• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Unable to scan with Norton 360

I have attached my Hijackthis log if it helpsMessage Edited by alissimore on 08-21-2009 03:28 PM
File Attachment: 

Replies

Kudos0

Re: Unable to scan with Norton 360

I have attached my Hijackthis log if it helpsMessage Edited by alissimore on 08-21-2009 03:28 PM
Kudos2 Stats

Re: Unable to scan with Norton 360

Hi alissimore,

 

Please provide more information on what exactly happens when you try to run the scan. According to the Hijackthis you are using Norton 360 3.0 in Windows Vista (SP1), and the following entries needs to be fixed:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\efcBsSkl.dll (file missing)
O2 - BHO: (no name) - {9C0DA5E5-8688-400A-AF3A-23CB7787F741} - C:\Windows\system32\wvUkICrO.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcBsSkl.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - Global Startup: NCProTray.lnk =
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C364F36-8780-4F39-AE34-1296E877BA0D}: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6F36C8E-E2EA-4EB7-8D4E-5497CD702394}: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211

 

Yogesh

Kudos0

Re: Unable to scan with Norton 360

When I try to run the scan, it says 0 files have been scanned and stays there indefinitely... Sometimes if I try to run the quick scan it says "another scan is already running."
Kudos0

Re: Unable to scan with Norton 360

Alissimore:

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Unable to scan with Norton 360

here it is
File Attachment: 
Kudos0

Re: Unable to scan with Norton 360

Well, Alissimore:

You have two rootkit infections on your system, which is why things are not working.  I will advise Quads, who is our guru responsible for these repairs.  Do not try to remove them yourself as it can be dangerous to your system.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Unable to scan with Norton 360

Hi

If you have Spybot S&D installed remove it 

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

1. Download Avenger to your desktop,

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

OR Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop 

2. Click to run "Avenger.exe"  (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines


Drivers to disable:

ESQULserv.sys

gaopdxserv.sys 

Drivers to delete:

ESQULserv.sys

gaopdxserv.sys 

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\Windows\System32\drivers\ESQULqbhbianftirwmjlmmeqdeahhxnyeugkq.sys

C:\Windows\System32\drivers\gaopdxwacdpbmw.sys 

C:\Windows\System32\ESQULzcounter

C:\WINDOWS\System32\gaopdxcounter 

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\ESQULserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\gaopdxserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL 

HKEY_LOCAL_MACHINE\SOFTWARE\gaopdx 


Here is a screenshot (script updated since shot)

Make sure the "Automatically disable any rootkits found" is NOT selected

4. Click "Execute"

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

5. Restart the PC again, then see if you can install  Update and run Malwarebytes  http://www.filehippo.com/download_malwarebytes_anti_malware/

Quads   

Kudos0

Re: Unable to scan with Norton 360

Thanks quads. I ran the Avenger script. The log is attached.

The malwarebytes update worked, and it is currently scanning. It's already found 2 infected objects... What should I do? 

File Attachment: 
Kudos0

Re: Unable to scan with Norton 360

This is the result from the malwarebytes scan
Kudos0

Re: Unable to scan with Norton 360

Hi

Have Malwarebytes Remove all of those and then click the "update" tab in Malwarebytes to check for any updates, Then do another full scan to see if any are still there and Malwarebytes can't remove after all.

Mainly the Vundo and Resycled  entries

Quads 

This thread is closed from further comment. Please visit the forum to start a new thread.