OK, what can I do about the constant stream of pop-up alerts that I have been getting from Norton Antivirus for the past 2 days. Alert says "An attempt to attack your computer was blocked". They seem to be coming every few minutes.
I ran Malwarebytes yesterday, and removed two malware's, and have been running Norton every night.
Previous alerts have been similar, each citing \Device\harddiskvolume2\WIndows\System32\Svchost.exe.
Coincidence or related? I have also gotten numerous alerts that "Generic Host Process Win32 Services encountered a problem and needed to close", citing apparent issue with svchost.exe.
I've been having the same problem for the last couple of days. Constant notifications. Just prior to it I did get a java pop up which caused my laptop to restart though.
I've noticed today that when I use google I click on results only to be taken to the wrong website too. It keeps redirecting me to adverts.
I've done a full scan and nothing appears to be wrong.
Well, I am about ready to try anything. In the past 3.5 hours, [Support Agent], then [Support Agent], and then [Support Agent] have turned my PC into, I think, essentially, a brick. Their latest solution: just uninstall Norton completely, throwing their hands up.
Now even booting up now is a hit-or-miss proposition. I am successfully booting up about 30% of the time, and this is usually only in safe mode. The last attempt a few minutes ago took 7 tries, alternately giving me a BSOD, hanging at another blue screen, or hanging at a black screen. I am writing this on my netbook.
Now that the Norton help desk has REALLY screwed up my PC worse than ever, they suggest now that I go to Microsoft to see if Microsoft can undo all of the damage that Norton has done in the past 3.5 hours. All this to get a sound product that can scan my PC for problems. Norton, when did the world get so complicated? My Case # is XXXXXXXXX.
<<edit: removed support agents names and case id as per the participation guidelines and terms or service.The edited information is stored internally for our records.>>
You can download a utility from Nirsoft called Bluescreenview. It doesn't need to install, it's executable. It may identify the driver involved in the BSOD's which will allow you to stabilize the machine. It may tell you what driver needs to be replaced. Do you have any system disks or operating system disk?
Scroll down to the bottom of the page for the download.
The rootkit may have infected a crucial Windows file, and deleted it during the removal. They don't seem to recognize potential rootkits. The programs in the links provided by Quads would have been able to cure rather than delete, assuming that was the problem.
Oh yeah, they ran Norton Power Eraser twice. Once around 4:30, and then - on my 3rd Norton technical - again around 6:30 just for good measure. Not sure if that helped - or helped brick my machine. I am on my 11th or 12 try to get my PC up and running again. Still alternatively hanging and giving me a BSOD.
If you are still running the original operating system on your machine, you may be able to order system disks from the manufacturer of your machine. This would allow you to do a repair install.
If you were charged for this service prior to the attempt and failure, arrangements should be made for a refund.
I am sorry that I was not able to provide the links for the other tools in a more timely manner. Working for a living really cuts into forum time.
Thanks one and all. I am going to get on the phone with Microsoft this morning, to see if they can get me up and running. I cannot afford to be down long enough to wait for system disks. I am already in a hole from the 3-4 hours that Norton took last night to totally brick my machine. I am guessing that Microsoft can probably get me running again. If not, then I will try the local Geek Squad guys,
At this point, I have had more problems with my antivirus program than I have ever had in my life - first with ccsvchst.exe consuming way too many resources on my PC - which Norton could not resolve satisfactorily, then with a persistent Trojan.gen virus which Norton has been unable to fix (and which other experts now tell me is undoubtedly a false positive, which Norton has been unable to resolve for me), and now bombarding me with "A recent attacked has been blocked), which Norton could not resolve without bricking my entire computer. Hard not to feel that Norton has simply gone beyond its core competency and is trying to do to much with its software. When did antivirus get so complicated?
Things started getting ugly when the rookit became the popular method of infection. Symantec and others have been forced to get the software so deep into the operating system that other issues can develop. A removal of them requires that the infected file be swapped out with an uninfected version. Atapi.sys is often infected, and if it is deleted, as the NPE is not supposed to do, you lose your boot capability.
