I am using an un-infected computer to write this msg. I purchased norton internet secuirty afte my computer became infected. When I turn on my computer a program pops up that say my computer is infected and it want me to sing up for the service. It does not allow me to use any of my programs. How can I install norton on my computer?
I was able to do a restore and am currently un-plugged from the internet. I have back up my files that are not on the C drive.
Installing a security product on an already infected machine is often unsuccessful. Follow Nerimash's suggestions to clean the machine first. If the infection will not allow the cleanup to run or complete, visit one of these free malware removal forums for help with it.
I have the boxed version of NIS 2011. No recovery CD. Personally I feel there should be at least a Linux based recovery CD/.iso provided both on-line and in the boxed version. This is provided free of charge by almost every other major AV vendor.
The present Norton Recovery CD is WIN PE based and I suspect we can thank Micro-greed for requiring Symantec to restrict it's distribution.
Comodo IS installers all perform a full scan before allowing the software installion to proceed. This is really something Symantec should incorporate into future NIS versions. Sorry - no more 4 minute installs with this approach.
I have the boxed version of NIS 2011. No recovery CD.
[ ... ]
I don't quite understand this -- The boxed versions of NAV/NAI come on CDs don't they (unless you get the Netbook Version) and that CD is bootable for scanning direct from the disk, although I believe it will update if you have an working internet connection.
The Norton Bootable Recovery Tool is a Rescue tool available for free to existing customers of Norton Antivirus, Norton Internet Security and Norton 360. You can use this tool in emergency situations to restore your computer to normal working order when: Installation of your Norton security product fails because your system is deeply infected by crimeware.
Crimeware is deeply embedded into your computer’s operating system that it takes a special tool to remove it
Comodo IS installers all perform a full scan before allowing the software installion to proceed. This is really something Symantec should incorporate into future NIS versions. Sorry - no more 4 minute installs with this approach.
When an installation fails one of the things that the Norton installer does is to run a scan for viruses. If a threat is found and can be remediated, the installation process is reinitiated.
I was under the impression that the the installation CD was not bootable. So I check my one page of documentation that came in the box for any reference to being bootable. None present. Then I look at the CD label and in very small print is the wording stating that the CD is bootable and can be used for malware clean-up.
That is it. No instructions on use, etc. It did mention to look in IS 2011 Help for further details. I just checked Help and nothing present about the CD being bootable that I could find.
So I would suggest a installation doc. update to clarify that the CD is bootable and how to use it in that mode.
When an installation fails one of the things that the Norton installer does is to run a scan for viruses. If a threat is found and can be remediated, the installation process is reinitiated.
Isn't that doing things **bleep** backwards?
We all know what a borked AV installation can do to an OS. No need to elaborate on that. I did submit a suggestion a while back in the Product Improvement section of this forum that Symantec include a stripped down ver. of Ghost on the installation media. The first thing an installation would do is install Ghost and do an image backup of the OS installation partition. This would insure that if the installation failed or caused serious system problems, the user could restore their system to preinstalltion state.
Any IT pro would always do a image backup before a AV install but the average PC user is clueless to what an image backup is.
This would also give Symantec an edge against it's competition that does not provide this capability. I would also imagine it's tech support costs would be reduced signifigantly in the effort required to repair an end user's system.
Downloading the Norton Bootable Recovery Tool Wizard
If your attempt to install a Norton product fails, you can download the Norton Bootable Recovery Tool Wizard. This easy-to-use wizard helps you create Norton Bootable Recovery Tool on a CD, DVD, or USB key. You can use Norton Bootable Recovery Tool to scan your computer and remove any security threats that prevent successful installation.
It is recommended that you download and install Norton Bootable Recovery Tool Wizard on a computer that does not have any security threats and create Norton Bootable Recovery Tool. If you create Norton Bootable Recovery Tool on an infected computer, there is a chance that the recovery CD, DVD, or USB key might get infected.
Note:
To use Norton Bootable Recovery Tool, you must use the Product Key of the Norton product that you purchased. If you use a trial version of Norton Internet Security, you need to create a Norton Account to receive a Product Key to use Norton Bootable Recovery Tool.
To download the Norton Bootable Recovery Tool Wizard from the Internet
Open your Web browser, and go to the following URL:
If the installation of your Norton product fails, you can use the Norton Bootable Recovery Tool to scan and remove any security threats that prevent successful installation. If your computer is infected and you are not able to start your Windows operating system, you can use Norton Bootable Recovery Tool to remove threats and recover your computer.
Norton Bootable Recovery Tool is available on the product CD that you purchased. You can use the product CD as a recovery media.
Note:
To use Norton Bootable Recovery Tool, you must use the Product Key of the Norton product that you purchased. If you use a trial version of Norton Internet Security, you need to create a Norton Account to receive a Product Key to use Norton Bootable Recovery Tool.
To use the Norton Bootable Recovery Tool
Insert the recovery media and start your computer from the recovery media.
The recovery media can be a Norton Bootable Recovery Tool CD, DVD, USB key, or the product CD.
