So, first of all the problem is on our folders that are on server. The server has not virus installed. Can I solve that problem from my pc, that has XP? Moreover I have to say that Norton Internet security 2010 is expired, and I'm waitng the new product. Can I solve with another virus?

---

fra2000 wrote:

 

So, first of all the problem is on our folders that are on server. The server has not virus installed. Can I solve that problem from my pc, that has XP? Moreover I have to say that Norton Internet security 2010 is expired...

 

---

Hi fra2000:

When you say that NIS 2012 is "expired", do you just mean that you are using an older version of NIS 2010 (e.g., v. 17.7.0.12) but that you have paid to renew your subscription (i.e., that you still have days remaining on your subscription)?  You said in your original post that your Norton product detected the w32.downadup!autorun virus, so I assume the virus definitions on your for NIS 2010 are fully updated and your system is secure.  Are you able to run a manual LiveUpdate to bring the virus definitions up-to-date in NIS 2010?

If NIS 2010 was still able to scan and detect thisw32.downadup!autorun virus, could you please provide details from the Resolved Security Threats (or possibly SONAR Activity or Recent History) section in your NIS security history that I requested in my previous post.

In the mean time I would advise that you download the free Malwarebytes' Anti-Malware (MBAM) scanner to your Win XP PC as instructed here in GordoB's thread titled Possible Virus/Malware Not Detected by NIS and run a full system scan of your PC once MBAM is fully updated.  I'm not certain, but depending on how you have your network configured, MBAM might allow you to scan files on your server as well if the folder on your server looks like a virtual drive (e.g., G:\ drive) from your Win XP PC.

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

I downloaded and updated that program. Norton is expired because it was Norton 2010. Some colleagues of mine found this problem!

also the problem is that in the pcs Norton shows a figure as above but it says that it cannot delete it and it asks a new scan. I don't know if  Norton deletes after the scan. Now I'm trying to scan with malware

---

fra2000 wrote:

 

Norton shows a figure as above but it says that it cannot delete it and it asks a new scan.

 

---

It's difficult to tell without a screenshot of the actual detection, including the path and name of the file, but it sounds like Norton is having problems removing this virus.  Do you know if your friend was trying to use the Norton Power Eraser (NPE) to remove this virus? The NPE is a very aggressive tool and can damage important system files if allowed to "fix" (i.e., delete) suspicious files (see delphinium's comments here in the Norton Protection Blog), so I always recommend that users run the NPE in diagnostic mode (see RichD's instructions here) unless they have confirmed that they are infected with a virus that cannot be removed by any other method.

I hope that MBAM will be able to remove this virus off you system, but if MBAM doesn't work there may be better tools than the NPE for removing this virus (e.g., BitDefender's Conficker Removal Tool).  Let's wait and see how MBAM does first and then decide how to proceed.

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Now I launched MBAM in my pc, that scanns C: and network G:, where there should be the virus according to norton. IN another web site, it is said that it could be removed using prompt commands. Entering G:, using net use G:, writing G:, then writing attrib *.*, the prompt command shows me some files, between which there is G:\autorun.inf; but if I want to delete it (using attrib -h-s-r autorun.inf, prompt command tells me "access denied") 

Good morning,

system scan ended some minutes ago, and for malwarebytes there is no virus in C: and network G:. Now I scan also hidden system files and I try. But the problem is

Hi fra2000:

It sounds like you've made some good progress, but Conficker is one of those viruses that tries to copy itself to removable USB drives and network shares and re-infect computers on your network (see here on the Symantec Security Response site).  Even if MBAM was able to disable the active Conficker virus on your C:\ and G:\ drives, it's posible that residual files from this infection remain somewhere on your network, so instead of wasting any more time with MBAM I would proceed as follows:

Step 1:  Post in a Malware Removal Forum For Expert Help

I would post in one of the malware removal forums listed here and get specialized one-on-one assistance from a malware removal expert to make sure that your PC and network folders on your server are clean.  Two of my personal favourites from that list are:

www.bleepingcomputer.com
www.WhatTheTech.com (which I've used myself)


Step 2:  Temporarily Activate the PRO features in Malwarebytes' Anti-Malware

Please ignore this step if your colleague has already installed anti-virus software on your computer that will protect your computer in real-time protection.

The free MBAM software that you just installed on your PC likely came with a 15-day trial period that allows new users to test the PRO features of MBAM that are only available to paid customers.  I would accept the trial offer and then enable the real-time protection module and schedule a daily quick scan (see section O here in the MBAM FAQ for instructions) to keep your system protected until you have NIS 2012 (or some other manufacturer's security software) installed on your PC and protecting your computer in real-time protection mode.

Once you have NIS 2012 installed on your PC you should disable the real-time protection module in MBAM, since running two different security programs in real-time protection mode can create conflicts and actually decrease the security of your system.  It will be safe to use the free MBAM scanner to perform on-demand scans once you have NIS 2012 installed on your PC as long as long as the MBAM real-time protection module is disabled.

Step 3:  Remove The Expired NIS 2010 From Your System Before Installing New Security Software

Please ignore this step if your colleague has already installed NIS 2012 or other Norton security software on your computer.  Note that the Norton Removal Tool (NRT) will wipe all Norton software off your system (e.g., NAV, NIS, N360, etc.)

Before installing NIS 2012 or security software from another manufacturer (e.g., McAfee, AVG, etc.) it would be a good idea to wipe your expired NIS 2010 software off your computer.  Residual registry entries and files from old security software - including NIS 2010 - could corrupt your NIS 2012 installation (see my post here in baldeagleuk's thread titled Upgraded to NIS 2012, Lost Internet Access)

To wipe NIS 2010 off your PC:

1. Download the Norton Removal Tool (NRT) from www.norton.com/nrt.  Choose I have a Norton 2006/2007/2008/2009/2010/2011/2012 product to download the correct NRT for NIS 2012
2. Disconnect from the Internet.
3. Uninstall NIS 2012 from the Windows Control Panel (e.g., Add/Remove Programs for XP; Programs and Features for Vista and Win 7) and re-boot.
4. Run the NRT and re-boot (repeat this step 2 or 3 times with a re-boot between each wipe with the NRT).

Then make sure the real-time protection module in MBAM is disabled and install NIS 2012 or what ever other new security software you decide to use.

Be sure to post back and let us know how you're doing.  Once you start working with a malware removal expert I won't interfere by posting any more suggestions about the Conficker removal, but I can always help with general questions about MBAM and NIS and there are likely other users here in the NAV/NIS forum following your thread who would benefit from your feedback.

----------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS