• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton Not Scanning - Virus?

Hi,

I seem to be having the same prob as a few others, in that my computer from friday, will not run a norton quick scan or full scan and wont close after attemped start.

i would be extremly gratful if you could guide me through a fix.

I have made a start by running GMER scan (currently scanning) do i post results here?

any help would be great,

Cheers

Replies

Kudos0

Re: Norton Not Scanning - Virus?

Hi,

I seem to be having the same prob as a few others, in that my computer from friday, will not run a norton quick scan or full scan and wont close after attemped start.

i would be extremly gratful if you could guide me through a fix.

I have made a start by running GMER scan (currently scanning) do i post results here?

any help would be great,

Cheers

Kudos0

Re: Norton Not Scanning - Virus?

Hi

You can PM me the actual log, Possible needs to be split into 2 or more parts (PM's).

Does Norton give any error code?? 

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Have you tried to run a Norton scan in Safe Mode yet?  What product do you have and what version?  What is your OS on your system?

Message Edited by dbrisendine on 06-07-2009 03:22 AM
Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: Norton Not Scanning - Virus?

No Error codes just keeps saying scanning but items scanned stays at 0

im have windows vista.

think it is the same prob as

http://community.norton.com/norton/board/message?message.uid=104517

which was resolved with a script you wrote for him to paste into avenger

Kudos0

Re: Norton Not Scanning - Virus?

Oh Ok 

GMER log should tell us the partial random file names if so.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Just about time for Quads's bedtime so I will script for you tomorrow what the GMER log shows if that is what yo have (an infection)

By Morning I will check my PM's for the log. 

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

I am having the same exact problem (will not run a norton quick scan or full scan and wont close after attemped start). I thought I might have a virus, because I am also getting a dos box on startup" "system32 ntvdm.exe".

When I try to scan, either quick scan or full scan..it seems to be in working order..but no programs are showing (you know how you "see" it scanning) and no files show below..as being scanned. It all stays at zero. I have let it run 2 hours like that.

It DOES seem to run in safe mode..but, its a very fast scan.

My OS is Vista. I have the Norton Protection Center and nowhere in it can I find the version.

It is still protecting my computer. I have been checking the history.

I hope this can be fixed.

Kudos0

Re: Norton Not Scanning - Virus?

Stargazer:

Please provide us with a Hijackthis log from here: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

And download and install Malwarebytes here  http://www.malwarebytes.org

If you have trouble installing Malwarebytes, please see this link

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=55639

Once we identify the problem we can try to help you with it.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Norton Not Scanning - Virus?

Ok..and thanks for the speedy reply. I hope I can do this without messing things up further.

I found the version information.

Norton Internet Security
version 10.2.0.30
HPQ (60)

Kudos0

Re: Norton Not Scanning - Virus?

Me again.

Is that the correct link for malwarebytes? I get an error page. I downloaded hijack this..and will do that now.

Kudos0

Re: Norton Not Scanning - Virus?

Hijack this wont install. It says it stopped working..and asks if I want to find an online solution. I click that and nothing happens.

I also tried to get to malwarebytes via google...I get the same thing..address not found.

Kudos0

Re: Norton Not Scanning - Virus?

Heheh..I changed the name of hijack this..and got it to work. Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:23 PM, on 6/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\111\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdte.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ShockmachineReminder] C:\Program Files\shockwave.com\Shockmachine\SmReminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.2/install.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
O16 - DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} (CPlayFirstWanderingWControl Object) - http://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: NameServer = 85.255.112.158,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3CE1D17-F261-4348-A549-4B91BF12F1AE}: NameServer = 85.255.112.158,85.255.112.86
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.158,85.255.112.86
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.158,85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.158,85.255.112.86
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11185 bytes
Kudos0

Re: Norton Not Scanning - Virus?

I managed to get a copy of malware bytes. I had to change the name of the exe and its running now.
Kudos0

Re: Norton Not Scanning - Virus?