Popups, weird music, redirects and intrusion attempts are common signs of a rootkit. To my way of thinking, if any of those signs are present, the NPE should not be used. I suspect that Microsoft might not be able to help, but the Geek Squad should have a disk that can be used to repair the OS. Best of luck with it. Let us know, if you can, how it goes.
Just spoke to Geek Squad. They said, come with repair disks in hand. I was surprised, I was expecting too that this was part of the service they provided.
Trying to pay Microsoft for their support (Norton keeps sending me elsewhere for help - firsto dslreports for malware assistance, and now to Microsoft after bricking my machine), and Microsoft's technical support for past 90 minutes has said this:
"Our system is experiencing difficulty. Our technical team is working on the problem, so please try again later. We apologize for the inconvenience."
This is a mess! I flagged your situation to the moderators last night and I hope one or more of the Norton Staff jump in.
Can you borrow a set of Windows disks of the exact version you have and use those for restoring -- I'd regard that as perfectly licit.
Does your PC have a hidden partition on it which contains the files to make a repair or a reinstallation. If so it might be possible to access it during bootup if you know the code. Tell us the exact make and model of PC if you like. I know the Lenovo, HP/Compaq and Samsung have them and I think Toshiba does too but it depends on the model and how recent it is.
What exact version of Windows do you have on the PC including 32 bit or 64 bit?
Windows XP Home Edition 2002 SP 3, 32 bit, running on a Dell Dimension 5150. I do not know of anyone who has a set of disks I can borrow.
Actually got the machine up and running for about an hour this morning before getting the error, "Generic Host process for WIn 32 Services has encountered a problem. I was about to try backing everything up, system froze, and now I am unable to boot up again in normal mode.
I never find the Dell website very friendly especially when I don't have the PC in front of me or know the ID they ask for so I'm not sure if this applies to your Dimension or not but have a look at the manual you can download, if you do not have it accessible already:
Restoring Your Operating System begins on page 53 and describes the XP System Restore and the Dell PC Restore (by Symantec!)
Note what it says about backing up / saving personal files.
I leave it up to you and to the others more directly helping you to decide whether you should follow this route now or try something else first since they know more about the actual malware and its damage than I do.
Hugh - thanks very much for this. I am very close to being ready to consider this route. Trying to assess right now the quickest way to backup some 115GB of stuff. I have been using the Maxtor / Seagate OneTouchII external hard drive, but this has been balky, and so am trying to quickly assess alternatives for backing up this much volume quickest way possible. Then I will take your suggestion and take a close look at the System Restore. THANKS!
Edit: I need to add a warning on this one. If you go this route, DO NOT be tempted to reinstall your operating system from this disk. Laptops have a great deal of OEM stuff in them, as well as the recovery console. It is apt to mess up a Dell as badly as support. It can only be used to copy missing files. The idea is basically to stabilize your machine sufficiently to allow you to save your data. Once that is done, use the recovery partition to restore to factory condition.
Once you get back up and running, in one way or another, for future reference, I highly recommend Paragon Backup & Recovery free edition. It very thoughtfully provides a recovery boot disc, and takes an image of the entire drive, so it can put everything back exactly as it was before disaster struck. It has saved my machine from various disasters on three occasions so far.
I'm pretty certain the Dell DImewnios 5150 is a desktop not a laptop so you correct warning about special files would not apply.
According to Dell there is a recovery system built in and the manual gives procedures for using XP's System Restore if you can get to it or to run the built-in reovery which can IIRC be run non-destructively or as a complete restore to factory condition.
It's the Symantec recovery program that Dell installs BTW! You access it during bootup with CTRL + F? (8 I think) so hopefully it can be used even if Windows is farkled.
Thanks Hugh. That is helpful. I wasn't sure if the tendency for the machine to drop dead in the middle of something would interfere with a backup operation, which needs to be done before the recovery. I've always had a custom machine, so I haven't had to deal with some of the OEM stuff.