How do I run Norton Bootable Recovery Tool for Norton 360 from a USB drive?

Hi all

 

I need to run the norton recovery tool to get rid of a virus I have. The problem is that my netbook doesn't have a cd-rom drive and that I have to run the tool off of a USB instead. I downloaded the ISO file, but I can't figure out how to run it off of my USB. I tried UNetbootin, but it doesn't seem to work.  

Is there a command or preferably a utility that will allow me to boot the recovery tool from a USB stick? And if so, how do I do it?

 

Finally, to the good people at Norton: Given the popularity of netbooks, this is really something you folks should be thinking about. 

 

Thanks,

BU 

 

 

Some type of trojan. It’s preventing Norton from running the virus scan (0 files scanned issue). It’s also preventing me from starting vista in safe mode and running the scan there. So, I can’t tell you exactly what it is, I can only tell you that it is there causing me headaches. 

Ok

 

1. Can't run security programs, even after rename, but can run like Word

2. Can't get Safe Mode 

3. Can you bring up the Task Manager and Regedit?  (regedit via the Run feature)

 

Quads 

The Recovery Tool is supplied as an ISO image file which is not directly bootable from.  You could use something like DAEMON Tools Lite or any other virtual disk program to create a virtual CD drive and then load the ISO file to the virtual CD.  Then copy the the CD files to a USB drive or stick and boot from it.

 

DAEMON Tools Lite is available from here.


 

However, after seeing were Quads is going with his questions you may want to follow his advise first.  You may have a nasty rootkit on your system.

Message Edited by dbrisendine on 10-01-2009 09:29 PM

yes, I can get both taskmanager and registry.

BU

once I mount the image in DT, how do I make sure I copy all of the files to the USB? 

 

 thanks,

 BU

 

Ok, There are Rootkits that can block Safe Mode / Remove Safeboot and block Security programs and causes Norton to stay "files scanned 0"

 

Download Sysprot and GMER

 

SysProt

 

Please run a SysProt log for us, from the link below, so that we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply. Also for Vista Right Click "SysProt.exe" and from the menu choose "Run as Administrator"

 

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt 

 

GMER

 

http://www.gmer.net/

 

Once downloaded right click and " Run as Administrator" from the menu for Vista 

 

 

 If a Full Scan crashes,  When starting GMER next time instead close that warning box so it doesn't do a Full Scan, above the Drives box (right hand side) there are items ticked from "system" to "files'   untick all but "services" and "registry" and scan those 2 areas. 

 

Post the logs back 

 

Quads  

 

here are the logs... as predicted, the full system scan crashed. 

results show rootkit activity.

thanks, BU

Quads is the forum malware expert.  Please do nothing further to your system without his explicit instructions.  If you make any changes to your system now, it may cause problems.

Hi 
 
NOTE:- The script below is for this thread and poster only
 

OK

 

I have personal messaged you the link  look for the yellow envelope near the upper right hand corner, download and unzip , it will all unzip into it's own folder DISABLE any realtime AV /Antispy products

 

Right click and "Run as Administrator" for Vista  the file "avz.exe"

 

the in the file menu choose  "custom script"

 

custom script.jpg

 

 

Then in the box copy and paste this script that is between the lines (include begin....................... end)

 


begin

ShowMessage('Stop! Close all opened programs, click OK to proceed, windows will reboot automatically.');

SearchRootKit(true,true);

SetAVZGuardStatus(true);

SetServiceStart('gasfkyvwdgmpnd', 4);

StopService('gasfkyvwdgmpnd');

DeleteService('gasfkyvwdgmpnd');

SysCleanAddFile('%system32%\drivers\gasfkycfamvjlv.sys');

BC_QrFile('%system32%\drivers\gasfkycfamvjlv.sys');

BC_DeleteFile('%system32%\drivers\gasfkycfamvjlv.sys');

BC_DeleteSvc('gasfkyvwdgmpnd');

BC_LogFile(GetAVZDirectory + 'bclr.log');

BC_Activate;

RebootWindows(true);

end. 


 

The screenshot below shows different gasfky files but same copy and paste procedure applies 

 

script box.jpg 

 

Click the "Run" Button

 

After 

It should in the same folder  

 

1. create a log

2. Quarantine the files

 

Quads 

Thanks Quads! 

 I did everything and I'm now able to run the Norton scan again. 

 I have to wonder though:

  1. How do I know that I'm really 'clean'?

  2. How come Norton didn't pick this up?

  3. How can I prevent this in the future?

 

 thanks so much.

 BU

 

 

OK  

 

That has broken it, Next use Malwarebytes and/or SuperAntispyware Free, download, Install, Update the definitions then run Full Scans. to grab what ever else.

 

Quads 

did that too and found a bunch of stuff again... although I'm disappointed and not impressed that Norton didn't find those. 

thanks again,

BU

Hi

 

Remember no AV product is 100%,  I have had people with the Tidserv group of rootkits asking for help that actually don't have Norton, from Kaspersky to Avast, from McAfee to NOD32 and even GDATA which has the BitDefender and Avast Engine.

 

Once the Rootkit gets in the way it works means all AV's were having problems with them in trying to remove them, some of the Tidserv's once in also download more Malware.

 

The 2010 Norton looks like they are doing a better job at stopping it, I have had less people since asking for help wanting removal,   So when N360v4 is released it will be using the same sort of technology as NIS /NAV 2010 for it's Malware etc. detection.

 

Quads 

Hi all

 

I need to run the norton recovery tool to get rid of a virus I have. The problem is that my netbook doesn't have a cd-rom drive and that I have to run the tool off of a USB instead. I downloaded the ISO file, but I can't figure out how to run it off of my USB. I tried UNetbootin, but it doesn't seem to work.  

Is there a command or preferably a utility that will allow me to boot the recovery tool from a USB stick? And if so, how do I do it?

 

Finally, to the good people at Norton: Given the popularity of netbooks, this is really something you folks should be thinking about. 

 

Thanks,

BU