Greetings ... new member here.

About a month ago Comcast sent me a letter stating my cpu was sending spam thru port 25 and they had put a block on it.

They advised me to get Norton which I did a few weeks ago. installed Norton Firewall, Antivirus & confidential.

One week after Norton was active my hotmail account contact list was accessed while I was away and emails sent to everyone. A friend called me to ask me if my G5 had been hacked into. Immediately changed my hotmail password.

I called Norton support the next day and spent 90 minutes on the phone with the 3rd Tech I spoke to.

He showed me a Spyware/cursor windows.exe file in my test user account as the culprit supposedly.

Why didn't Norton's services catch this Spyware prior to the event ?

The only service I had not activated was Deep Insight.

But wait, there's more ....

Being cautious I called all 3 credit bureaus.  Equi_ _ _ had changed my name. I submitted an online dispute and they sent me an email confirmation to my hotmail address that had a highlighted Link to see the results of my dispute.

I clicked on the link which took me to a site of their's to see the resultsThat url began with xxx.ai.equi.. It would not let me access  stating System Unavailable repeatedly. So I called them.

They directly me to another url of their's which also said System Unavailable. The man had no surprise in his voice and verbally told me the results of my dispute though I was not on their website.

In real time I spoke with them while I had my Hotmail account open and opened the email they had sent me.

While viewing my email ...

Dear __________, which was the erroneous name in question.

As the guy told me my name had been corrected ...........

the name on the open hotmail email they had sent immediately changed before my eyes to the correct name.

I did not give them permission to remotely access my computer ... as I did with the Norton Tech.

What's Uppppp !!!

Please help

<<edit:disable the broken link>>

---

CSX wrote:

In real time I spoke with them while I had my Hotmail account open and opened the email they had sent me.

While viewing my email ...the name on the open hotmail email they had sent immediately changed before my eyes to the correct name.

 

I did not give them permission to remotely access my computer ... as I did with the Norton Tech.

What's Uppppp !!!

 

Please help

 

---

Hi CSX,

It seems more likely that you were actually at the credit bureau's site viewing a dynamic webpage, possibly accessed via a link in the email message you describe.

thanks for your reply

however I was not on their website ... only in Hotmail while I was talking with them on my phone. 

It sounds like you were susceptible to identity theft. A phishing email directed you to a Web site that wanted your Hotmail login credentials. Norton Confidential has an anti-phishing feature that is 90% successful at blocking phishing emails, as well as Safari's anti-phishing which is 70% effective. But nothing is perfect, and a phishing email might have gotten through.  

However, that doesn't explain who was sending out spam over port 80 on your Mac. It might be that Comcast was mistaken, and your Mac was not sending out traffic on port 25. You can always use the Norton Firewall applications' "Connection Tracking" feature to monitor which application is using port 25 OUTBOUND on your Mac. The only application that should be doing this is Mail.app when you send an e-mail. If you see another application using port 25, that application is suspicious. If you find an sending out traffic on port 25, you can post the name and path of the application here and we can try to look into it.

The "spyware/cursor windows.exe" file you mention will not run on your Mac G5 so I'm a little confused--is that file on your G5, or some other computer? .exe files are Windows executables and cannot run on a G5-based Mac.  If you have a Windows based computer in your household, that computer needs to have its own copy of Norton 2010 installed on it, as the Norton on your Mac will not protect your Windows based computes.

As I investigate this further, ( though I am a novice ) I found in Norton's connection blocking log,

that  a Remote Login from 202.259.215.133 remote port 62792 User-defined, was attempted and blocked( or was it ?)

This happened at the same moment I was talking with the credit bureau.

 No PC's here ... I'm a Mac user exclusively. Only one computer in the house - my Mac ,OSX 10.4.11.

Safari Firewall enabled and file sharing is turned off. Norton Firewall also enabled.

 I do not have bootcamp or parallels, only Microsoft Office for Mac 2004 which is very rarely opened.