In the Norton Bootable Recovery Tool window, select your language, and then click OK.
Read the Norton License Agreement, type your Product Key, and then click I Agree.
Click Start Scan.
After the scan is complete, remove the recovery media from the drive or USB port, and restart your computer.
Let's talk about Norton Bootable Recovery Tool CD creation.
If the PC is seriously infected, it is debated whether the product would download, install properly, or even create the CD sucessfully.
About the product itself. I created my NBRT CD using the Norton installer for it about 4 months ago and this was my experience with it.
It installs Gear drivers for your optical drives. Those drivers screwed up the operation of my IDE optical drives. They were also a nightmare to remove.The Gear driver that the NBRT installed was an old version that had a major exploit it it. You can check this out at the Gear website where they strongly recommend you update to their latest driver.
My recommendation is download the .iso version of NBRT and create a bootable CD using your own CD/DVD burner software.
As long as ATAPI.sys is not infected, the person should be able to use his CD/DVD burning software to safely create a bootable CD from NRBT .iso. If ATAPI.sys is infected by a rootkit, I would imagine they would have trouble even booting.
Sometimes a DoD pattern HDD wipe and OS reinstall is the only solution. Or better yet. buy a new HDD for $50 or so and reinstall on that. Cheaper than a repair shop or online malware removal that starts at $99 and comes with no guaranty .........
Source - Wikipediia.org
Removal
Manual removal of a rootkit is often too difficult for a typical computer user,[24] but a number of security-software vendors offer tools to automatically detect and remove rootkits, typically as part of an antivirus suite. As of 2005[update], Microsoft's monthly Malicious Software Removal Tool is able to detect and remove some classes of rootkits.[66][67] Some antivirus scanners can bypass file system APIs, which are vulnerable to manipulation by a rootkit. Instead, they access raw filesystem structures directly, and use this information to validate the results from the system APIs to identify any differences that may be caused by a rootkit.[Notes 2][68][69][70][71]
There are experts[who?] who believe that the only reliable way to remove them is to re-install the operating system from trusted media.[72][73] This is because antivirus and malware removal tools running on an untrusted system may be ineffective against well-written kernel-mode rootkits. Booting an alternate operating system from trusted media can allow an infected system volume to be mounted and potentially safely cleaned and critical data to be copied off—or, alternatively, a forensic examination performed.[23] Lightweight operating systems such as Windows PE, Windows Recovery Console, Windows Recovery Environment, BartPE, or Live Distros can be used for this purpose, allowing the system to be cleaned.
Even if the type and nature of a rootkit is known, manual repair may be impractical, while re-installing the operating system and applications is safer, simpler and quicker.[72]
I selected 24 hours in the dropdown but still no entries.
I have no idea to what you are referring to above? What did you change to 24 hours?
When you add a global block rule to the General rules as I described, the rule is triggered by a connection attempt from one of the the IPs you listed. It will appear in the NIS 2011 firewall log at that time.
If you didn't select Create a Security Log Entry option, then all you see in the firewall log is the Block action. A second entry in the log will be created if the Create a Security Log Entry option was selected.
I selected 24 hours in the dropdown but still no entries.
I have no idea to what you are referring to above? What did you change to 24 hours?
donziehm
Settings->network settings->intrusion prevention->intrusion autoblock->configure->autoblock attacking computers for:(dropdown menu) I set notify on-Create a Security Log Entry (per your original post) but there are no entries in history yet.
Please set this back to the value that it was originally. I think that is 30 mins. You can verify that in Help - I think the default setting is reference there,
Autoblock has absolutely nothing to do with the General IP Block Rule I gave you instructions for. IPS settings apply when an intrusion attack is detected by Norton. Things like a denial of service(DOS) attack and the like.
Having a few IPs doing things to your browser you don't like are not considered an intrusion attack.
FYI - please be careful with changing Norton settings unless specifically instructed too or if you willing to live with the consequences of those actions. If your an IT pro, then go at it. Otherwise, proceed with caution.
Having a few IPs doing things to your browser you don't like are not considered an intrusion attack.
Unless of course, if the IP address is associated with a known dangerous rootkit signature and is located in the Ukraine or Moldova or Russia or Romania. (as these 6 IPs that I entered are)
I installed NIS 2011 on an apparently infected computer as I started getting attack signatures immediately after. The installation was apparently successful. I did 2 things that have apparently stopped the attacks.(though may have not removed the infection) I added the offending IPaddresses to the block rules as suggested above and uninstalled Spybot S&D and WinPatrol as suggested above. The attacks stopped and I have not gotten any hits in history. The signature was HTTP Tidserv Request 2. I would like to check and see if the infection is still there any suggestions? I was also getting web and search redirects (now also stopped). I also wonder if NIS is compatible with Windows Defender? Any help would be appreciated. Thanks LP9
We don't actually know if you are infected. The blocks could just as easily have been protecting you from a malicious script in the web page. Specialized scans at the recommended forums will tell you if you are infected or not. This is just guessing.