No, that didn’t fix anything over here but it is still good to have that Microsoft Video ActiveX Control turned off.
Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.
There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.
This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files.
Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under "Fix It For Me" in the Knowledge Base article for advisory number 972890 on the Microsoft support site.
I searched the tops news outlets for any word of this and it rendered nothing.
I wonder why they don't want computer users to know about this when they get up, turn on the comp and go to check the news?
24 hours is plenty enough time for this critical information to have spread.
I ran these software programs and they found nothing.
Baldy
Baldy,
The temporary fix:
http://support.microsoft.com/kb/972890
isn't designed to find anything.
Until a permanent fix is in, the one on the left, "enable workaround" turns off the Microsoft Video ActiveX Control that this bug is manipulating.
The one on the right, "disable workaround" turns it back on.
Message Edited by jaronuts on 07-07-2009 01:19 PM
Best regards to all.
The purpose of the post was to alert all to the flaw in the Microsoft software and its relation to Symantec.
Baldy.
I can confirm that this problem isn't restricted to NIS 2009. I am trying out the NIS 2010 Beta, and am getting the same error.
I am working with the Symantec Beta support team, but would appreciate any help if someone wants to chime in. Just maybe we might get to the bottom of this bug (here's hoping).
I so far have tried the following to resolve the issue (copied from my email to tech support):
1) The "Fix Now" button in Norton, it returns the error "Not Fixed"
2) Uninstalling Norton, running the "Norton Remove Tool", cleaning the registry, and reinstalling. Error still happens.
3) Checked the Symantec Forum, found this long and involved thread on the issue, and tried the MDAC fix described here: <link to this thread> 
4) Also on the same forum it was repeatedly mentioned to check for Root Kits, so I tried several root kit tools including Root Kit Revealer and GMER, and couldn't find anything of interest.
5) I uninstalled Norton, and tried several other Anti-malware programs to see if something else was up. I used SuperAntiSpyware, Prevx, Avast, AVG, Spybot, Avira, Threatfire, Webroot, and COMODO. None of them found anything more than a few tracking cookies.
6) I used MSCONFIG to put the system into "Diagnostic Startup", which disabled all Services and Startup items. I then checked only the "Norton Internet Security" service to run in addition to the mandatory 3 DCOM and RPC services. Restarted the computer, and verified virtually nothing was running by using Hijack This. After less that 5 minutes the error occurred in this setup. I captured that Hijack This log and attached it, it is called "Diagnostic Startup hijackthis.log".
7) Thinking that maybe the issue was with the Idle Tasks (since the time from boot to failure is so close to 10 minutes every time), I tried extending the Idle Timeout to 20 minutes, and kept wiggling the mouse while watching the Norton Tasks page, to keep the Idle task from running. But at almost exactly 10 minutes on the CPU performance chart at the top of the Tasks page, the error occurred. So it is not the Idle issue.
8) Last thing I tried was to disable SONAR and set it to ignore the fact that it was disabled. Since this is the component that is killed when the error occurred, I thought it might help. Well it didn't, even with SONAR disabled permanently, 10 minutes after boot the error still happens.
Latest thing I was asked to try by tech support was to uninstall, clean with Norton Removal Tool, an then reinstall NIS while in safe mode. That was as fruitless that the previous 8 things I tried.
I am willing to give someone more experienced than me my GMER results for analysis, just ask.
I'm wondering if this is typical of a Error "3039,1" which I now have ,this started on Monday when everything had been working fine.
Google listings redirect me , not all but most. The page I'm redirected to is always very similar a kind of generic page of lists.
Both my D & E drives are not responding , my burning program says it cannot detect a driver.
Thanks
Rebjen,
It sounds like you have Malware of some kind running amok on your system. That is the most common problem in this thread. One of the post here talks about how to find a rootkit if you have one, but warning that it the tools for dealing with rootkits require expert skill or help to not damage your computer in the process.
Has anyone had this unresolvable 3039,1 error to happen within the designated time limit (NIS 2009 is 60 days) that would let them be able to get a refund?
I purchased mine on 04/06/09 and my first post on this matter here was on 06-29-2009 which was a day or two after this software malfunction appeared.
So technically this throws me out of getting a refund.
I would like to see a Symantec employee post here saying whether or not that those with the unresolvable 3039,1 error would be given an extra consideration on obtaining a refund even though it may be past the time limit.
I think a refund should be made available because this error matter may have preexisted their purchase such as this thread has been going on since October of last year.
