I think there a virus pretending to be norton NIS

therd3 · December 21, 2011, 2:46am

When My computer sit for a very short time a message pops up on the bottom right and said norton did not find any problems during idle check or something like that and the computer freezes. I have to push the power to restart. I thought it might be norton I.S, But I turned it all off and it still does it. I'm running windows XP.

Any Ideas?

therd3 · December 21, 2011, 2:46am

When My computer sit for a very short time a message pops up on the bottom right and said norton did not find any problems during idle check or something like that and the computer freezes. I have to push the power to restart. I thought it might be norton I.S, But I turned it all off and it still does it. I'm running windows XP.

Any Ideas?

therd3 · December 21, 2011, 9:15am

I have 4 mb of ram. I went to performance and it never went above 50% CPU usage. I turned off Norton by going to advanced and switched all the sliders to off permanently. I down loaded windows internet security and it found 4 viruses that norton could not find! Removed viruses and set norton to silent mode will see what happens.

Its taken 7 times to get the *Word verification by reCAPTCHA" right make it simpler!

Bombastus · December 21, 2011, 2:45pm

What is "windows internet security"? That, if anything, sounds like malware.

lmacri · December 21, 2011, 3:12pm

Hi therd3:

I agree with Bombastus. It sounds like you're now infected with a Fake-AV virus similar to the Win 7 Internet Security 2012 virus described here yesterday in Jeff4R's thread Can't Complete Subscription. There are several variants of these Fake-AV viruses so if you tell us the exact name that appears on the pop-up (or even better, post a screenshot using the instructions here in the post Forum Tip - How to Post Screenshots in the Forum) we should be able to point you to the correct malware removal instructions. In any case, I would advise that you immediately re-enable your NIS protection.

If you think you downloaded legitimate Windows security software digitally signed by Microsoft, please post the name and version number so that we can double-check its validity. If you don't believe that you've been infected by a Fake-AV virus after reading Jeff4R's thread I would still advise that run a full system scan using the free Malwarebytes Anti-Malware (MBAM) scanner. If you accept the 15-day trial period to test the Pro features of MBAM, make sure you disable the real-time protection mode in MBAM, since running more than one security program in real-time protection mode can create conflicts and allow malware to "sneak" past your NIS anti-virus protection.

MBAM RT Protection.jpg

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

therd3 · December 22, 2011, 8:19pm

I load microsoft security essentials only after NIS 2012 started killing my computer. After putting NIS on silent mode it quit. I'm removing it now and installing NIS 2011 ansd see what happens.

Again *Word verification by reCAPTCHA - Try number 4

Atomic_Blast · December 22, 2011, 10:27pm

Hi therd3:

The only realtime security software that you want on your computer right now is NIS.

Please remove MSE.

As Imacri posted above, you can have MBAM on-demand at no cost to you.

I would suggest running a full MBAM scan first, after you update their definitions and

disconnecting from the internet. If prompted to repair/remove anything, please do so.

By default MBAM will save a text log when the scan completes.

When that is done, reconnect and use the NRT found here (first read all the instructions.)

When complete, update to NIS 2012 from this link at no charge. You will need to backup

Identity Safe data (if any) and your NIS Product Key for the reinstall.

Use Live Update to fully update the program, then run a Full System Scan and let it complete.

Kindly report back on your progress and the functionality of your system.

The reCAPTCHA will disappear when you try to post a few more times.

Let us know how you do.

Thanks,

Atomic_Blast :)

lmacri · December 22, 2011, 10:35pm

Hi therd3:

Sorry, I just remembered that new users in the forum are prompted for a CAPTCHA. This will go away when you've made a few more posts (see No_Toolbar's post here titled Getting Tired of CAPTCHA).

There definitely seems to be something wrong with your NIS 2012 installation. IF MBAM reports your system is clean and you'd like to re-install NIS 2012 or downgrade to NIS 2011 I would recommend that you use the Norton Removal Tool and follow the instructions here to make sure you get a clean re-install.

Once NIS is back on your system make sure that you disable the real-time protection mode in Microsoft Security Essentials, since running more than one security program in real-time protection mode can create conflicts and allow malware to "sneak" past your Norton anti-virus protection.

