Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Hello Astinkilgj,
Can you tell us which Norton Product and version you are running? Also please advise as to your operating system and service pack.
Thanks.
What O.S. are you using and with what S.P.?
What Norton Security Product are you using?
Did Auto-Protect Detect this or was it during a Scan, e.g. Quick Scan or Full System Scan?
What have you done already?
Try this first if not done so already:
- Update your Product via LiveUpdate.
- Run a Full System Scan in Safe Mode with all boxes checked in Manual Scanning (N.I.S./N.AV tab, Settings, N.I.S./N.AV Options , Manual Scanning).
- Go to this Web Page and follow the instructions for Removal: http://www.symantec.com/en/uk/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=3 ; this Web Page should give you all the instructions you need to Remove the Mis-leading Application if the other of my suggestions do not work.
I would strongly advise you to re-do these Steps again as you have been Connected to the Internet and the Mis-leading Application may have Updated it-self.
Hi Phil_D,
I am running Norton Internet Security 2006 and Windows XP Home Edition Version 2002: Service Pack 2
Thanks
Hi Floating_Red,
I am running Norton Internet Security 2006 and Windows XP Home Edition Version 2002: Service Pack 2
Will try your solutions.
Astinkilgj
You may want to upgrade to NIS 2008; there have been many updates both to the product and the anti-virus engine that will provide you with the protection you need. The FREE update to the latest version available here. Once installed, this free update will detect and continue your existing subscription.
“[RANDOM NAME]” is actually a random name that you should look for. It’s a random value in Windows Regisrty. Here is an example of random names: 0L6FS9QR, IQJ9X5GB. Antivirus 2008 creates values with similar random names.
Are you able to locate any file?
It is advisable to send in samples Malware Submission
Hi Floating_Red,
I think we are getting somewhere. The Antivirus XP 2008 program has gone from the Start>All Programs menu.
Auto Protect is no longer appearing every few seconds and I have no messages reporting thousands of viruses etc. infecting my computer.
I have loaded NIS 2008. I have backed up the registry. I have carried out all the instructions from the Norton Security Response link you provided including deleting the registry entries.
Only one problem remains. I have a large dialogue box centred on the desktop that cannot be closed, moved or minimized.
Is this part of the same problem and do you or anyone have any ideas how to remove it?
The dialogue box heading is Windows Warning Message
Half of the box is in red with the message WARNING! Spyware Detected on your Computer.
The second half identifies two files:
Warning! Win32/Adware/.Virtumonde Detected on your computer- Danger!
Warning! Win32/Privacy Remover.M64 Detected on your computer- Danger!
Finally the message " Please activate your antivirus software to Clean your computer.
Any help to remove this box would be appreciated and finally resolve the problem
Thanks.
Hi Stu,
Thanks for your help. Thinks have certainly improved as you can see from my reply to Floating_Red.
Any thoughts on that message and the 'Windows?' message?
I thought it might be a desktop background image introduced by the offending software, but I find that on opening desktop properties there is not desktop tab!! Any ideas.
Thanks also to everyone else for your help.
Hello,
Glad to see your problems are over regarding the Threat.
Is this part of your Desktop Background or is this box covering Files/Folders on the Desktop? If it is the former, try changing your Desktop Background(Start > Control Panel > Display). Also, there will - probably - be the picture that is your Background there; if it is there, try to Delete it.
Let me know how you get on.
Hello again, The ‘graphic’ appears to be part of the Desktop Background. It is not covering any files or folders on the Desktop. In fact there was a file on the desktop that was on top of the graphic and I was able to move this file to a clear area of the desktop. This led me to believe the same as you that the graphic is a desktop background. I have accessed the display properties through right clicking the desktop. Only three tabs are available: Desktop and Screen Saver have disappeared!
Try running ComboFix to get rid of this, http://download.bleepingcomputer.com/sUBs/ComboFix.exe it should take care of the desktop problem.
Hi,
Sorted!
Believing the offending image to be a desktop background I searched the Windows background folder and all .jpg files on my computer...no luck. Searched for all .bmp files and sorted the files for date created. The image was the last .bmp file created on the computer. Deleted the file and all is now OK.
Thanks again to everyone for your help.
Astinkilgj
Hi, I have followed the instructions just as Astinkilgj did down to the item#4 which is deleting registry entries and subkeys. At this part I cannot see any reg entries that resemble the ones mentioned and there are many entries. I am stumped! Could it be that items 1-3 in the cleanup process were sufficient enough? Please advise me as I am desperate to rid myself of this virus. Thanks Teri
trbon2001 wrote:Hi, I have followed the instructions just as Astinkilgj did down to the item#4 which is deleting registry entries and subkeys. At this part I cannot see any reg entries that resemble the ones mentioned and there are many entries. I am stumped! Could it be that items 1-3 in the cleanup process were sufficient enough? Please advise me as I am desperate to rid myself of this virus. Thanks Teri
How is your computer running?
Hi,
It took me some time to find the files and I only needed to delete 4 files (there are 2 registry entries and 3 registry subkeys in the Norton Security Response document).
The key to finding the files was the information from Vegdin in this forum thread. You need to look for random numbers/letters e.g. 0L6FS9QR, IQJ9X5GB. If there's nothing there like this, then maybe the first three actions were enough.
Do you have the same desktop 'Windows Warning'background as I did? The 4 Norton Security Response actions did not help me get rid of this!
Make sure you have a registry backup before you delete anything!
Hi Floating Red , I still have my computer in safe mode because when I change to normal mode, I can’t even open my norton folders as it gives me error msgs. I can access the internet, albeit it is slow. I am afraid to open any files at this point. I am now almost completely thru the 2nd attempt at the clean up directions but not feeling positive. I downloaded Norton 2008 yesterday, it let me, I ran a scan last night during the cleanup instructions and it said it found 1 issue and cleaned it. Aaargh. Any tips? Thanks so much Teri
trbon2001,
If you have followed the suggestions posted by Floating_Red and are still having issues, try this:
Download, install and update the FREE VERSION of Malwarebytes. Run it in safe mode and see what that comes up with.
Best Wishes,
Phil
Astinkilgj wrote:Hi,
It took me some time to find the files and I only needed to delete 4 files (there are 2 registry entries and 3 registry subkeys in the Norton Security Response document).
The key to finding the files was the information from Vegdin in this forum thread. You need to look for random numbers/letters e.g. 0L6FS9QR, IQJ9X5GB. If there's nothing there like this, then maybe the first three actions were enough.
Do you have the same desktop 'Windows Warning'background as I did? The 4 Norton Security Response actions did not help me get rid of this!
Make sure you have a registry backup before you delete anything!
Did you try my suggestion to get rid of the Desktop Picture...?