I think it is a shame that so much time can pass while this is blamed on malware and rootkits when the ones who have this error are running clean computers.
Why pay for this when the user, upon having identified a problem, is directed to other brand names of software to look for solutions and solve the problem? Isn’t that is bait and switch. Especially when they are directed to try to resolve the problem using FREEWARE.
Since Symantec/Norton claim to be proficient at detecting malware and rootkits don’t you think they would have resolved this since October by detecting and fixing it?
Whatever is going on is secret in some form or another because there has been no fix or solution for this in the past 10 months but look at what a variety of things this 3039,1 error has been blamed on.
Why the secrecy?
Why no solution?
Why are paid users directed to freeware to identify and fix Symantec/Norton’s problems?
Update on my situation. I uninstalled NIS 2010 beta and installed the NIS 2009 trial. So far the trial has not thrown the error, but it has only been a bit over an hour (though NIS 2010 never lasted 10 minutes without it on any attempt).
I have been following this forum since last Friday when this error popped up on my PC. After having passed through some frustrating moments over the weekend I decided yesterday to call NORTONLIVE to solve the problem for me. At first I was a bit wary after seeing certain comments on this forum. But my attitude quickly changed after starting a pleasant chat with one of the Norton's Reps, a Mr Saljath K, who tried to fix the error. Being unsuccessful he passed me on to two of his technicians, firstly a Mr Santhosh and then Mr Ranjith Kumar.
It took Mr Ranjith more than 3 hours of repair work before my PC was totally disinfected and the Error was finally eliminated much to my satisfaction. Up to this time my Norton Internet Security has been working properly since. Seeing the full repair process on my PC it surely was a hard job to find several infections which we deeply ingrained in my PC system.
I take this opportunity to firstly
a) recommend to all users of this forum to, if they are entitled to, contact NORTONLIVE to have their PCs repaired. I am pretty sure that they will come out fully satisfied, and secondly
b) publicly thank the staff at NORTONLIVE, especially Saljath K, Santhosh, and Ranjith Kumar for the professional assistance they proferred to fix my problem.
peugeot307,
If you say you have been keeping up with this then you would know that your success didn’t work for many others.
You post seems only to praise NortonLive and nothing else.
You want to help? OK, here’s what you do:
“3 hours of repair work before my PC was totally disinfected”
Disinfected of what? Do tell.
“Seeing the full repair process on my PC it surely was a hard job to find several infections which we deeply ingrained in my PC system.”
Infected with what? All computer infections have identifying titles given them by a variety of security sources.
What were the location of the infection or infected files?
“Seeing the full repair process on my PC”
What repairs are you talking about?
Norton Internet Security repairs?
Windows repairs?
Are you or the Norton tech blaming this in Windows?
Are you or the Norton tech blaming it on some other piece of software?
Are you or the Norton tech blaming the user?
Did the tech even tell you what they did or what they fixed or what infection was gotton rid of or what repairs were done?
Do you even have a log or report of these things?
Are you saying that you paid NortonLive $69.99 and sat there for more that 3 hours and do not know or was not told what was wrong or what was fixed in order to resolve this 3039,1 error?
If you can’t or are not willing to answer these questions then why would I go to NortonLive and pay $69.99 when I already have paid a total of $65.56 for this software that gets rid of infections and still has over 200 days of subscription left when in fact NIS 2009 is not worth $135.55, especially when there is competing software that is equal to it or better and functions normally.
So please be specific in what was the infection, the name of it, its location, what repairs were made, maybe even post us a log.
Thank You.
Update:
I don't mean to count chickens too soon after they hatch so I won't take this for granted since according to reports of others around here dealing with this the Norton systray icon could redline at any time even though it has been a few hours.
I uninstalled NIS 2009 3 days ago and since have used cleaning tools, got rid of Norton's leftovers, clean up files, disk cleanup, scan disk, defragment.
I reinstalled NIS several hours ago.
The 3 days was filled in by Windows Defender and Windows Firewall.
So I waited around while I did the Run LiveUpdate several times and rebooted until the updates were exhausted..
Then I surfed the news headlines and some tech forums I haunt for about an hour and I'm still green.
So on recommendation I got a copy of and let it run. I really don't want to state the name of this piece of software because there are several websites that employ the same spelling and claim you can get it there but that is deception. What you get is a rootkit and the blue screen of death.
The legitimate version can be obtained at bleepingcomputer.com which is a long standing and trusted tech website. Plus this is not a tool to be taken lightly and should only be used on the advice of an experienced malware removal tech person. If you do this you gotta do your homework and read the "A guide and tutorial on using..."
