Recently, the NMap Xmas Scan is being continually blocked by Norton 360 v. 3.5.2.11 (I receive the messages about it all the time). But I have been noticing that my computer is running slowly sometimes (specifically when I watch movies).So I did a HJT scan and found that the diMaster.dll file is missing.
I have tried numerous times to "fix this item" but the problem doesn't go away. Could this be the reason for the slow down? What would be the effect of this file missing? And is this NMap Xmas Scan thing on my computer? How do I delete it?
It might help us more if you could post the whole HiJackThis log using the add attachment right below the post button.
Here is a description of what this Xmas scan is
Nmap is a poplular port scanning program that allows a network to be checked for open ports. It is able to detect open services in a firewall and also the version of the service running on the port such as an Apache web server or Exchange mail server.
The Xmas tree scan turns on the FIN, URG, and PUSH flags, basically an advanced scan that uses different TCP protocol options in an attempt to avoid a firewall or IDS detection of the scan.
The risk from this scan is minimal, from external sources you would often see such scans as they are a part of the "noise" of the internet. Consistent scans from a similar IP source or range may indicate a more targeted fingerprinting of your services, perhaps in preparation for a more dangerous attack.
Thanks for your replies. Sorry I haven't had a chance to post earlier than this. I reinstalled Norton and still have the same problem with my HJT log. Also, when I played vlc media player yesterday, a santa claus icon appeared instead of the usual vlc icon. And I received a notice from norton saying that it was illegally trying to access the internet.
The first thing I would do is get BitTorrent off of your computer. That is a place where you can get all sorts of bad stuff on your computer. The malware that you have on your computer is most likely interfering with the proper install of N360 and the proper scanning also.
C:\WINDOWS\system32\mqtgsvc.exe I think that this file is a trouble maker also, but don't do anything with that yet. I'm not an expert in reading HiJackThis logs, rather I should say interpreting them.
Please run a full scan with the free version of Malwarebytes.
Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.
It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.
Recently, the NMap Xmas Scan is being continually blocked by Norton 360 v. 3.5.2.11 (I receive the messages about it all the time). But I have been noticing that my computer is running slowly sometimes (specifically when I watch movies).So I did a HJT scan and found that the diMaster.dll file is missing.
I have tried numerous times to "fix this item" but the problem doesn't go away. Could this be the reason for the slow down? What would be the effect of this file missing? And is this NMap Xmas Scan thing on my computer? How do I delete it?
C:\WINDOWS\system32\mqtgsvc.exe I think that this file is a trouble maker also, but don't do anything with that yet. I'm not an expert in reading HiJackThis logs, rather I should say interpreting them.
According to the Process Library, this file is an important part of the Windows operating system :-)
However, we need a trained analyst to read your HijackThis log - please do not fiddle around or do anything else with HijackThis.
In the meantime, please follow floplot's suggestion and download, install and run a full scan with Malwarebytes free version. After the scan has finished, attach the log Malwarebytes will generate to your post by using the "Add Attachments" feature underneath the orange "Post" button. Thank you :-)
Message Edited by Yaso_Kuuhl on 12-19-2009 03:34 PM
Sorry about my previous message. Looking back on what you wrote it was clear what you were telling me, but I didn't get for some reason at the time.
It found two registry keys that were suspect. I guess I should select "remove selected" right? How effective is malware at actually removing the keys? should I remove them manually?
C:\WINDOWS\system32\mqtgsvc.exe I think that this file is a trouble maker also, but don't do anything with that yet. I'm not an expert in reading HiJackThis logs, rather I should say interpreting them.
I mentioned this file based on what I saw in this site.
But we do need an expert of HiJackThis logs to really interpret this.
Malwarebytes is usually pretty good in removing things. But it depends also what is causing these files to be there in the first place. If there is something like a rootkit behind this, then malwarebytes can clean up the stuff that is caused by having a rootkit, but it usually doesn't break a rootkit.
