• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

How to remove it.

I came back to my computer today and found that it had navigated to an internet site on internet explorer.  So I reset and on startup it again navigates to this internet site althought it hasn't changed the homepage.  I've found what it is... http://www.threatexpert.com/report.aspx?uid=0863776c-5334-46c6-90bd-331360b31ef8 .  I did a virus scan and it wasn't deteced by my Norton I was hoping to remove it myself.  I can find the ati2sgav.exe file on my computer and the registry keys.  I don't want to go deleting regisry keys and that but don't know how else I can remove this.  Any help appreciated. :)

Replies

Kudos0

Re: How to remove it.

I came back to my computer today and found that it had navigated to an internet site on internet explorer.  So I reset and on startup it again navigates to this internet site althought it hasn't changed the homepage.  I've found what it is... http://www.threatexpert.com/report.aspx?uid=0863776c-5334-46c6-90bd-331360b31ef8 .  I did a virus scan and it wasn't deteced by my Norton I was hoping to remove it myself.  I can find the ati2sgav.exe file on my computer and the registry keys.  I don't want to go deleting regisry keys and that but don't know how else I can remove this.  Any help appreciated. :)
Kudos0

Re: How to remove it.

01. What Norton Product and Version have you got, e.g. Norton Internet Security 2009?

02. What O.S., S.P. do you have?

03. If it is either Norton 2008 or 2009, have you done a Full System Scan in Safe Mode with Updated Virus Definitions; if it is earlier than that, Upgrade to N.I.S. 2009 and then do a Full System Scan in Safe Mode after Running Norton LiveUpdate.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

01. Norton Internet Security 2007

02. Windows Vista, SP1 as far as I know

03. I've done a full system scan with updated definitions and it brings up nothing.  I'll do one in safe mode as well.  Can I upgrade it to 09 without paying then?
Kudos1 Stats

Re: How to remove it.

03. Yes.  Please go to the symantec Online Store, Home and Home Office Store of your location.  Click on Trailware and Download the N.I.S. Trailware, which will be the N.I.S. 2009.  You can then enter your N.I.S. 2007 Product Key on the 2009 Product, which, once you enter the Product Key, you will get Full Features and Options of N.I.S. 2009.  That is the way I would do it.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos1 Stats

Re: How to remove it.

JDLM, the best way to see if you're eligible for a free update as well as receive it is to go to the Norton Update Center.
Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: How to remove it.

that's great! I'll download that and do another scan and see what it comes up with
Kudos0

Re: How to remove it.

No virus results in the scan.  I read in another thread that NIS 09 doesn't need LiveUddate so can I uninsall that from my PC now.  Also, Windows Secuirty doesn't recognise an antivirus system, is this OK?
Kudos0

Re: How to remove it.


JDLM wrote:
No virus results in the scan.  I read in another thread that NIS 09 doesn't need LiveUddate so can I uninsall that from my PC now.  Also, Windows Secuirty doesn't recognise an antivirus system, is this OK?

That is in-correct information; N.I.S. needs Norton LiveUpdate; how else would you Update the Product?  With N.I.S. 2009, Norton LiveUpdate no longer a "stand-alone" Product. 

If there is LiveUpdate still in Add-Remove, then this should have been removed before installing N.I.S. 2009; go ahead and remove it now, but you may get some problems since N.I.S. 2009 is installed.

Message Edited by Floating_Red on 09-26-2008 12:51 AM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

JDLM,

I think there is a confusion in terms. NIS 2009 has it's own Live Update which is different from  the "Symantec Live Update" that you see in Control Panel and Add-Remove Programs.

The "Symantec Live Update" can be uninstalled as it is not needed.

If by chance, this causes issues because you already have NIS 2009 installed, you can uninstall and then re-install NIS 2009.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

Ok, so I have LiveUpdate 3.2 (Symantec Corporation) and LiveUpdate Notice (Symantec Corporation) in the Add/Remove List.
Kudos0

Re: How to remove it.

JDLM,

You can uninstall BOTH of these entries.  They are not needed.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.


JDLM wrote:
Ok, so I have LiveUpdate 3.2 (Symantec Corporation) and LiveUpdate Notice (Symantec Corporation) in the Add/Remove List.
Remove them.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

Would a System Restore stop this thing??  If I do a system restore it doesn't change documents but does it uninstall programs that have been installed since, such as NIS 09?
Kudos0

Re: How to remove it.


JDLM wrote:
Would a System Restore stop this thing??  If I do a system restore it doesn't change documents but does it uninstall programs that have been installed since, such as NIS 09?
What "thing"?
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.


JDLM wrote:
Would a System Restore stop this thing??

What are you trying to stop?

A System Restore will not uninstall programs, but it will make them unusable as the registry will revert back to a previous point without the needed registry keys for the programs to run.

Perhaps you could explain what you wish to do.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

This 'thing' that open Inernet Explorer and navigates to tvstream.ath.cx on every startup.

I belive is this: http://www.threatexpert.com/report.aspx?uid=0863776c-5334-46c6-90bd-331360b31ef8

Message Edited by JDLM on 09-25-2008 06:01 PM
Kudos0

Re: How to remove it.

Okay,

I didn't realize you were still infected.

Do a manual "Run Live Update" from the main Norton window to be sure you have the latest definitions.

Unplug from the internet, restart your computer in SAFE MODE and run a full system scan with NIS 2009.

Please report back with your results.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

It doesn't turn up any results
Kudos0

Re: How to remove it.

Wow, that was quick.

Are you sure you performed a Full System Scan?

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

I did one after I updated to NIS 09 but I'm going to do another, just to be sure.

...and again nothing shows up :(

Message Edited by JDLM on 09-25-2008 07:01 PM
Kudos0

Re: How to remove it.

Be sure to unplug from the internet and do it in SAFE MODE.
"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

Tried a system restore which failed, the system restore didn't actually complete for some reason.  Deleting a bit from Hijackhis log didn't do anything and the second scan showed nothing and windows defender shows nothingMessage Edited by JDLM on 09-25-2008 07:08 PM
Kudos0

Re: How to remove it.

Please a Full System Scan in Safe Mode.
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

Hi JDLM,

I'll explain later why the System Restore failed - you don't want to do that now.

We'll try another way to rid you of this infection.

Connect to the internet.  Download, install and update the FREE version of Malwarebytes here.

Once those steps are completed, unplug from the internet, restart your computer in SAFE MODE and run a complete Malwarebytes scan.  If items are found, follow the Malwarebytes suggested procedure.

This next step is optional but recommended. Delete your System Restore Points by turning off System Restore. Many infections will become embedded in your previous restore points - therein lies the possibility that they may return. Also you may find that the malware has already erased your restore points.

Restart your computer in Normal Mode and check how things are working.

Once you are completely sure your computer is clean, you can turn ON System Restore.

Please let us know how you do with this.

EDIT: I was typing as Floating_Red was posting.  It is very important to perform the suggested scans in SAFE MODE.

Message Edited by Phil_D on 09-25-2008 10:16 PM
"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.


Phil_D wrote:

Hi JDLM,

I'll explain later why the System Restore failed - you don't want to do that now.

We'll try another way to rid you of this infection.

Connect to the internet.  Download, install and update the FREE version of Malwarebytes here.

Once those steps are completed, unplug from the internet, restart your computer in SAFE MODE and run a complete Malwarebytes scan.  If items are found, follow the Malwarebytes suggested procedure.

This next step is optional but recommended. Delete your System Restore Points by turning off System Restore. Many infections will become embedded in your previous restore points - therein lies the possibility that they may return. Also you may find that the malware has already erased your restore points.

Restart your computer in Normal Mode and check how things are working.

Once you are completely sure your computer is clean, you can turn ON System Restore.

Please let us know how you do with this.

EDIT: I was typing as Floating_Red was posting.  It is very important to perform the suggested scans in SAFE MODE.

Message Edited by Phil_D on 09-25-2008 10:16 PM
JDLM: Me and Phil here are not fighting to get the Solution to this, although it may seem like it.  ;)
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

That is correct.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.


Phil_D wrote:

That is correct.


Yes Phil, "not".  ;)
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: How to remove it.

Correct: "not".
"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

I'm afraid you're going to have to keep fighting, the Malwarebyte did remove something but not whatever is causing the internet page to open on startup.
Kudos0

Re: How to remove it.

JDLM,

We're not really fighting - sometimes one person is typing just at the same time another one is posting.

Did you delete your System Restore Points?

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: How to remove it.

I was looking at that page: http://www.threatexpert.com/report.aspx?uid=0863776c-5334-46c6-90bd-331360b31ef8 to see what has happened and looking at the registry values tha have been created, one has been made to run ati2sgav.exe on startup.  I searched for ati2sgav.exe and opened it, it opened the webpage that I keep getting directed to.  I then moved this file to my desktop and resarted and I no longer get the problem!!

thanks for all your help though guys

Message Edited by JDLM on 09-25-2008 08:30 PM
Kudos0

Re: How to remove it.

Congratulations! 

Glad to hear that you were successful.

Be sure to double check all of the removal instructions on that link to make sure you are rid of it for good.

Best Wishes.

Message Edited by Phil_D on 09-25-2008 11:48 PM
"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow

This thread is closed from further comment. Please visit the forum to start a new thread.