Rootkits are made deliberately to hide deep, and to evade, or disable a lot of antimalware. If you miss some of it trying to take it out, you still have it. Very nasty malware.
iagrip
Please create a new thread for your Skynet rootkit, I think I have created the script with the correct files and reg entries.
May just double check it when I am awake more.
Quads
6-27-2009 @ 857am Atlanta GA
i woke up this past Monday to find out that the internet on my lap top was not working, I read some post to come to the conclusion that Norton was blocking me access, so i Removed Norton and WALA!!!! back on to the NEt: i reloaded it and then i get the famous 3039-1 error!!! and before i beat my head in, i read all!!!! the post on this error. I was online for about 3 hours with tech support, i allowed remote access to my world, he tryed to remove and install: about 3 times, to no avail. I did all the "fixes" but nothing!! Let me give you some advice before you waste your time ( that you will never get back) I noticed that I had a problem searching the Net: when i would do a Google search: i would be taken to "search-net" and never arrive to my distanation: turns out that there was a Virus and Malware that Norton ( the program i paid to block this crap) didnt catch it. So after beating my brain out and downloading FREE trojan removal programs and restarting and starting my laptop and then noticing that thers is still not a resovle for this problem and the problem has been going on for 8 months (look at the date on the first post of this thread) I decided to Remove Norton and the Malware/trojan from my laptop: so this is what i did
1. Removed Norton from my HP laptop ( i used Norton removal tool from there web-sight)
2. went to MSN One care and scan and removed some trojans ( not all)
3. Went to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and used this forum to remove the Malware
4. Downloaded the free AVG anti/spyware from Cnet.dom and scanned again
5. downloaded CCleaner and did a sweep of my laptop
the results: AVG protection my compture: no more "search-net" taken me to were i dont need to go, no more trojan and no more malware and NO MORE NORTONS! i will be aksing for my 60 buck back, i am not pleased wioth Norton:
please keep in mind that i am not!!! a compture TECH guy: i just read around the forums and tryed what others have done
this may or may not work for you: BUT!!!! i didnt spend any money, i got my compture fix and i learned something
oh- and my compture is MUCH faster
any ? feel free to PM me.
daniel
Atlanta GA
[edit: Please do not post email addresses per the Participation Guidelines and Terms of Service.]
Message Edited by shannons on 06-27-2009 07:18 AM
Danielm298:
It is unfortunate that you had to go through all of your trials. Unfortunately, as Quads has said, malware is specifically written to evade security software and some of them have their own definitions to prevent Norton, MBAM, and SAS from working properly. The files are also ultra hidden, so they may not be found easily. If certain files are not taken out in the removal process, the rootkit might be able to re-establish itself.
Kaspersky also has these types of issues on their forum, and so does McAfee. AVG has a report on their forum which advocates the use of Spybot Search and Destroy to remove malware. Unfortunately, we have already discovered that S & D literally prevents the removal of rootkit files.
Nothing in the world is 100%.
I have also been hit with the “3039,1” error. I have tried the Norton solutions to no avail. Removing using the Norton removal tool and reinstalling etc. The same thing happens every time the computer is booted. The green secure icon is on for about 10 minutes and then the Norton solution window pops up. I haven’t contacted Norton support because the replies on this forum indicate Norton is not able to fix the problem. I am using Vista home premium and Norton NIS2009 in a dual booting system with Windows XP. When I turned on the computer today the .exe file association had been changed to notepad. I was able to get the exe file association restored but still have the same error with Norton. Can anyone help?
dje:
If you want to check for malware, you can run a GMER log for us to check. If it turns out that you do have a malware issue, we will have you separated from this thread so we can deal with it.
Download GMER here. SCAN ONLY and post it using the attachment link below the post button.
I have run the GMER program and attached the LOG file.
Thanks,
dje
That is an incomplete GMER log
Quads
dje,
In this daul boot, is there seperate partitions for the OS and its programs or is there XP / Vista / Common program files? How is you system configured; what files are where?
Message Edited by dbrisendine on 06-29-2009 12:40 AM
If I start a new thread on the Advanced Protection 3039,1 Error it will just be moved here so…
I emailed an employee off the board here but have got no response so I have no choice but to post here.
First know that I am very computer savvy as home users go and I have read hundreds of topics on this issue on dozens of forums over the past week so I’m posting here AFTER full investigations and AFTER doing my homework including using a fine tooth comb on the operating system for any form of badware.
Although some people who are suffering this problem have some form of badware on their comp, I disregard that as a cause of the problem because this is burdening both infected and clean computers.
Besides, if it were badware causing it there would be underground chat about it and I don’t see any of that.
What needs to be done, and in my opinion is the ONLY solution, is to establish something that all of the ones suffering this breakdown have in common.
From what I see of my investigations that is one angle that has not been approached yet in detail.
I suggest we go through some form of the process of elimination.
