Help With Manual Virus Removal

I've been using Norton Internet Security for about 2 years now. I've never had any problems with it. It's been great at keeping out threats on my PC up until a few days ago. Somehow a couple of Trojan viruses managed to get through (Trojan.Zlob.P, Trojan.FakeAV!gen.30, both of which are .exe files) onto my PC. I did a full system scan which is what found them. When I went to resolve the issue, the Attention Required said [insertvirusname] requires manual removal. I look under the Action menu and it gives me only 2 options: Get Help, and Rescan. When I click Get Help, it takes me to the Symantec database for removing that specific virus. For Trojan.Zlob.P the 5 step instructions are:

 

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Find and stop the service.
  4. Run a full system scan.
  5. Delete any values added to the registry.

Now this is great and all, except in step 4 it instructs to run a full system scan, which I did. It then says to remove the virus. So using Norton Internet Security 2009, using full system scan I click on the virus name after the scan is complete, and it gives me only two options again: Get Help and Rescan. No options to Repair, or remove the Virus. This is where my questions start.

 

How do I manually remove the infected files/viruses using Norton Internet Security? Does this require other software? The only thing I could think of while being completely enraged, which now I believe may have been a bad idea was to locate the virus through Computer (I use Vista) and deleting it through the recycle bin. Norton no longer detects the 1 virus I did this to, but if I go to History and click on Unresolved Security Risks, the risk that used to say was in my c:\users\appdata\etc. path

is now in the path c:\$Recycle.bin which I have no clue if or how I can access it now. So my second question is, was that a bad idea, and if so, is their a way to cure it?

 

Any help or feedback would be greatly appreciated.

I've been using Norton Internet Security for about 2 years now. I've never had any problems with it. It's been great at keeping out threats on my PC up until a few days ago. Somehow a couple of Trojan viruses managed to get through (Trojan.Zlob.P, Trojan.FakeAV!gen.30, both of which are .exe files) onto my PC. I did a full system scan which is what found them. When I went to resolve the issue, the Attention Required said [insertvirusname] requires manual removal. I look under the Action menu and it gives me only 2 options: Get Help, and Rescan. When I click Get Help, it takes me to the Symantec database for removing that specific virus. For Trojan.Zlob.P the 5 step instructions are:

 

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Find and stop the service.
  4. Run a full system scan.
  5. Delete any values added to the registry.

Now this is great and all, except in step 4 it instructs to run a full system scan, which I did. It then says to remove the virus. So using Norton Internet Security 2009, using full system scan I click on the virus name after the scan is complete, and it gives me only two options again: Get Help and Rescan. No options to Repair, or remove the Virus. This is where my questions start.

 

How do I manually remove the infected files/viruses using Norton Internet Security? Does this require other software? The only thing I could think of while being completely enraged, which now I believe may have been a bad idea was to locate the virus through Computer (I use Vista) and deleting it through the recycle bin. Norton no longer detects the 1 virus I did this to, but if I go to History and click on Unresolved Security Risks, the risk that used to say was in my c:\users\appdata\etc. path

is now in the path c:\$Recycle.bin which I have no clue if or how I can access it now. So my second question is, was that a bad idea, and if so, is their a way to cure it?

 

Any help or feedback would be greatly appreciated.

Eh, forget Malwarebytes and give Norton Power Eraser a try:  http://security.symantec.com/nbrt/npe.asp

 

It's free! :smileywink:

Please tell me how to do Item #3. What service(s) am I supposed to stop??? Where does it tell me which services are bad??

 

 

I couldn't figure out step #3 either. I looked through the whole list of services about 3 times. Without knowing what you're looking for, it makes it impossible to find it. I feel that those step by step instructions for that specific virus removal really need to be re-written. That was one of the things that lead to me almost pulling my own hair out which also lead to me deleting the virus through the recycle bin (Which I now really regret).

 

I've downloaded Malwarebytes and am trying to do a full system scan. But everytime my PC shuts off my monitor, which is every 30 mins of being idle, Malwarebytes gets the famous Microsoft Windows error message and crashes. I may have to try using the Norton Power Eraser.

 

*Edit*- Ok, Malwarebytes crashing has nothing to do with my monitor going into idle. I just sat here for over an hour and it still crashed about 1/4 of the way through the scan. I feel my frustration level rising again.

power eraser did nothing. I have upgraded to Norton 360 V4.X and will try that.

 

Really, I am understanding why Dell tells their customers to "DELETE" Norton from their computers. Norton let the Virus into my computer, cannot eliminate it, and provides poor instructions on how to remove it. Seems I am paying a lot for very little.

 

More importantly, can we trust Malwarebytes??? Ever search I did and every website says to use Malwarebytes. Malwarebytes can fix this, but the big names cannot??

 

Carefull with the download of Malwarebytes. When I try, I get redirected everytime. Verified with non-infected computer.

Please let me know if upgrading to Norton 360 v.4 makes any difference. I've got a copy laying around here somewhere that I bought a few months back. I'm kind of starting to wish I hadn't wasted the $50 on it now though.

Lager77:

 

Installing an upgraded product over top of a serious infection will not allow the product to work properly.  The product has to be installed cleanly, kept updated, along with browser updates, Java updates, and Adobe updates to work properly. 

 

Your antivirus product is not a magic bullet that protects you from all things.


strawman2010 wrote:

power eraser did nothing. I have upgraded to Norton 360 V4.X and will try that.

 

Really, I am understanding why Dell tells their customers to "DELETE" Norton from their computers. Norton let the Virus into my computer, cannot eliminate it, and provides poor instructions on how to remove it. Seems I am paying a lot for very little.