How did you re-install N360? From a CD? Your version is not the current on released thus the question. I would recommend -
a) Rerun Malwarebytes' Antimalware and have it fix / delete whatever it finds.
b) There is nothing showwing bad in your HiJackThis log; the error with the N360 file will be fixed in the next steps, so don't worry (HJT couldn't fix it anyway).
c) You need to get the latest version of N360 (v3.5.2.11) on your system and take care of the dll file errror while doing this:
1) Copy your Norton key for safe keeping just in case you need it. You should not need this but it is better to have the key on hand than to need it and not have ready access to the key. You can find a copy of your currently installed key in My Documents\Symantec\Norton 360_Key.txt.
2) Download the Norton Removal Tool from this link. Norton Removal Tool Choose the N360 v3 link and download the BUdump.exe to your desktop and the Norton Removal Tool (NRT) to your desktop. Directions are on the link page.
3) Download the latest version of N360 v3 from this link. Reinstall After Removal Choose the Norton N360 link. On the next page you can download the N360 installation software. Premium is the version with 25GB of online storage; Standard has 2 or 3 GB of online storage.
4) Run the BUdump.exe utility if you have any backups that you have run through N360. If you have not done any backup through N360 then you can skip this part.
5) Disconnect from the Internet until your system needs the connection later in the process.
6) Go to START > N360 > Uninstall and let N360 uninstall itself. It will want to reboot the machine. Let it.
7) During the booting of your system, go to Safe Mode by tapping the F8 key until the Advanced Options menu is shown. Choose the Safe Mode option (no network or command prompt).
8) In Safe Mode, run the NRT tool. When the tool is finished, open Windows Explorer (file explorer) and go to \Windows\ Prefetch and select all the files with a ".pf" extension. Delete these files (do not worry, Windows will recreate these files on the fly as it needs to later) and close Windows Explorer. Then click on the Reboot on the Norton removal Tool to restart your system.
9) Let Windows boot into normal mode now.
10) Install N360 by double clicking the file you downloaded and saved to your desktop in step 3.
11) When the installation asks for your key or says activating your product, reconnect to the internet then (plug your cable in or turn on the wireless card). [Note: The installation may not ask for your key and activate by using the previous key on the system. Your system will still need to connect to the internet at this point so updated definitions can be downloaded.]
12) Run the Live Update process manually until Live Update reports that there are no more updates to download, N360 is fully up to date.
13) Reboot your system now to insure that any components updated during step 12 are loaded properly.
OMG! I was running nRT safe mode when all of a sudden my computer shut down. Now it shuts down 2 secs after loading safe mode. PLEASE help! I need my computer particularly tomorrow.
Thanks for your reply. I can start up from the last known configuration, but nothing shows up on the desktop. Should I try to restore to an earlier point in time? I really appreciate this.
I just realized I am able to log on because I am logged on as the administrator, not my profile (which is why I have no icons). I have no password protection on my profile, but everytime I try to access it, I receive an “access denied” message.
Update: my computer kept shutting down (both administrator and my log in), so I restored to an earlier point in time and fixed the immediate problem. I’m just not sure how to proceed from here. Should I try to remove Norton again? I’m hesitant to do so. Norton was removing stuff from the registry when it suddenly shut down the first time.
I’m sorry my reply has come so late. I didn’t have my laptop with me for 3 weeks. I managed to salvage my computer with system restore to an earlier time. I did what you said and removed norton and reinstalled it. I ran a comprehensive scan and found not so much as a tracking cookie. I no longer have the santa claus icon on VLC media player, but when I run Hijack this, I still get the same error about the missing dll file. I guess it’s nothing to worry about if Norton is indeed operating properly. I just hope it is. I’ve noticed some weird behavior like: Norton will freeze when I try to click on the link on the Back up page for “other files”. I’ve also noticed mozilla taking a very long time to load lately. Do you think that’s normal? Thanks for your help.
You may have a rootkit on your computer which may have affected some windows files or else perhaps Norton's is trying to fix a problem in the wrong way.
You could try running a full scan with the free version of Malwarebytes and see if that picks up anything that may still be on your computer.
Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.
It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.