe data.

mark56 · ‎08-27-2012

Thank you for such a fast reply, I appear to have misunderstood what the OP was telling me, but will check that with them.

The OP had run the tool but got stuck and is still left with Norton remnants on the system, so would a reinstall, followed by an uninstall and then running the tool again be the best way to solve the problem? Or can the remaining files simply be deleted with no ill effect?

peterweb · ‎04-17-2008

Like yourself, we are mostly volunteer users trying to help. The Norton employees names are in red.

I'm not sure what remnants are left ( those log files are foreign to me), or what the NRT removes.

One thing to check, see if the user is using a version from Comcast or his ISP.

Have the poster go to www.norton.com/nrt to get the download again. That should allow the user to choose the correct version and will probably end up in the same place you sent them.

If that still leaves remnants you are not happy with, post back and we will get this community on it.

Things happen. Export/Backup your Identity Safe data.

mark56 · ‎08-27-2012

I'm going to get the OP to run another scan so we can make quite sure what is left on the system.

The link you have just given goes to the same place used in the link I gave the OP to download the tool and is the correct tool for his version of Norton. Norton Internet Security 2011.

The OP had stated earlier in the thread that:

When the computer rebooted after the Norton Uninstaller, it opened up a webpage
saying something that led me to believe not everything was uninstalled and asked
me to select my product for further instructions.

He ran the tool again and when a staff member had the remote link they both ended up with the same result. I have no idea what those further instructions may have been.

I shall report back when I know what the remnants are but at the moment it looks like being these:

Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application
Launcher;c:\program files (x86)\Norton PC
Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-08-17 123320]

PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC
Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]

scarfy · ‎06-20-2012

peterweb wrote:
Like yourself, we are mostly volunteer users trying to help. The Norton employees names are in red.

I'm not sure what remnants are left ( those log files are foreign to me), or what the NRT removes.

One thing to check, see if the user is using a version from Comcast or his ISP.

Have the poster go to www.norton.com/nrt to get the download again. That should allow the user to choose the correct version and will probably end up in the same place you sent them.

If that still leaves remnants you are not happy with, post back and we will get this community on it.

I think it need not matter what it is chosen since the same file is downloaded (all the links to NRT is the same in all the choices). The only difference i instructions of how to proceed after the program is uninstalled.

Bring back the ability to store passwords locally on the PC in Norton 2013 products | Add the ability to turn off "share" in the Norton 2013 products or remove share altogether | Malware on your PC? Keep calm wait for forum member "Quads" to respond. Do NOTHING else. See for more information. | Did you know you can upgrade your Norton products for FREE if your subscription is valid?

scarfy · ‎06-20-2012

mark56 wrote:
I'm going to get the OP to run another scan so we can make quite sure what is left on the system.

The link you have just given goes to the same place used in the link I gave the OP to download the tool and is the correct tool for his version of Norton. Norton Internet Security 2011.

The OP had stated earlier in the thread that:

When the computer rebooted after the Norton Uninstaller, it opened up a webpage
saying something that led me to believe not everything was uninstalled and asked
me to select my product for further instructions.

He ran the tool again and when a staff member had the remote link they both ended up with the same result. I have no idea what those further instructions may have been.

That is normal. After running the NRT a web page will open up telling you how to re-install the products. Plus, it never hurts to re-run the tool. The Norton Removal Tool is always "dirty" and can leave remains. Therefore, I usually don't use the tool as a means of uninstalling the product. I use the "add / remove" option, reboot, and then run the tool.

You can run the tool on your machine (if you don't use Norton it won't do anything) and it will bring up the same page.

Bring back the ability to store passwords locally on the PC in Norton 2013 products | Add the ability to turn off "share" in the Norton 2013 products or remove share altogether | Malware on your PC? Keep calm wait for forum member "Quads" to respond. Do NOTHING else. See for more information. | Did you know you can upgrade your Norton products for FREE if your subscription is valid?

ALiasEX · ‎03-21-2010

Those files don't belong to NIS2011 but to Norton PC Checkup. From the NRT page it looks like it might not be coded for removal of PC Checkup.

They should check Add/Remove to see whether it is still installed. It does not provide realtime protection so should not conflict with other security software.

mark56 · ‎08-27-2012

Thank you for all the additional information, I think I can say this thread is now resolved.

peterweb · ‎04-17-2008

scarfy wrote:
I think it need not matter what it is chosen since the same file is downloaded (all the links to NRT is the same in all the choices). The only difference i instructions of how to proceed after the program is uninstalled.

The only time it would really matter is if the user has a Comcast version. The NRT for the Norton supplied product would not work for the Comcast version.

Things happen. Export/Backup your Identity Safe data.