Stargazer:

That is the correct link for Mbam. Well-done Stargazer.  You make progress while I type.

Were you able to PM the GMER log to Quads?

Message Edited by delphinium on 06-09-2009 05:34 PM
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Norton Not Scanning - Virus?

The link above for Malwarebytes is OK,

I think this thread had to do with the Trojan\Rootkit, it may be blocking certian websites.

If it tuens out to be the Rootkit

Scan only,  With Rootrepeal  http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=13889#M13889

and GMER http://www.gmer.net/

Quads   

Kudos0

Re: Norton Not Scanning - Virus?

Hi

Is the error Message you get this


C:\WINDOWS\system32\msupdte.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0dcf IP:018d OP:63 65 64 65 64 Choose 'Close' to terminate the application.

Then what you have is a Backdoor/Trojan, seen in the Hijackthis log as 

O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdte.exe

Whether the Malware has managed to download more Malware like a Rootkit, don't know yet.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Ok..I ran the malwarebytes. It found 16 objects which I let it remove.

In my first post, I mentioned that upon start, I was getting a dos box that was titled "system32 ntvdm.exe ". This is gone now.

Before I connected my cable back to the internet, I tried to run a norton scan. That is still doing the same thing. Everything remains at zero..and you can see no moving files.

Oh..I also restarted my computer again (after malwarebytes told me to)..because my cable wouldnt work. I still didnt get that dos box..so whatever I have doesnt seem to be reinfecting. I had been getting that box with every startup.

I have the log from the malware bytes. Should I paste that here?

Kudos0

Re: Norton Not Scanning - Virus?

Oops..me again.

I was getting no error message..just a dos box that I had to close after every startup.

Its gone now, tho.

Kudos0

Re: Norton Not Scanning - Virus?

Here is the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1

6/9/2009 8:47:48 PM
mbam-log-2009-06-09 (20-47-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 225285
Time elapsed: 34 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft winupdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{62ce607a-1353-4a2d-b5d5-4e4ae3b77005}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{62ce607a-1353-4a2d-b5d5-4e4ae3b77005}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{62ce607a-1353-4a2d-b5d5-4e4ae3b77005}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f3ce1d17-f261-4348-a549-4b91bf12f1ae}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.158,85.255.112.86 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

Kudos0

Re: Norton Not Scanning - Virus?

Hi

The DOS box belongs to

Files Infected:

C:\Windows\System32\msupdte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.   Now gone, good,

Do you still get the problem with Norton??

Plus the Malwarebytes database is out of date.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

The norton is still not running properly. Its doing the same thing.

The malwarebytes wouldnt update. I noticed the definitions date tho. It was may 29th.

Kudos0

Re: Norton Not Scanning - Virus?

I just tried to rename the malwarebytes to its original name. It wouldnt run. I put back the name I made for it..and I was able to open it and download the updates.

I am running it now..but I am still connected to the internet and I didnt disable system restore...the way I did the first time.

Kudos0

Re: Norton Not Scanning - Virus?

Hi

Please Download Rootrepeal NOW , follow this post. http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=13889#M13889

And GMER,  http://www.gmer.net/  Run GMER, run a "Scan" (See scan button)  when it is finished click the "Save" Button it will save the log in .txt format. GMER is not to be played with.

If the log is large use like http://pastebay.com and personal Message me the link to the log 

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

GMER is running now.

At pasteboy.com, do I just paste it there..add my name to the bottom and click send? (i never used that before).

When this is done, I will get the root repeal.

Kudos0

Re: Norton Not Scanning - Virus?

I will try the pasteboy place. I hope I do it right.

Kudos0

Re: Norton Not Scanning - Virus?

Yes

Paste the log in the big box, use "starrgazer" as your name and press send.

The Rootrepel, log should be small enough to Personal Message to me.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Ok..I had already sent the one in pasteboy. I guess I did it right, because I did what you just said.

I also just pri msged you the root repeal.

They both found "something".

