07-11-2010 05:30 AM
[Windows XP, Norton Internet Security 2009]
So I am pretty sure I have accidentally downloaded myself a virus.
Whenever I start up my computer, within minutes, a Norton Internet Security 'One Click Support, Step by Step' window pops up, informing me "Error: Your email message to [email address of recipient] with the subject [email subject] was unable to be sent..." (1003,9) with a Norton 2009 product installed." It proceeds to tell me that if I'm not sending any emails at the time, it probably means my computer is infected. Of course, I'm not sending any emails. Furthermore, I can't seem to close this One Click Support window no matter what I do.
Another thing that happens is that quite swiftly, and inevitably, the problem multiplies: at the top right hand of the popup, it grows and grows from 'Page 1 of 1,' until after about an hour, I find myself with something ridiculous like 'Page 1 of 3000.'
What's even more annoying is that it clogs up my systray with this little icon of an envelope/email; every time another 'page' is added to my ever-increasing number, another little envelope icon appears in my tray. The number of envelope icons in my tray constantly flickers, fluctuating rapidly in number, increasing and decreasing.
Oddly, I run full system scans every time I use my computer now. Invariably, within a few minutes of beginning my scan, it informs me that it has detected and resolved one problem - something like 'Tracking cookies fully resolved.' However, the results of my scans are inconsistent. Sometimes I will come up with nothing more than the tracking cookies result after a full scan. Other times, it detects a Trojan, and tells me it is also fully resolved. Other times, it informs me that w32.pilleuz has also been resolved. Rarely, it informs me that it has detected about six different threats and resolved them all - tracking cookies, two different types of Trojans (Backdoor.Trojan and Trojan.Gen), Adware.lop, and w32.pilleuz.
So I googled roughly what I should be doing about w32.pilleuz and half-followed the instructions (I deleted the registry it made on my computer, but couldn't locate the malicious files supposedly dropped by it). Since then, w32.pilleuz hasn't been picked up by any full system scans, but the trojans and adware.lop still are.
So my question is this: what should I be doing? The One-Click-Support popup problem still persists, along with its associated systray spammage. Any help would be greatly appreciated.
07-11-2010 08:59 AM
Please download and run the Norton Power Eraser from here. Review the errors / files it wants to fix the make sure there is no system files it wants to delete. You can post a screen shot here, if you like, for review by others, if you have a question about the files the NPE finds.
After using the NPE, boot your system into Safe Mode (tap F8 when starting the system until the Advanced Startup Menu is shown and select Safe Mode (no command or network) and press ENTER). Once the system is booted into Safe Mode, run a full system scan by double clicking on your NIS2009 desktop Icon. Let us know the results.
07-11-2010 10:35 PM
first off, thanks for your help
anyway, I downloaded the Power Eraser (which I've NEVER heard of before - Norton should advertise it more) and ended up with the screenshot attached. Since I don't really know anything, I've attached a screenshot of what the search came up with (well, three screenshots).
edit: oops, turns out the 'Attachments' option is for text type files only. I hope you guys don't mind imageshack..
Screenshot of my PowerEraser scann results: http://img3.imageshack.us/gal.php?g=powereraser.jp
I hope this is helpful in your aiding me, thanks
07-11-2010 11:17 PM - edited 07-11-2010 11:18 PM
Run the NPE again and have it fix the files it finds (I viewed the screen shots). Reboot your system and then Run a MalwareBytes scan.
Please download MalwareBytes' AntiMalware from this LINK . Choose the free version as this does not have a real time scanner that will interfere with Norton products. Install the program and update the definitions.
Once MBAM is loaded, run a full scan with it. Have the program fix / delete whatever it finds and make a log file. Please post the log file contents or attach the log file to a reply post here for review.
07-12-2010 04:56 AM
So I ran the NPE, it fixed the files, then I rebooted and ran the MalwareBytes scan, and got it to fix all 32 infected thingos that came up. I've attached the log file for you to review - I sure hope this is possibly near the end of the whole removal process.
By the way, the One-Click-Support popup has stopped popping up, so I suppose that's good
thanks for your help
07-12-2010 07:21 AM
If you haven't already done the following then do :
Delete the Temporary files on your system (Go to RUN and type in %temp% and hit ENTER. Then click on any file in the righthand side of the explorer window that opens and press CTRL and A (shortcut for select all), then press Delete).
Empty the Recycle Bin on the desktop.
Delete all System Restore points by turning System Restore off. Let the system delete the old restore points and then turn System Restore back ON.
Run a full system scan with Norton and MBAM.
Let us know the results. Thanks for hanging in there; I think we are close to finished.
07-12-2010 12:33 PM
This thread reminded me of when I came across when the list of objects is longer than the Windows and asking for a screenshot which won't show all listed, so 2, 3, 4, or more screenshots is required.
I did try a couple of things but they didn't work.
Then, I had the idea of having a "Copy Scan Results to Clipboard" button at the "Scan Complete" list.
This would allow the user to quickly paste the list into a forum message, Notepad or any other program likely (Word etc.)
Also include the File path or Registry information so that it can be seen where the object is located, or registry entry.
07-12-2010 04:43 PM
In NIS2011 (can't remember if 2010 has it) if you click the little button on the upper right hand side in screenshot below of a quarantine entry.
This is the result of the pasting
You can do the same in other areas on the History