Not what you were looking for? Ask our experts!
Reply
Contributor
gout
Posts: 16
Registered: ‎07-11-2010

one click support 1003,9: virus + ever-increasing popups

[Windows XP, Norton Internet Security 2009]

 

So I am pretty sure I have accidentally downloaded myself a virus.

Whenever I start up my computer, within minutes, a Norton Internet Security 'One Click Support, Step by Step' window pops up, informing me "Error: Your email message to [email address of recipient] with the subject [email subject] was unable to be sent..." (1003,9) with a Norton 2009 product installed." It proceeds to tell me that if I'm not sending any emails at the time, it probably means my computer is infected. Of course, I'm not sending any emails. Furthermore, I can't seem to close this One Click Support window no matter what I do.

 

Another thing that happens is that quite swiftly, and inevitably, the problem multiplies: at the top right hand of the popup, it grows and grows from 'Page 1 of 1,' until after about an hour, I find myself with something ridiculous like 'Page 1 of 3000.'

 

What's even more annoying is that it clogs up my systray with this little icon of an envelope/email; every time another 'page' is added to my ever-increasing number, another little envelope icon appears in my tray. The number of envelope icons in my tray constantly flickers, fluctuating rapidly in number, increasing and decreasing. 

 

Oddly, I run full system scans every time I use my computer now. Invariably, within a few minutes of beginning my scan, it informs me that it has detected and resolved one problem - something like 'Tracking cookies fully resolved.' However, the results of my scans are inconsistent. Sometimes I will come up with nothing more than the tracking cookies result after a full scan. Other times, it detects a Trojan, and tells me it is also fully resolved. Other times, it informs me that w32.pilleuz has also been resolved. Rarely, it informs me that it has detected about six different threats and resolved them all - tracking cookies, two different types of Trojans (Backdoor.Trojan and Trojan.Gen), Adware.lop, and w32.pilleuz. 

 

So I googled roughly what I should be doing about w32.pilleuz and half-followed the instructions (I deleted the registry it made on my computer, but couldn't locate the malicious files supposedly dropped by it). Since then, w32.pilleuz hasn't been picked up by any full system scans, but the trojans and adware.lop still are.

 

So my question is this: what should I be doing? The One-Click-Support popup problem still persists, along with its associated systray spammage. Any help would be greatly appreciated.

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: one click support 1003,9: virus + ever-increasing popups

Please download and run the Norton Power Eraser from here.  Review the errors / files it wants to fix the make sure there is no system files it wants to delete.  You can post a screen shot here, if you like, for review by others, if you have a question about the files the NPE finds.

 

After using the NPE, boot your system into Safe Mode (tap F8 when starting the system until the Advanced Startup Menu is shown and select Safe Mode (no command or network) and press ENTER).  Once the system is booted into Safe Mode, run a full system scan by double clicking on your NIS2009 desktop Icon.  Let us know the results.

Win7 x32 SP1
Contributor
gout
Posts: 16
Registered: ‎07-11-2010

Re: one click support 1003,9: virus + ever-increasing popups

first off, thanks for your help

anyway, I downloaded the Power Eraser (which I've NEVER heard of before - Norton should advertise it more) and ended up with the screenshot attached. Since I don't really know anything, I've attached a screenshot of what the search came up with (well, three screenshots).

edit: oops, turns out the 'Attachments' option is for text type files only. I hope you guys don't mind imageshack..

Screenshot of my PowerEraser scann results: http://img3.imageshack.us/gal.php?g=powereraser.jpg

 

I hope this is helpful in your aiding me, thanks

 

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: one click support 1003,9: virus + ever-increasing popups

[ Edited ]

Run the NPE again and have it fix the files it finds (I viewed the screen shots).  Reboot your system and then Run a MalwareBytes scan.

 

Please download MalwareBytes' AntiMalware from this LINK . Choose the free version as this does not have a real time scanner that will interfere with Norton products. Install the program and update the definitions.

Once MBAM is loaded, run a full scan with it. Have the program fix / delete whatever it finds and make a log file. Please post the log file contents or attach the log file to a reply post here for review.

Win7 x32 SP1
Contributor
gout
Posts: 16
Registered: ‎07-11-2010

Re: one click support 1003,9: virus + ever-increasing popups

So I ran the NPE, it fixed the files, then I rebooted and ran the MalwareBytes scan, and got it to fix all 32 infected thingos that came up. I've attached the log file for you to review - I sure hope this is possibly near the end of the whole removal process. 

By the way, the One-Click-Support popup has stopped popping up, so I suppose that's good

thanks for your help

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: one click support 1003,9: virus + ever-increasing popups

If you haven't already done the following then do :

 

Delete the Temporary files on your system (Go to RUN and type in %temp% and hit ENTER. Then click on any file in the righthand side of the explorer window that opens and press CTRL and A (shortcut for select all), then press Delete).

 

Empty the Recycle Bin on the desktop.

 

Delete all System Restore points by turning System Restore off.  Let the system delete the old restore points and then turn System Restore back ON.

 

Run a full system scan with Norton and MBAM.

 

Let us know the results.  Thanks for hanging in there; I think we are close to finished.

 

Win7 x32 SP1
Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: one click support 1003,9: virus + ever-increasing popups

This thread reminded me of when I came across when the list of objects is longer than the Windows and asking for a screenshot which won't show all listed, so 2, 3, 4, or more screenshots is required.

 

I did try a couple of things but they didn't work.

 

Then, I had the idea of having a "Copy Scan Results to Clipboard" button at the "Scan Complete"  list.

 

NPE.jpg 

 

 

This would allow the user to quickly paste the list into a forum message, Notepad or any other program likely (Word etc.)

 

Also include the File path or Registry information so that it can be seen where the object is located, or registry entry.

 

For instance,

 

svchost.exe       C:\WINDOWS\svchost.exe  

 

svchost.exe       C:\WINDOWS\system32\svchost.exe

 

Command       HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\ave.exe" /START "%1" %*

 

 

Quads

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: one click support 1003,9: virus + ever-increasing popups

Great idea!!!  I hope that is added because the XML log file right now is a little hard to read.

Win7 x32 SP1
Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: one click support 1003,9: virus + ever-increasing popups

In NIS2011 (can't remember if 2010 has it) if you click the little button on the upper right hand side in screenshot below of a quarantine entry.

 

6509iD6BBF7C7C31353B2

 

This is the result of the pasting 

 

 

c:\documents and settings\john\local settings\temp\3780515.exe
____________________________
____________________________
On computers as of:
11/07/2010 at 8:56:20 p.m.
Last Used:
11/07/2010 at 8:59:32 p.m.
Startup Item:
No
Launched:
No
____________________________
____________________________
Few Users
Fewer than 50 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin
Downloaded from  URL Not Available
Source: External MediaSource File:
3780515.exe
____________________________
File Actions
File: c:\documents and settings\john\local settings\temp\3780515.exe
Removed
File: c:\documents and settings\john\desktop\bootkit\3780515.exe
Removed
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________

 

 

You can do the same in other areas on the History

 

 

Quads

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: one click support 1003,9: virus + ever-increasing popups

Then it should be easy to add this feature to the NPE.

Win7 x32 SP1