Firstly in that process, list all of the “cleaners” that you employ and their version numbers such as I use:
CCleaner 2.19.900
RegCleaner 4.3, Build 780
Index.dat Suite {IDFinder} 2.9.0
BCWipe 3.0
HijackThis 1.99.1 (old)
AdAware Anniversary Edition (uninstalled)
The rest of my removal tools I acquired after this error started so I don’t consider them part of the equation.
So do you have and use any of those 5 programs and did you use them shortly before this error started?
Do you have the removal/cleaning log files for those programs?
If so please post the log but don’t post any parts that may identify you or compromise your privacy.
If not, what options did you have selected or deselected at the time of cleaning?
This is step one in trying to find some commonality.
Secondly, prior to the error did you make any manual changes inside of regedit.exe or msconfig.exe?
If so did you make a back up? Post the contents of the back up to see if there are any removal commonalities.
If not then do you remember what you removed or edited?
Did you make any changes in Services (services.msc)?
If so what did you change from manual to automatic to disabled or vice versa?
Sadly enough, Norton Internet Security 2009 does not make an entry into any log file about this program error and this problem does not show up in the Event Viewer (eventvwr.msc /s) which is a major disaster on both ends as far as this problem goes.
Neither Norton or Windows is documenting this.
If some dependency that the Advanced Protection needs is being wiped out, it would not be the first time that software has been the hapless victim of cleaning tools and it most certainly would not be the first time that software was broken by a user making alterations to the system.
Those are the two things that need to be focused on.
Message Edited by jaronuts on 06-29-2009 05:45 AM
dje:
I'm curious. With your dual boot, do you get the problem with both OS's? If so, did they start at the same time?
Jaronuts:
A couple of people have already found that malware was the cause of their particular 3039,1 error. Nobody said that it was the basis for all of the errors. There is no point leaving out all options for a problem with multiple causes. That would be self-defeating in my opinion.
I ran the GMER software again. The attached file also includes the entries from the autostart and registry entries which was all I could find to include. Is that what was needed?
The Vista and XP systems are located on separate drives and do not share files.
I have also discovered that the file association for bat and vbs files had been broken.
Thanks
Hi dje:
I'm not seeing any of the rookit files that have been so common lately. You will have to be looking in Windows settings probably, to find out what is impacting Norton.
That's bad when an infection can provide a quicker fix than system errors.
I don’t remember which file I saw it in but I see that IPSBHO.dll in folder C:\Program Files\Norton Internet Security\Engine\16.5.0.135
…“failed to load.”
IPSBHO.dll is a BHO (Browser Helper Object) and is, or is part of Symantec Intrusion Protection.
Any ideas on why this .dll fails to load?
I am new to this type of feed so no spam please.
I have been fighting this 3039.1 ERROR message problem for over a month and I have just came upon this discussion group. I too have had no luck trying to resolve the problem with the help of Norton Tech Support. I thought they had solved the problem after spending 4 hours on the telephone with them. Unfortunately, the problem was back the next day.
I have noted that when I first boot my computer the SONAR Advanced Protecion is GREEN. As soon as the One Clip Support pop up appears, the SONAR Advanced Protection turns to RED. I need to reboot the computer in order for it to return GREEN. There must be something in the One Clip Support pop up that causes SONAR Advanced Protection to turn to RED. I have run a whole group of various malware and anti-virus software with no change to the problem. I think it must be a problem with the One Clip Support software.
Mack
Baldy,
Actually, it is the other way around. The One Click Support pop up is happening because the SONAR component has been shut down unexpectedly.
As a test on this, can you go the Settings > Computer Settings > Real Time Protection > SONAR Advanced Protection and set that to OFF (move the slider to the OFF position). Click Apply and OK. Then reboot your machine.
Does the error still happen in a short amount of time or does it not happen at all now?
Thanks for the help and patience.
dbrisendine,
I did what you recommended that Baldy do.
Advanced protection was already off due to whatever this glitch is, so I turned it on and then turned it off again both in the main window and in computer/settings and a notice popped up telling me that if I do this I will not be able to get Automatic Live Updates so I selected “Permanatly” then finsihed up and rebooted.
I looked and the Sonar Advanced Protection is back on as well as Automatic Live Updates is also turned back on.
So I waited a bit and then boom, here we go again.
After the failure, Sonar Advanced Protection is off but Automatic Live Updates is still on.
So this didn’t fix anthing on my end but it did reveal to me that my option to turn off Sonar Advanced Protection and Automatic Live Updates is or was being ignored because at reboot they were both back on.
Message Edited by jaronuts on 06-30-2009 03:03 PM
dbrisendine
Thanks for the advice but I just discovered that I do not have the SONAR Advanced Protection option under REALTIME PROTECTION. I just have Auto Protect and Early Start. I don't know why I do not have the SONAR Advanced Protection listed. Do you know how I can get the SONAR Advanced Protection option to show up?
Mack
Baldy,
Are you running Vista 64Bit? What is the version of NIS you have now? This information is available in the Help&Support menu under About. It should be in the format of xx.xx.xx.xxx (16.2.0.7 or 16.5.0.134).