My mother could not pull up Norton (the computer would shut down) and now she cannot pull up the internet. I’m posting this from my school, praying that someone could help. The Customer Support line for Norton has not been at all helpful; my mother has been on the phone for well over an hour and a half, and she still cannot get rid of the pop-up. It appears on the toolbar as an X in a red box; it says to order special spyware software in order to get rid of it. I think it’s the fake Windows Spyware virus that was on Yahoo!News yesterday. Any help would be appreciated.
My mother could not pull up Norton (the computer would shut down) and now she cannot pull up the internet. I’m posting this from my school, praying that someone could help. The Customer Support line for Norton has not been at all helpful; my mother has been on the phone for well over an hour and a half, and she still cannot get rid of the pop-up. It appears on the toolbar as an X in a red box; it says to order special spyware software in order to get rid of it. I think it’s the fake Windows Spyware virus that was on Yahoo!News yesterday. Any help would be appreciated.
The build can be found under Help & Support>About.
If the version is 15.x.x.xxx or earlier, you will want to upgrade to version 16, for maximium performance, detection, and removal. The link is here:
http://nct.symantecstore.com/fulfill/0184.077
Have her fill in the information and proceed with the install. If she has any trouble before, during, or after the install, run the Norton Removal Tool:
symantec.com/nrt
After installation, uninstall LiveUpdate via the Add/Remove Programs panel. If you ran the NRT, skip this step.
Then, run LiveUpdate through NIS09. Then, run a full system scan which should eliminate all the malware.
Sounds like your Mom got herself infected. Most likely from using Internet Explorer. Download and install Malware Bytes Anti Malware. She is infetced with a fake system alert. Also be sure your using the latest Norton which is 2009.
http://www.symantec.com/home_homeoffice/support/special/upgrade2007/vista/select_product.jsp?site=nuc
The fake Program is in fact a Trojan Horse, that seems people are downloading from ads on the likes of Google, as people think by the ad that it's a free anti virus program, that's for starters
"Troj/FakeAV-BL" and a couple of other variants, Also known as Power Antivirus2009.
There should be a startup entry for it if Malwarebytes doesn't work.
Quads
Malware Bytes and SuperAntiSpyware should take care of all this. Also like I said it came from IE. Its best not to use IE at all. Use Firefox which blocks theses fake security alerts from starting. What happens is people use IE and surf around then they get a pop up saying " Your Infected. Click Here To Remove". What people don’t realize is that is just an annoying pop up. Its an advertisement. This ad would have been blocked byt Firefox.
Hi,
It's not really IE that causes this, it's the user that accepts to install the program. It can happen on Firefox too since it is not only through ads. I have cleaned several systems where the user was using Firefox and still got infected with these things.
TheSpaceCadet, it sounds like a variant of Trojan.Virantix.C. If it is you will not be able to start or install Norton until it is gone.
jAW
I have also had to clean systems that are able to make entry via Firefox's update feature.
So the update dialog box appears saying there is a new version of Firefox and the user clicks OK. The download commences. Once finished the infection is installed.
The update was an illegitimate update notification.
Quads
You may want to run a full system scan with NIS in Safe Mode.
In the end, my mother had to manually delete all infected files, and she restored the computer. Norton could not be pulled up (along with any other program), and she had renewed the subscription two days ago. So, Norton (the new version) did not help; in regard to the accusation that we “clicked on an advertisement”, we did no such thing. Thanks anyway.
Cadet, no one is accusing you or your mother of anything. We are suggesting the most likely way it could have happened. If you don't understand the possibilities, it will happen again, and again.
I've seen the screens that pop up, and it isn't always an advertisement that is displayed. Sometimes the message is "you have such and such a virus, click here to block this virus immediately." Sometimes the message is very convincing. Enough so that two of my clients, very intelligent people, still ended up clicking on the message. They'll never do that again.
I'm sorry that it happened -- this is one of the nastiest viruses around. Not the most dangerous (the versions I've seen don't steal your id or send on data); but it is nasty in terms of how hard it is to clean up and the just plain meanness of the changes it makes.
Listen to the posters here; there is some good clean-up advice.
But after everything has been cleaned up, here is my advice:
1. Copy all files and data and email you wish to save and software installation passwords and installers and activation keys. Copy them to a stick or a CD or some USB storage device, maybe even make two copies. Make sure that all your settings are written down (for networking, etc).
2. Reinstall your original system or an image of your system prior to the infection.
3. Copy back your data, whatever software you need, and adjust your settings as necessary.
The reason is: this virus is so nasty that you just don't know how deep the damage is, or what has been left behind that is invisible right now but might produce issues in the future.
Cadet
I also never ment to accuse anyone of anything.
I just did my homework on the fact you said about being on Yahoo News and tracked the variants and News stories etc. down. And how it seems to be infecting people.
I have also had PC's to fix that belong to well versed people. Even I have had 1 for the year, (well part of one, it didn't work properly). Wasn't detected even when I found it so submitted it.
But I also have people who turn up saying there PC is running slow. Little wonder when there is sooo many infections, like 2000 plus.
Rogue Security programs work by pretending they are for real but are not. As Mijcar said not the most dangarous.
I'm sorry for any offence taken
Quads