new.i4 downloader new threat

gentlemanJim · ‎08-02-2010

c:\windows\system32\641053205\new.i4

____________________________

On computer as of

8/1/2010 at 12:45:06 PM

Last Used:

8/1/2010 at 12:45:06 PM

Startup Item: No

Launched: No

____________________________

Very Few Users

Fewer than 10 users in the Norton Community have used this file.

____________________________

High

This file risk is high.

____________________________

Threat Details

Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

____________________________

Origin

Downloaded from Not Available

____________________________

URL Not Available

UNTESTED

Source

new.i4

____________________________

File Actions

File: c:\windows\system32\641053205\new.i4

Blocked

____________________________

File Thumbprint:

b143d582d15745fc2b3f03d4dd253d069926ae3f1d09f1b55650a0438e6fa6fb

____________________________

As you can see below Norton BLOCKS it, but in 2 days I have had 95 pop-up messages about this virus. It says that less then 1 users have used it. It stops the execution of some programs, stops me from using restore. slows down the computer,

I saw on another forum for another virus protection, that others have already run into this same thing.

Any advice on how to get rid of it would be appreciated.

c:\windows\system32\641053205\new.i4________________________________________________________On computer as of8/1/2010 at 12:45:06 PMLast Used:8/1/2010 at 12:45:06 PMStartup Item: NoLaunched: No________________________________________________________Very Few UsersFewer than 10 users in the Norton Community have used this file.____________________________HighThis file risk is high.____________________________Threat DetailsPrograms that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.____________________________Origin
Downloaded from Not Available____________________________URL Not AvailableUNTESTED
Sourcenew.i4____________________________File ActionsFile: c:\windows\system32\641053205\new.i4Blocked____________________________File Thumbprint:b143d582d15745fc2b3f03d4dd253d069926ae3f1d09f1b55650a0438e6fa6fb____________________________

Self taught, non-geek

Quads · ‎07-21-2008

Norton continually blocking the creation of the file over and over, probably means that there is something else running in the background that is attempting to create the file (or files) but Norton keeps blocking this.

But Norton is not detecting the other file(s), Probably something along the lines of a Rootkit or a Vundo variant.

Quads

gentlemanJim · ‎08-02-2010

Thanks Quads, but what should I, or could I do to find whatever it is?

On the other forum, they suggested running regedit and msconfig, but msconfig will not open just as some other executable files will not open. Regedit will open, but that is dangerous territory as you know. I have made some corrections in the past, but not without step by careful step on what to do.

Also, upon bootup, the computer does not load explorer.exe, so none of the desktop or task bar loads. I have to run Windows task manager and add NEW TASK ( explorer.exe) to get the desktop and task bar to load.

Self taught, non-geek

floplot · ‎04-11-2009

Hello gentleman_Jim

Welcome to the Norton Community Forum.

Would you please tell us what Norton product you have installed now and what version is it? What operating system and service pack are you running?

What Forum are you referring to when you said the "Other Forum"?

Success always occurs in private and failure in full view.

gentlemanJim · ‎08-02-2010

Hello floplot,

I am running Windows XP service pack3 The other forum is at http://forum.kaspersky.com/lofiversion/index.php/t154256.html I assume they are a security software company from what I can see.

My version is:

Norton Security Suite

Version: 4.2.0.12

I really appreciate your help.

Self taught, non-geek

floplot · ‎04-11-2009

Hello gentlemanJim

I would recommend visiting one of the remediation sites that can help you clean up your computer. Please see if you can connect to one of these sites and sign up with one of them and put the name of that threat in the subject line. BleepingComputer is good, but you will probably have to wait a while until they get to you.

Please go to one of these free Forums for help in removing your bad malware or rootkits.

http://www.bleepingcomputer.com
http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

Please visit the sites and pick one of them to sign up with. They will be able to help you most likely, but you may also need to have another computer and a flash drive handy most likely. Please give us a progress report and let us know who you sign up with. Thanks.

Success always occurs in private and failure in full view.

gentlemanJim · ‎08-02-2010

I'm a happy camper! I git it fixed! First I tried to register with one of the sites you recommended and after several failed attempts with a message that said another user has that name, then another user has that email address, I gave up. So I went back to the site I earlier mentioned:t http://forum.kaspersky.com/lofiversion/index.php/t154256.html and carefully read what was suggested as a fix by a member there, They suggested downloading ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe and run it to remove any and all malware, spyware and viruses found. But first I had to rename the exe file of combofix as suggested, so the virus would not interupt it and not let it run. It took about 20 minutes for ComboFix to scan the whole drive. It removed all suspicious files after doing a restore point for me. It also had me download a Microsoft program (RESTORE) directly form Microsoft. All this with basically about 3 mouse clicks from me.

ComboFix then rebooted my computer and it booted normally. But ComboFix was not done, it then made a log file of everything it removed.

Everything that would not work before is now working fine and with normal speed.

So if anyone runs into this new.i4 downloader that Norton was constantly blocking, I highly recommend this tool ( comboFix.

I sincerely thank you for the help and suggestions given.

Self taught, non-geek

Quads · ‎07-21-2008

It is not advised to use Combofix unless supervised, even the program creators state this.

People who have had problems after using Combofix can attest to this, they don't ask for help until after Combofix has been used causing a continually reboot or other Windows problems.

I have had to help people in the past after guiding them though using Combofix with script, then I have to fix the problems Combofix caused after to Windows.

Quads