Kudos0

Re: Norton Not Scanning - Virus?

Oh  a new name 

 C:\Windows\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys

It will take me some time to create the script. 

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Take your time. I have been messing with this since yesterday. I am just so happy to find someplace to get some help.

I dont know anything about scripts so you are going to have to tell me what to do step by step.

Kudos0

Re: Norton Not Scanning - Virus?

Don't worry I am the one creating the script.

Quads 

Kudos1 Stats

Re: Norton Not Scanning - Virus?

Ok

1. If you have Spybot S&D installed, uninstall it. and turn off System Restore

2. Go to this post and download to your desktop Avenger  http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=53509#M53509

for the number 3. Your script is below not on the other post. So

3. In the "Input script here:" copy and paste the script between the lines


Drivers to disable:

MSIVXserv.sys

Drivers to delete:

MSIVXserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys

C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll

C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll 

C:\Windows\System32\MSIVXcount

C:\Windows\System32\MSIVXcount.dll

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX 



Now carry on with the screenshot and number 4. on the other post.

After the restarts There will be an Avenger log.

After that see if everything is working,

Norton will more than likely be insterest in these files,  Avenger has a quarantine folder,  we can talk about that later.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

OMG I thought I was gonna die..lol I did exactly like you said. On reboot..I got my HP screen, where it begins..then as usual, the screen goes black..and in a few moments windows opened..instead..it went back to the HP screen...but after that..it did as it normally does..and windows came.

I tried the norton scan. It works!!!

Oh..when I got to windows..this message was there..in a notepad.

 Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "MSIVXserv.sys" found!
ImagePath:  \systemroot\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys
Start Type:  4 (Disabled)

Rootkit scan completed.

Driver "MSIVXserv.sys" disabled successfully.
Driver "MSIVXserv.sys" deleted successfully.

Error:  file "C:\Autorun.inf" not found!
Deletion of file "C:\Autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Do I have to run malwarebytes now?

Kudos0

Re: Norton Not Scanning - Virus?

Where is the rest of the log?? it's too short, it doesn't show the process of files or reg entries,

look for "avenger.txt" open it it should be longer.

last lines of the log should be


 Completed script processing.


*******************

Finished!  Terminate.


  

Quads 

Message Edited by Quads on 06-10-2009 04:50 PMMessage Edited by Quads on 06-10-2009 04:51 PM
Kudos0

Re: Norton Not Scanning - Virus?

That was it...the title of the file was avenger.txt

It popped up as soon as I got to the desktop. Should there be another one someplace? I will take a look..but, I think thats it.

Kudos0

Re: Norton Not Scanning - Virus?

If you see other Avenger logs on this forum you will see it has those words at the end

maybe your Notepad was not fully maximised, so didn't scroll down

look in "C:\avenger.txt"

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Whats in there is 1kb avenger.txt. Its password protected..and I dont know the password.

When it popped up I saved it to another area of my computer, so that I would know where it was. I had to unzip a folder to even see it. I think its the same thing.

Kudos0

Re: Norton Not Scanning - Virus?

wait..maybe the whole thing didnt paste here..let me try again

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "MSIVXserv.sys" found!
ImagePath:  \systemroot\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys
Start Type:  4 (Disabled)

Rootkit scan completed.

Driver "MSIVXserv.sys" disabled successfully.
Driver "MSIVXserv.sys" deleted successfully.

Error:  file "C:\Autorun.inf" not found!
Deletion of file "C:\Autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "D:\Autorun.inf" not found!
Deletion of file "D:\Autorun.inf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys" deleted

successfully.
File "C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll" deleted

successfully.
File "C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll" deleted successfully.
File "C:\Windows\System32\MSIVXcount" deleted successfully.

Error:  file "C:\Windows\System32\MSIVXcount.dll" not found!
Deletion of file "C:\Windows\System32\MSIVXcount.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys" not found!
Deletion of registry key

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys"

deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
 

Kudos0

Re: Norton Not Scanning - Virus?