 

More importantly, can we trust Malwarebytes??? Ever search I did and every website says to use Malwarebytes. Malwarebytes can fix this, but the big names cannot??

 

Carefull with the download of Malwarebytes. When I try, I get redirected everytime. Verified with non-infected computer.


Yes you can trust MalwareByte's. They cannot fix everything, just as Norton cannot fix everything (as you have discovered) - unfortunately no Anti-Virus is perfect, although we here believe that Norton is among the best - but even the best aren't perfect. Regardless of your choice of anti-virus, the possibility of being infected is always there. Symantec is continually improving their program, and the next 2011 version appears to be a big improvement over an already excellent product. There are many other good products out there, but as I said, none are perfect. I have not heard of this recommendation by Dell.

 

Could you please download superAnti-Spyware from:

 

www.superantispyware.com

 

The free version. Install, update and do a full scan. It is another supplementary scanner we use around here to remove those few infections that Norton unfortunately cannot.

 

however, you could try a scan in safe mode and see if it makes a difference. To access safe mode, restart your pc and repeatedly press F5 or F8, sorry I forgot which, and choose "safe mode" (without networking) from the list. When in safe, go to run, and type:

 

navw32.exe /L

 

Norton will proceed to do a full scan of your system :-)

 

Matt

Well, it took 4 days to get rid of them, but now my computer appears to be Trojan free. I'd like to thank everyone who responded.  I downloaded  all 3 of the programs suggested in this thread and I found a few things rather interesting. Malwarebytes detected and removed a Trojan virus that Norton didn't read to be on the computer. However, Malwarebytes could not detect the virus Norton said was on the computer that Norton could not remove. Everything else that Malware and Norton could not remove, Superantispyware got rid of. These 3 programs make quite the Trio. The only 1 that didn't do anything which I found surprising was Norton Power Eraser. It didn't detect or remove anything.

My only problem now is all these darn tracking cookies.

 

Delphinium, You said that you need to install an upgraded prouduct cleanly. Not knowing this, I upgraded from NIS 2009 to 2010 while infected. Should it be fine now, or should I uninstall and reinstall in safe mode or something?

 

Thanks again for all the responces.

Hello Lager

Welcome to the Community

re > The only 1 that didn't do anything which I found surprising was Norton Power Eraser. It didn't detect or remove anything.

Please note: Because the Norton Power Eraser uses aggressive methods to detect these threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.

 

re >  your query to delphinium .... Always recommended to only install Upgrades to clean system....

delphinium wrote:

Installing an upgraded product over top of a serious infection will not allow the product to work properly.  The product has to be installed cleanly [...]

I'm sure delphinium will reply to U  :smileywink:


Hi Lager77:

 

Glad to hear eveything is back to normal.  As long as Norton is working properly, getting pulse updates, scanning properly, you should be okay.  Keep a close eye on History>Intrusion prevention for a while, to make sure you don't get any odd "blocks"  that seem to be coming from your own machine.

I'm following the manual removal directions from Symantec, and I'm having the exact same problem. What does "Locate and select the service that was detected" (part 3 of step 3) mean? Which service?

 

Here's a link to the directions:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-053100-2459-99&tabid=3

 

Thanks for the help!

As long as Norton has correctly detected it's to do this entry  (and service name after)

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSWU-[EIGHT RANDOM CHARACTERS]\"DisplayName" = "MSWU-[EIGHT RANDOM CHARACTERS]"


Service details
Display Name: MSWU-[EIGHT RANDOM CHARACTERS] (service name)

Startup Type: Automatic

Image Path: %System%\[EIGHT RANDOM CHARACTERS].exe

 

Examples of the service name

 

MSWU-d6cebc64

MSWU-3e478133
MSWU-f36decbb

 

Quads

I don't quite understand. Where does Norton tell you which entry it has detected?

 

I didn't find any of those service names either. Yikes!

vi_zhao:

 

There are several free malware removal forums that will walk you through the steps necessary to clean your computer.  Bleeping Computer is likely to be very busy and you may have a wait.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

I have Trojan.zlob.p on my computer, started last week.

 

My situation:

My 2008 subscription to Norton 360 is due to expire in about 4 days. I purchased a copy locally of Norton 360 2010 4.0 which I planned to install this week.  I made note of the comment DO NOT INSTALL program in an infected system so I must clean up my system before my subscription expires.

My question is I know I will not get virus updates, but will I still be protected, firewall, scans etc. when my subscription expires?

The reason I ask is because my firewall is being attacked.

 

My virus symptoms are similar to Lager 77:

Norton will detect but will not fix the problem.

I get redirected often when I use the internet or I do not connect.

My firewall is getting attacked (Norton notification) just about every time I go to a WEB site.   

I cannot use SAFE MODE the system gets an error and will not proceed. (Probably from the virus)

 

Will I need SAFE MODE to use the suggested repair sites?

 

Thanks for your help.

Hello CVG

 

Welcome to the Norton Users Discussion Forum

 

If your subscription ends, all protection will stop. You can enter the key from your new N360 into your old 2008 N360 and your subscription will continue. Once your computer is cleaned up, then you can update to the newest N360. We can give you the link for it in the Forum. We can give you the procedure to follow since you are going from 2008 to 2010 version., but first to get your computer cleaned up and also for you to enter that new key about a day before it will expire.

Let me make a correction, I have Norton 2009.

 

I would like yo get started should I start with Malwarebytes Anti-Malware 1.46.

With the symptoms you describe, I don't think  MBAM will  help you.  You will need to get started with one of the malware removal forums.