I am experiencing the same issue with Norton unable to eliminate this file as others have posted. I am attaching my SysProtect log to speed up matters.
I am experiencing the same issue with Norton unable to eliminate this file as others have posted. I am attaching my SysProtect log to speed up matters.
I am experiencing the same issue with Norton unable to eliminate this file as others have posted. I am attaching my SysProtect log to speed up matters.
Thanks for the log Remmy2112. You have a hjgrui rootkit infection, and Quads is indeed backed up. He will get to you as soon as possible.
Hi
1. Download Combofix to your Desktop, http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Don't use yet.
2. I have Personal Messaged you the script between the lines, look for the yellow envelope at the upper right hand side. Copy the Script.
3. Open Notepad and paste it in to notepad with the first line being killall::
4. Save the script as "CFScript.txt" CFScript.txt is what you see on your desktop after saving.
5. Disable Nortons Auto-Protect and Firewall.
6. Drag and drop CFScript.txt on top of Combofix.exe, like when you drop files into the recycle bin.
7. Combofix will start, When it is scanning don't move the mouse cursor inside the box, can cause freezing.
Combofix will create a log at the finish
Quads
PM sent with the combofix log. While it was able to disinfect the malware, there was some vestige of it left that Norton 360 detected and was able to fix. Going to run further scans to see if it continues to pick it up.
Remmy2112:
Since Norton did not remove it, it is still warning you of it. Try this to resolve that issue. Let us know the results.
THE FIX:
It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also. QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history, GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
"C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly) "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).
Hope this will help to not erase the hole (complete) "Qbackup folder".
BEST REGARDS (SALU2 PARA LA RAZA)
TUFE (aka JC.WILCOX or SABROSO)
I'm using Norton 360 so the paths you describe do not seem to work. If you know them for that program can you post them?
Also, the file detected by the virus scan seems to come from a Combofix backup folder created on the primary drive. Qoobox/quaruntine/C/Windows/System32/Drivers. Inside was a 1kb zip file with the name of the malware detected.
Remmy2112:
Okay, what it has done is removed the files from the Combofix quarantine. Is everything resolved and is N360 scanning normally? Do you show any unresolved threats in the history? Combofix should also, now, be removed from your machine.
Hi
Download, install and run a Full scan with Malwarebytes, that step has been missed as someone else has jumped in before my reply
"While it was able to disinfect the malware, there was some vestige of it left that Norton 360 detected and was able to fix. Going to run further scans to see if it continues to pick it up."
OK, if 360 at the end does have unresoved threads the Qbackup is the same for NIS /NAV and 360
Others don't jump in as I hadn't read the Combofix log yet. Due the possiblity of the log showing other things that may need to be taken or reversed
Quads
Ran full scans with both 360 and Malwarebytes, and neither found any trace of the malware, so it looks like it has been killed.
That's Good,
Quads