• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton 360 and Suspicious.Mystic

Woah, I have not had any virus problems for years, until tonite... during my vacation :/

I was away from computer for 5 mins and when I came back it had 7-8 windows security  dialogs requesting some kind of permission. I did not like so I restarted the computer. After restart Norton found this "Suspicious.Mystic" and removed it. After that I just get a black screen in windows. No startmenu, no background, nothing.. It is possible to CTRL/ALT/Delete and start task manager etc.

Bedtime for me now... I hope this just is a night mare :/   

System: Windows7 & Norton 360v4.

[edit: Clarified subject.]

Replies

Kudos0

Re: Norton 360 and Suspicious.Mystic

Woah, I have not had any virus problems for years, until tonite... during my vacation :/

I was away from computer for 5 mins and when I came back it had 7-8 windows security  dialogs requesting some kind of permission. I did not like so I restarted the computer. After restart Norton found this "Suspicious.Mystic" and removed it. After that I just get a black screen in windows. No startmenu, no background, nothing.. It is possible to CTRL/ALT/Delete and start task manager etc.

Bedtime for me now... I hope this just is a night mare :/   

System: Windows7 & Norton 360v4.

[edit: Clarified subject.]

Kudos0

Re: Norton 360 and Suspicious.Mystic

Hi again,

I could not get any sleep while hearing my poor computer crying about this "¤%"#¤% virus. So I tried to get rid of it:

- Copy explorer.exe from an other windows7 computer to an USB memory stick

- use CTRL/ALT/DELETE to open Task Manager and run cmd to access the USB memory stick from the infected computer

- run explorer.exe on the infected computer

Perfect, windows background and start menu is back :)

But..."Antimalware Doctor" starts automaticly. Another virus.. great..

- Follow the instructions on http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor by placing rkill.com and mbam-setup.exe on the USB memory stick.

- run rkill.com, this kills the Antimalware Doctor application.

- run the mbam setup, and start the Malwarebytes' Anti-Malware application.

- start a full scan in mbam and let it remove all infections as described in the above link

(I had to rerun mbam 3 times before it found all infections)

Ok.. Windows seems to work now (not tested with internet connection).

BUT, I cannot copy explorer.exe from my Memory stick to c:/Windows because Norton goes wild and report Suspicious.Mystic warning and removes it again.

Anyway, 3 am.. bedtime now 4 real.

Kudos1 Stats

Re: Norton 360 and Suspicious.Mystic

You are still infected.  I would recommend a visit to one of the free malware removal forums for assistance.Bleeping, as you probably noticed is very backed up.  One of the other's will likely be faster.

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/


Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Norton 360 and Suspicious.Mystic

suspicious.mystic is a rootkit that lodges in your C:\WINDOWS directory.  Norton finds some infected pieces, but doesnt remove the cause.  I was able to remove it from a couple PC's successfully

removal instructions at www.squiggo.com

(The current version going around is a variant of sorts, that spams email, removes your taskbar and icons from your desktop among other goodies.  )

Drew

Kudos0

Re: Norton 360 and Suspicious.Mystic

From what I could see in those instructions, it would work for those with enough experience to recognize the problem .dlls.  For an inexperienced user, it could be quite dangerous.

Symantec is working very hard on a fix for this, but it could delete winlogon.  Disconnecting from the internet and avoiding a reboot would be wise until it gets sorted out.  One user on NIS/NAV has a TDL3 involved as well which is trickier to fix. 

I would still recommend one of the forums for help with it, rather than do it yourself unless you are very computer savvy.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1 Stats

Re: Norton 360 and Suspicious.Mystic


electroguy wrote:

suspicious.mystic is a rootkit that lodges in your C:\WINDOWS directory.  Norton finds some infected pieces, but doesnt remove the cause.  I was able to remove it from a couple PC's successfully

removal instructions at www.squiggo.com

(The current version going around is a variant of sorts, that spams email, removes your taskbar and icons from your desktop among other goodies.  )

Drew


Suspicious.Mystic is a Heuristic detection for anything Norton detects as matching something possibly bad. It is not a solid detection name like "Trojan.Bamital!inf " which the suspicious.mystic detection for "explorer.exe" and possibly "winlogon.exe" has been changed to after Symantec received the installers from me and they took a look at it.

"Trojan.Bamital!inf" does not include the TDL3 (+) (Tidserv) that PC's at the moment are infected with also, as the other part.

This TDL3(+) variant appears to be downloading .tmp file(s) that then install Trojan.Bamital!inf  

For SONAR or Heuristic detections like suspicious...................., Trojan.Gen etc can't have removal instructions like is done for hard detection names as the SONAR or Heuristic detection name is usually too broad, Trojan.Gen for what??

The Suspicious.Mystic I got to infect "explorer.exe" had no .dll files involved, so I had no .dll's to remove, let alone 4 of them, so you instructions don't match, let alone installing programs like Ad-Aware with Norton which I have tested.

Quads 

Kudos1 Stats

Re: Norton 360 and Suspicious.Mystic

Electroguy

I found you on Bleeping Computer, and the Suspicious.Mystic with the injected patched "explorer.exe" and possibly "winlogon.exe" looks the same BUT the user had or has a Rogue (Animalware Doctor) installed and by the ark log unless it's hidden further behind what is shown, It's not a TDL3 (+) infection.

It's instead  TDL2, or More like Conficker (Downanup) variant which is different

Log from there attached

Whereas now it looks like TDL3 (+) can install on x64 systems which is interesting, 

Quads

File Attachment: 
Kudos0

Re: Norton 360 and Suspicious.Mystic

Moved to own thread for better exposure.

This thread is closed from further comment. Please visit the forum to start a new thread.