Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

Detailed description:

Product & version number:

I have multiple copies of
Norton 26.3.10886 (build 26.3.10886.979)
None of the machines are the same.

My PCs run WIn 11 Pro

Issue abstract:

I noticed my daily full scans the number of
files scanned constantly diminished.

The problem machine is offline.

I followed direction to build rescue disc in
Security. Both thumb drive and DVD, both
UEFI and not. All fail We couldn’t create
your Rescue Disc.

I have run full scan and reboot scan. No errors
found.

If you have any supporting screenshots,

please add them:

@E_Cale Disconnect your infected device from internet service before attempting to recover it. Please follow the guide linked below to create your recovery media:

Scan and resolve threats using Norton Rescue Disk?

Conversely:

AI Overview

Creating a Norton Bootable Recovery Tool (NBRT) allows you to scan and remove malicious threats that prevent your operating system from booting. You will need a USB flash drive with at least 1 GB of free space, which will be erased during the process. [1, 2, 3, 4]

Method 1: Create via Norton Security Product (Recommended) [1, 2, 3]

If you have Norton installed on a working computer, you can create the disk directly from the application:

1. Open your Norton device security product.
2. Click Security in the left pane, then click Scans.
3. In the Scans window, click the Rescue Disk tab.
4. Click Create in the “Create on USB drive” row.
5. Select your USB drive and click Continue (note: this erases all data on the USB).
6. Click Done once the process completes. [1]

Method 2: Create using ISO file (For non-installed systems) [1]

If you cannot use the app, download the ISO file to create the tool on another computer:

1. Download the Norton Bootable Recovery Tool ISO.
2. Use a tool like Rufus to burn the ISO to your USB drive.
3. Ensure the USB is formatted to FAT32 and set to GPT or MBR based on your system (UEFI or BIOS). [1, 2, 3, 4, 5]

How to Use the Recovery Disk

1. Insert the USB recovery drive into the infected computer.
2. Restart the computer and enter the BIOS/UEFI (usually F2, F12, Del, or Esc) to boot from the USB device.
3. Select your language and agree to the license agreement.
4. Click Start Scan to begin scanning for threats. [1, 2, 3, 4, 5]

Note: For computers with BIOS rather than UEFI, you may need to adjust the settings in the Rescue Disk tab to disable “Use UEFI boot file”

SA

I saw this yesterday and tried it on the broken pc. Thus my response that I was unable to create a thumb drive or DVD from it. However I have other and newer computers that run Win 11 and Norton. Can I create such a DVD or thumb drive from them and use it on the broken PC? Unfortunately the last time I backed up the broken PC was with Win 10 Pro.

You need to create the USB or DVD from an uninfected computer. Then take that to the infected computer.

Someone gave me the answer that I could. So I did. Again, I have a problem machine and one that works. Both have Norton and Win 11 Pro. I made USB thumb drive on good one and ran it on bad one.

It ran completely without finding a problem. (I am really not convinced. I think the culprit is more cleaver.) I sill have not put the bad on on the internet. However I ran Norton on it and tried to create a boot device on it. A DVD would not work, even for booting it, so I tried a thumb drive. The machine is more than 5 yrs old but still supports Win 11 Pro. (MS downloaded it for me, no tricks.) Users guide refers to UEFI/BIOS, so I tried each way. I started from complete power off before I tried each, to make sure the original state was not saved in volatile memory. Each time I got the same answer:

We couldn’t create your Rescue Disc
An unexpected error occurred. Please try again later.

Actually I have tried this several times to ensure I may have not done something right.

On the bad machine I looked at the logs. I had only some days with lots of logs that bothered me. I Feb26, Dec25, and really a lot in Sep25. Recent ones come mostly in pairs, often with same hr:mn:sc timestamp. They are “Intrusion Signatures Disabled” and “Remote access protection disabled”. I get them almost every time I log on. My habit I to start by powering on my PC, start Norton, plug in RJ45, start VPN, do a smart scan, check for updates, then start my day. I am pretty careful of the sites I go to. At end of day I run full scan and allow it to shut off itself. I unplug RJ45.

I think Norton makes a good product, that is why I use it, But MS, Apple, Google, Amazon, are so much bigger had have more programmers. I they cannot keep up with the problems they cause, what makes you thing Norton will find them before I get hit?

The size of my full scans recently have gone down made me suspect a problem. But that I cannot create a Norton Rescue Disc disturbs me more.

What else should I try? I am contemplating running a MS DISM/sfc, but that requires I go on line.

When I said “Actually I have tried this several times to ensure I may have not done something right..” I meant “Actually I have tried this several times to ensure at least once I did everything right.”

Having not asked earlier, beside the “Intrusion Signatures Disabled” and “Remote access protection disabled" loggings in Norton history ( these are generally normal entries happening when a device, sleeps, hibernates, or shuts down then reboots ). What inclination do you have that infection persists having ran a recovery once already on the machine in question without finding anything? Have you booted the bad PC with internet disconnected and downloaded to USB then ran RKill to see if anything in detected and terminated?

SA

I am sure by the level of difficulty I was having, some kind of Intrusion Prevention was active.

As I said before someone told me I could make the Norton Rescue Drive on another PC. I did and finally booted the broken one. The thumb drive I used for the NRD has a write protect switch on it, so when I booted the broken one the PC would not log errors, but it had none to report. Then peterweb sent me the same link as SoulAsylum had given me but this time emphasized the process after running virus protection. Again it found no malicious sw but I turned off the write protect and it saved the logs, which also turned out to be of little help, And this time I connected the internet since peterweb said the virus signatured would come from Norton. But this time I had problems exiting and rebooting. After dire warnings that I may not be able to recover I got it to boot. I saw no internet activity, but I think that was part of the problem in rebooting. When I got it rebooted, I updated Norton and it found it needed to reload stuff. When I rebooted I did a full scan and the number of objects it scanned went up to the old number, the thing that made me suspect I had been infected. Now even what I called the broken PC can create a Norton Rescue Disk. As I suggested before I rebooted the broken computer into an MS Clean Boot (of sorts). Some Norton stuff cannot be turned off. I followed the MS directions “Use the System File Checker tool to repair missing or corrpted system files” which consists of running DISM.exe followed by sfc. DISM found no problems but sfc found some but was able to repair them.

Now I want to find out how I got infected. I am going to write two more issues. First I want to find out a way to same my Norton Log History. Second I want to find a way of copying it as text to put in a spreadsheet. I think there is information in the log to find out where I got infected, and how it progressed. I am pretty sure that the first major battle was to deactivate parts of Norton, especially because I was NOT able to create a Norton Rescue Disk on the broken machine. Also the first thing that was repaired was Norton when returned. I think the sfc logs may tell me what else was attacked. And I think the attack was recent, within a week. at most three weeks.

@E_Cale Please check your other thread for a reply regarding the forensics of determining when you were compromised. Hop that information helps.

SA