The Norton tech that helped me via Norton-remote-access scrolled thru and showed me a Spyware/cursor windows.exe file in my test user account. There should be a record of that call to Norton tech support on this.

I'm also very familiar with what a phishing email looks like.

I guess the part that bothers me about this whole thing is that for 5 years I've never had a problem with my G5.

Ironically one week after I download Norton firewall, confidential & Anivirus  all this happens. 

Sure doesn't seem like a coincidence.

... and now I'm getting the following Norton Confidential error message:

Vulnerablility Protection is not running.

"The Vulnerablility Protection feature could not be

started because an error occurred. Changes to

settings will not take effect until the error is fixed."

going into Confidential the pad lock remains open even after I close it ... 7 seconds later it opens by itself. 

ahh...  the plot thickens 

Ryan ....  or anybody

Please HELP by suggesting some action steps.

Error messages continues daily even though 'Norton liveupdate' runs daily.

The Norton Activity Log  for Vulenerability Protection has never shown any activity until today:

Today  1 item

HTTP Fake Antivirus Webpage Request         Outgoing            217.149.251.12

---

CSX wrote:

Ryan ....  or anybody

 

Please HELP by suggesting some action steps.

 

Error messages continues daily even though 'Norton liveupdate' runs daily.

 

The Norton Activity Log  for Vulenerability Protection has never shown any activity until today:

 

Today  1 item

HTTP Fake Antivirus Webpage Request         Outgoing            217.149.251.12

 

 

 

 

---

Action Steps:

#1 Relax--You have a Mac!

#2 Relax--You have Norton!

What you are seeing is your software doing it's job. OS X is very good as well as long as you don't subvert it by downloading and expressly installing certain pirated software or codecs from pr0n sites.

You haven't mentioned Hotmail recently, so I take it you have resolved that issue. Hacked or spammed email accounts unfortunately are very common and do not mean that your computer has been compromised.

P.S. Hopefully, Ryan will help you with the error messages, but obviously VP is doing it's job.

The errors are most likely because of a known issue in Vulnerability Protection. After the machine has been running a while, on a PowerPC machine, it fails to load the signatures. The issue can be fixed my restarting your machine, but that's not necessary as it will keep trying in the background and eventually succeeds. As you can see, it's still functional after this error occurs.

This only affects PowerPC machines. We hope to fix it in an update this summer.

Ryan

Anitvirus finds same Trojan Horse as before: Repair Failed after selecting Repair All button.

simultaneously found several ...b3132-2d7f81b5.zip Trojan.Mijapt      Infected        but with no option to Repair or Repair All( they are unhigh-lighted)

Clearly Norton is not doing it's job here. I have a screen shot of it if you like.

Yes, please attach the screenshot.  When you say NAV "finds the same Trojan as before", do you mean this is the same exe that the tech had identified?

The exe file never reappeared and never was logged in Norton's Log. How can that be?

These 2 in my last post, are new Troj's  that are in the same secondary user account,  that the initial dot exe file was found.

The forum is not allowing me to "choose" my desktop /screenshot   picture1.png file

How do I send it to you ?

Thanks

I sent a private message with my email address, you can send the screenshot there.

Was the exe detected by NAV, or just something the tech had you remove manually?  If the latter, then that would explain why it isn't in the log.  Unless you still have a sample, it's hard to know if it was actually a threat.

-- Lee

Quote from my 1st post:  "He showed me a Spyware/cursor windows.exe file in my test user account ... "

The Norton tech had taken remote access of my G5 and I was just watching him scroll thru NAV logs ...

when he brought my attention to the Spyware/cursor windows exe file. I think he quarentined it, but I'm not sure what he did at that point, as his actions were very quick.

I see, I wasn't clear on where the tech had spotted this.

If it was quarantined, you should see it there. I'm not sure why it would no longer be in the log, unless you had uninstalled.

no ... haven't done an uninstall.