Now can you find a folder called avenger?? 

Quads 

Message Edited by Quads on 06-10-2009 05:14 PM
Kudos0

Re: Norton Not Scanning - Virus?

When the avenger.txt popped up when I got to desktop, I read it and saved it elsewhere in my computer. I posted it again (above). I cut it short in the paste, earlier..I am sorry.

In the avenger file, that you sent me to, on the C drive..all thats in there is a zip file. I opened it. There was an avenger.txt in there and its password protected, as is, the 3 or 4 other files in there.

Did you see the text that I posted last? Its longer...and ends with finish terminate .

Kudos0

Re: Norton Not Scanning - Virus?

That .zip folder is what I want, before scanners delete it, I know the password,  just have to figure out a place to upload them so I can download them etc.

Reson for password is that they are the files Avenger moved, they are the rootkit files.  Passording it prevents accidental re-infection.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

OK..dont you have a junk email acct someplace? I can email them to you.
Kudos0

Re: Norton Not Scanning - Virus?

OK

Like when we did the GMER log on pastebay,  

Right click the whole "Avenger" folder  (as there are .reg files also.) in the right click menu it should give you the option to compress to .zip.

Do so then do to  http://www.rapidshare.com/ 

you can choose the avenger.zip folder upload then PM me the download link.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Its already zipped. I will go there and send it right now.
Kudos0

Re: Norton Not Scanning - Virus?

Ok..done. I sent you a private msg.
Kudos0

Re: Norton Not Scanning - Virus?

Yep thanks, received, downloaded and opened.

Now you can Run, update the Definitions and Run a full Scan with Malwarebytes,

Also the same with SuperAntispyware Free, Install Update definitions, run a full Scan etc.

Hopefully all is well. after that, with any leftovers for that trojan the rootkit or anything else being deleted.

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

I was running the malware bytes..but I quickly shut it when you mentioned scans removing files..lol I didnt want it to disappear. It was almost done, and hadnt detected anything...so I think its gone.

I cant thank you enough. My one concern was that little backtake it did when I booted it up. I am going to restart it..just to be sure it doesnt do that all of the time.

Believe me..if it does that..its a small price to pay. I only slept 4 hours last night..fooling with this thing. I am so glad that I found this place...and thank you so much. You are providing a great service for people.

Kudos0

Re: Norton Not Scanning - Virus?

Hi Guys

The disallowed list for this rootkit  


[HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX]

[HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX\disallowed]

"avp.exe"=hex(0):

"klif.sys"=hex(0):

"mrt.exe"=hex(0):

"spybotsd.exe"=hex(0):

"sasdifsv.sys"=hex(0):

"saskutil.sys"=hex(0):

"sasenum.sys"=hex(0):

"superantispyware.exe"=hex(0):

"szkg.sys"=hex(0):

"szserver.exe"=hex(0):

"mbam.exe"=hex(0):

"mbamswissarmy.sys"=hex(0):

"pctssvc.sys"=hex(0):

"pctcore.sys"=hex(0):

"mchinjdrv.sys"=hex(0):

"avgfwdx.sys"=hex(0):

"avgldx86.sys"=hex(0):

"avgmfx86.sys"=hex(0):

"avgrkx86.sys"=hex(0):

"avgtdix.sys"=hex(0):

"hijackthis.exe"=hex(0):

"combofix.exe"=hex(0):


Quads

Kudos0

Re: Norton Not Scanning - Virus?

Just thought I would let you know..everything was fine when I restarted..it didnt do that little hiccup thing.

Thank you..once again.

Kudos0

Re: Norton Not Scanning - Virus?

No problem

The "little hiccup" as you put it wne using avenger, was Avenger as written

"You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find."

Quads 

Kudos0

Re: Norton Not Scanning - Virus?

Message moved to a new thread for better exposure

This thread is closed from further comment. Please visit the forum to start a new thread.