That took a while and rebooted once then finally it created a log and closed its program.
About 30 seconds into reading the log, suddenly NIS popped up in the systray with a notice that a high risk threat had been removed.
Specifically: Suspicious.MH690.A
Risk Category: Heuristic Virus.
I selected to send a copy of it to Symantec so I guess it did.
In the log of the other program that I was reading it had listed that it had quarantined several items. I can't say what because I can't tell what was quarantined or deleted since I don't know exactly how to interpret the log.
So I think that whatever was deleted or quarantined by the program was being used by Suspicious.MH690.A to hide from NIS 2009.
Once deleted or quarantined, NIS pops up within 30 seconds saying that it removed the threat of Suspicious.MH690.A
So, food for thought.
Still green several hours later and doing more scans for any subsequent stuff.
What I really want to know is where I picked up this evil.
What I find strange is this:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-020600-4945-99&tabid=2
"If one or more files on your computer have been classified as having a Suspicious.MH690.A threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics. Therefore, it is recommended that users manually check all files detected as Suspicious.MH690.A by Symantec antivirus products for potential misidentification, and submit any suspect files to Symantec Security Response for further analysis."
I find this impossible:
"Therefore, it is recommended that users manually check all files detected as Suspicious.MH690.A by Symantec antivirus products for potential misidentification,"
since the NIS 2009 user interface does not identify this Suspicious.MH690.A with any file or folder.
More food for thought since the mystery just gets deeper.
Message Edited by jaronuts on 07-14-2009 09:52 PM
Message Edited by jaronuts on 07-14-2009 10:00 PM
Message Edited by jaronuts on 07-14-2009 10:10 PM
Message Edited by jaronuts on 07-14-2009 10:18 PM
Message Edited by jaronuts on 07-14-2009 10:39 PM
jaronuts
What is important for me is that after the intervention of NORTONLIVE NIS was working correctly and I know that protection has finally been restored. May I point out also that when opening Windows Explorer the DVD-RAM (D) was showing as CD ROM (D) and CD ROM (E) and that also has been restored.
In my opinion the evil which accessed my PC both affected Windows and NIS. To this effect I am attaching a log created by Malwarebytes which was run before I contacted NORTONLIVE but still this did not resolve the issue. That was the reason why I contacted NORTONLIVE as I was pretty sure that some ROOTKIT still resided in the system.
Finally I want to state that, contrary to what you said, I did not write the previous thread just to praise NORTONLIVE but in appreciation of the professional way they did to restore my PC to a healthy system.
I now have this 3039, 1 problem. When I start the computer everything is fine. After about 10 minutes or so a support window pops up automatically. Advanced protection is of and the NIS window says I am at risk with a red X mark. Nothing seems to fix it. I read through pages and pages of posts on this thread. Other than installing other antispyware software is there is a solution from Symantec? I am posting this from my laptop. It is my desktop that has this problem. When I try typing a symantec URL on my desktop, the browser directs me away and gives me all kinds of garbage sites. What is going on?
sgopalan,
Sounds like you have a browser hijacker.
Norton sofware should catch something as simple as that.
If not then something is really wrong with NIS.
Double click on the Norton icon down by the clock and then in the window that opens click Scan Now and then click Run Full System Scan.
jaronuts wrote:
sgopalan,
Sounds like you have a browser hijacker.
Norton sofware should catch something as simple as that.
If not then something is really wrong with NIS.
Double click on the Norton icon down by the clock and then in the window that opens click Scan Now and then click Run Full System Scan.
If the hijacker was there first, it could have immunized itself from detection and would account for all the trouble sgo has been having.
Also, some malware that is new enough to beat the signatures can embed itself pretty deeply, sometimes deep enough to keep itself from being discovered.
I'll be interested to follow what happens.
Sgo, you may as well plan for providing a full analysis of your computer and providing some investigative logs. I know you will need a log from hijack this and a scan by malwarebytes. If you are interested in prepping for this, you may as well look around some of the other threads and see how we deal with these kind of deep (perhaps root-level) infections.
mijcar,
My advice is or was step #1. Always start there.
i’ve had NIS 2009 installed since the beginning of the year. the problem showed up only last week. obviously NIS 2009 failed to catch the hijacker. i’ve done the full scan a few times now and NIS 2009 doesn’t detect anything. i’ll have to try mijcar’s suggestions now. if we have to go to this trouble, what is the point of buying and installing NIS 2009 in the first place?