Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
mz,
First of all, are you still getting the pop-ups or has that been corrected?
There could be a few reasons why this reference is still coming up in your Norton Scan.
On reason may be that System Restore backed up the infected files.
Turn off System Restore (you will loose all previous restore points) and then run both the Norton Scan and Malwarebytes scan in Safe Mode. I would also advise you to physically disconnect from the internet (pull the plug) during both scans.
If the scans come back clean, you can then turn on System Restore.
I haven't been online to see if the pop ups still occur - been at work all day.
I'll try what you recommend - i don't really know what it means that i will lose restore points, but i'm guessing for me it will be ok as i haven't really had any other issues.
Thanks
mz,
Windows regularly takes data "snapshots" of your computer system. It records these "Restore Points" so that in the event of a problem, you can restore your computer to an earlier time when you know everything was working. I've listed two articles here about restore points:
As good as that sounds, if you had an infection, that could be also be saved in the Restore Points and could cause future problems. Additionally, Norton by default does not scan restore points. So the best option for you is to get rid of all past Restore Points in case some of them have been compromised.
I should also point out that Restore Points are NOT backup of your documents, pictures, etc. - they are just information about your operating system.
Update: turned off system restore and ran both scans in safe mode. Adware.RCPrograms appears still when NIS scans and is not removed due to the whole unsupported program thing. Malwarebytes shows nothing. Any other ideas? (I appreciate your help!). System restore is still off.
Michelle
Hi
sorry to see you have this problem. Please send the file to Symantec and see what they can do for you.
NIS does not identify the file. It simply gives the name (Adware.RCPrograms) and then gives the option to Review or Exclude. I’m not sure how i could send it.
mz,
Do you have (or have had) any other antispyware detection programs on your computer?
I didn't get this computer new - but it doesn't look like there is any other antispyware (aside from the Malwarebytes i have already mentioned). I'll double check when i get home though.
It could be that Norton is picking up a definition file from another anti-spyware program which has the name of a virus or malware that it would scan for, but is not actually malicious content.
Can you do a search on your computer for "Adware.RcPrograms" and find out where it is located?
But the important point is, how is your computer running? Any issues?
This is a High-Risk and this Adware must be manually installed.
Please try this: http://www.symantec.com/security_response/writeup.jsp?docid=2003-112412-5834-99&tabid=3
I see another spyware program installed that i recognize. I did a search for Adware.RCPrograms and also rcsync and prizesurfer (the symantic link that Floating_red gave shows both of those names) - nothing - i did include system and hidden files. I had previously reviewed that link when i got the initial scan results and had gone to the registry as it said and looked for the appropriate info - none of it was there.
Just as i'm starting to think - hey, there are no pop-ups while i am surfing (for the past hour or so) and waiting for the scans to finish perhaps it's really not there and i'm actually clean i remembered another point. The initial scan by NIS in safemode where Adware.RCPrograms was detected another item was also detected but successfully removed - low risk item Adware.NDotNet.
Since then i have run the NIS scan in safe mode another 4 times. Each time this same item Adware.NDotNet is found again and removed successfully. Perhaps this Adware.RCPrograms is recreating the Adware.NDotNet each time i delete it?
This really can be a frustrating business. How do i know whether it is safe to go to any websites that require passwords? I feel vunerable! I grateful for the people who help here :). Thanks guys - any other pearls of wisdom?
I meant to say i DON’T see another spyware program i recognize! Oops
mz,
If I make take a moment to review.
1) You have followed the FULL removal procedure as outlined in the Symantec link referring to Adware.RcPrograms.
2) You have turned off system restore.
3) NIS is still showing the item Adware.NDotNet on the scans.
If all of these statements are correct, let's try another angle.
1) Go to Start > Run and type %temp% click Okay. Select all of these temporary files and DELETE them. Be sure to also empty the recycle bin.
2) Download and install Spybot. During the installation do not select TeaTimer / Resident. Once installed, Do NOT run the program yet - open it and download the updates.
3) Once you have updated Spybot, physically disconnect from the internet (pull the plug) and then Run Spybot. See what results are generated there. Delete the items that are recommended.
4) While still disconnected from the internet, run another NIS 2008 scan and the Malwarebytes scan.
5) Reconnect to the internet and let us know how you made out.
The reason I ask you to disconnect from the internet is in case you still have malware on your computer, it can't "phone home" hopefully denying another possible avenue to regenerate itself.
mz wrote:I see another spyware program installed that i recognize. I did a search for Adware.RCPrograms and also rcsync and prizesurfer (the symantic link that Floating_red gave shows both of those names) - nothing - i did include system and hidden files. I had previously reviewed that link when i got the initial scan results and had gone to the registry as it said and looked for the appropriate info - none of it was there.
Just as i'm starting to think - hey, there are no pop-ups while i am surfing (for the past hour or so) and waiting for the scans to finish perhaps it's really not there and i'm actually clean i remembered another point. The initial scan by NIS in safemode where Adware.RCPrograms was detected another item was also detected but successfully removed - low risk item Adware.NDotNet.
Since then i have run the NIS scan in safe mode another 4 times. Each time this same item Adware.NDotNet is found again and removed successfully. Perhaps this Adware.RCPrograms is recreating the Adware.NDotNet each time i delete it?
This really can be a frustrating business. How do i know whether it is safe to go to any websites that require passwords? I feel vunerable! I grateful for the people who help here :). Thanks guys - any other pearls of wisdom?
From the information provided, it seems to me that your system is clean.
A program you have installed on your computer needs the component Adware.NDotNet and that is why it is being re-created; please see this Web Link for deatils: http://www.symantec.com/security_response/writeup.jsp?docid=2004-020511-0558-99&tabid=1
What Version of N.I.S. have you got installed on your computer, e.g. N.I.S. 2008?
I will have to respectfully disagree that the system is clean until the specific program to which Adware.NDotNet is related can be identified. The Symantec link identifies this item as an adware program that acts as a browser helper object which will redirect the user to a sponsored page.
As noted in the link:
"Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation."
mz should determine which program is associated with Adware.NDotNet and if the program is deemed useful.
My recommendation would be to start the uninstall process and see if the program associated with it is a program you wish to keep. If not, then get rid of it. As seen in these articles, some BHO's can be useful, but many can be dangerous. The final determination will be up to you.
We have success. I installed spybot as you detailed and ran the scan. 41 items! Hard to believe considering the other two programs didn't find them. I cleaned them all and deleted the remaining directories the program couldn't delete and reran the scans in NIS and Malwarebytes in safemode. The only thing that NIS showed were tracking cookies - Malwarebytes was clean. I then restarted the computer and surfed for 1/2 an hour or so (during which time NIS successfully blocked an attack on my computer - coincidence? hmmm). After that i restarted the computer in safemode and started NIS again (just to be sure) and this morning when i checked again, only a few tracking cookies.
I tell you, this is a part time job! Thanks for all your help - i learned a lot and i think i now have a clean computer. YIPPPEE!
Michelle
mz,
Congratulations! Glad to hear everything went well.
As good as NIS 2008 is, there are those rare occasions when a multi-prong approach is required.
Keep observing your computer and if any problems arise, report back immediately.
Best Wishes,
Phil_D