Edit:

Sorry Atomic_Blast. I didn't realize you'd already posted a response. I'm going to have to invest in a Mavis Beacon CD and learn to type a bit faster. :smileyhappy:

----------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

woolph58 · December 23, 2011, 12:22pm

On a related note.

I recently received an email that looked like it was from Norton warning about a powerful new virus called "ThinkPoint" and urging me to follow a link to update my definitions. When I checked the senders email address it was: emsvc@42pxa.net.

I came over to the Norton website looking for someone to report this to, a security page or email address I could forward this to and came up empty. It would be helpful if there were an easier way to report problems like this.

Atomic_Blast · December 23, 2011, 1:58pm

Hi woolph58:

I understand what you mean. I would report this as Spam to your Mail hosting provider and/or ISP.

See if they have a method of reporting it. You can forward the e-mail to them.

Otherwise, you might want to give this a go... I know it's for Phishing...

https://submit.symantec.com/antifraud/phish.cgi

Hope this helps!

Atomic_Blast :)

woolph58 · December 23, 2011, 3:27pm

Thanx,

Normally I wouldn't bother but this was a very believable looking email.

lmacri · December 23, 2011, 4:27pm

Hi therd3:

I just found a thread I was looking for here by Shalie titled Norton IS 2012 - Idle Scan Locks Computer that you may be interested in reading. In Shalie's case the problem was likely caused by orphaned files and registry entries left over from an old Avast AV installation. I went back through your posts and noticed that I never asked if you'd ever had other security software running on this computer prior to installing NIS 2012 - even if it was removed prior to installing NIS - which was an oversight on my part. I've even heard of certain computer models (e.g., Dell laptops) that have factory-installed security software that conflicts with NIS scans.

Let us know if you ever had McAfee, ESET, AVG, Spybot Search & Destroy, etc. on this computer. If we don't wipe old security software off your PC before you perform a clean re-install of NIS 2012 using the instructions posted here you might end up having the same problem with your computer freezing during idle scans.

-------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

therd3 · December 24, 2011, 1:33am

Can't do a screen shot because as soon as it appears its locks up. It is definitely NIS because when I put it in silent mode all is OK.

reCAPTCHA try # 12

Atomic_Blast · December 24, 2011, 2:28am

Hi therd3:

Did you follow the instructions suggested to you by my post #7?

Please let us know. Thanks.

Regards,

Atomic_Blast :)

lmacri · December 24, 2011, 4:45pm

therd3 wrote:

reCAPTCHA try # 12

Hi therd3:

If the CAPTCHA feature is giving you grief, you can try one of two things:

Send a private message to forum administrator Tony Weiss and ask to have the CAPTCHA function removed from your account - see Tony's post here in the thread Word Verification. Further information about private messaging can be found here in the thread New Forum Feature - Receive E-mail Notifications for New Private Messages.
Create a few fake posts in the thread here titled The Offical Test Post (Sandbox) Thread -- Please use this thread for learning and testing purposes. The CAPTCHA disappears after you've made around 10 posts in the forum, and hopefully a few posts in the sandbox will count towards your total.

-------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 9.0.1
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

therd3 · December 25, 2011, 5:19am

"Let us know if you ever had McAfee, ESET, AVG, Spybot Search & Destroy, etc. on this computer".

No I never did use any other.

I've been using Norton for about 7 years. And I had Norton NIS 2012 installed 3 months before the problem. I reinstalled windows XP went from pro to home ver. New install in deleting old. Reinstalled NIS 2012 That's when it started. Only other problem I have is Nero, advrcntr2.dll is not found and lots of other programs seem to want this dll file. I tried to install the other mal ware program you suggested and it crashed. I'm thinking that with having to press the power button so much(because its locked up) that my drive is bad now. Wish I could put NIS in Silent mode for more than a day!

I reinstalled NIS and its still doing it. I will try the total removal tool you suggested.

Thanks all!

*Word verification by reCAPTCHA try #2

*Word verification by reCAPTCHA 122) riescap

wrong?