Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Yesterday, when I booted up my computer I was greeted by the login screen, which never happens. In addition to my regular user identity, that has no password - there was an additional one called IUSER_ADMIN which was password protected. I logged in under my regular user name and then went into the control panel and removed the other identity. I ran Norton Anti-Virus Professional and it didn’t seem to find anything. I restarted. The identity came back. I couldn’t find much on the internet about this, the one thing I did find suggesting it was a highly dangerous Trojan virus that will hijack all my bank accounts and personal information. Is there anything you guys at Norton know about this? Thanks.
That was the first thing I did. Then I restarted and it came back.
Have your tried to Disable the account ?
I deleted the account. Then it came back. I deleted it again. Then it came back.
I'm thinking whatever it is, it's not nice so I'm going to do a complete re-format and re-start of Windows.
Found on Google that someone has succeeded to delete the account in safe mode using the control userpasswords2 command. In short: Reboot in safe mode, log-in as Administrator, use the run command from start menu and type controluserpasswords2 then remove the account. Source: http://answers.yahoo.com/question/index?qid=20080902164014AAlvQ6X
When something keeps on coming back at startup, is it a good idea to look in MSCONFIG and disable things there? Even use the basic diagnostic startup?
I would suggest Updating your Norton Product and then running a Full System Scan in Safe Mode, if not already done so. Remain dis-connected from the Internet while this Scan is in Progress.
I have the same problem but in addition, my printer was wiped out. I can’t reinstall the driver because the print spool has stopped but all attempts to start it have failed. Norton software has advised me to reboot about 20 times in the last 3 days. Oh yea, my goggle home page has been changed to Japanese (or Chinese?) several times.
You don't say what version of Windows or of Norton you have.
<< I can't reinstall the driver because the print spool has stopped but all attempts to start it have failed. >>
I can't tell you off the top of my head but there are ways of dealing with this that I have read about, probably in the VISTA newsgroups and on Compuserve in the Windows Forums there.
I am pretty sure there is something you can clear in the Registry and then go into Services, find the PrintSpooler entry and make sure it is on Automatic / Started?
Perhaps this will trigger someone's memory.
The Chinese language thing has certainly come up, I think with NIS 2009 Beta.
Windows XP and Norton 360 2.0. I have been to the registry to try to start the print spool (it's still on automatic) but I get the 1053 error message--the service didnt respond timely. I will definately research NIS 2009 Beta--thanks!
<< Windows XP and Norton 360 2.0. >>
You are in the wrong Forum then so I’ll suggest that your message to be moved to the N360 Board in case anything depends on the product you are using.
If they do this they will leave a message here with a link to the new location.
Hi rabidity,
I'm not sure what the current status of your computer is, but if you are still experiencing the problem you need to get copies of the rogue files on your computer and submit them to Symantec Security Response for analysis (https://submit.symantec.com/websubmit/retail.cgi) and then post the tracking number in the reply email back here in this forum. In order to do this you first need to know what they are called and where they are located on your PC. There will most likely be entries for them under the Run key in your computer's registry - are you familiar enough with the Windows registry to find them and submit them?
JohnM
Symantec Security Response
The rogue files *may* include (or resemble) the following:
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
Please note that if you do submit files to https://submit.symantec.com/websubmit/retail.cgi each submission must contain a maximum of 10 files and be less than 10MB is size. Be sure you are using latest antivirus definitions and have run a manual scan before submitting any files, as some or all of them may already be detected and removed. It would also be advisable after downloading latest definitions, to restart your computer in safe mode and run the scan from there.
JohnM
JohnM wrote:The rogue files *may* include (or resemble) the following:
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\noxtcyr.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\roxtctm.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\sotpeca.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
Please note that if you do submit files to https://submit.symantec.com/websubmit/retail.cgi each submission must contain a maximum of 10 files and be less than 10MB is size. Be sure you are using latest antivirus definitions and have run a manual scan before submitting any files, as some or all of them may already be detected and removed. It would also be advisable after downloading latest definitions, to restart your computer in safe mode and run the scan from there.
JohnM
If you are a Home User, can you use this form to Submit a File/Folder to s.S.R.? If so, what do you put in the "Company Name"?
Floating_Red wrote:
If you are a Home User, can you use this form to Submit a File/Folder to s.S.R.? If so, what do you put in the "Company Name"?
Absolutely, please use this form to submit malware. If you are using a company-owned version of the product, put that company name in the field. If not, type your name in the "Company Name" field. Thanks!
Yeah, I don’t know enough about that registry stuff to try and edit it. What I do know how to do is backup my documents and re-format the drive. Which is what I did. I just wanted to know if anyone knew what that was. I installed Norton Anti Virus before doing anything else, and will of course post again if something bad happens. Thanks for all your help.
Is it a virus? It looks like it is...does 360 pick it up? No it doesn't. Will Norton charge you $139 to fix...yes they will....how much did you pay for your Norton product and subsequent virus database updates?
It’s a virus for sure and I am still in shock that they want to charge me to remove what got by the product I bought to prevent all this from happening. No thanks Norton.
1. Delete the account
Try to delete this account when you are logged as Administrator. To do this, log out, and when the Welcome screen appears, press and hold both Alt and Ctrl and hit Del twice. Type Administrator as username and type the administrator password (leave blank if none). Right click on "My Computer", then click "Manage". Go to Local Users and Groups from left, open the "Users" folder, find IUSER_ADMIN - right click & delete. Reboot your computer.
2. Run LiveUpdate to get the latest VirusDefinitions and run Full System Scan.
3. Be sure your firewall is tuned on. If you have Norton Internet Security, use the Privacy Contol feature, if you are concerned about your privacy (bank accounts, personal information)