dickevans wrote:elsewhere,
Does 'Norton Virus Removal Assurance' include malware?
You're joking right? 
No but it does include the common cold!!! 
dbrisendine wrote:
dickevans wrote:elsewhere,
Does 'Norton Virus Removal Assurance' include malware?
You're joking right?
No but it does include the common cold!!!
And I was hoping that it would cure everything 
Then I remembered that stupid can't be cured
Finally I want to thanks the forum and Nortons as the one page I seen show a new product by a company called Malwarebytes Anti-malware software which really works.Unliked when I was hacked and had you guys fix it.This goes a step futher by actually removing said malware completely and fixing any problems said malware caused.Where as you guys only listed said malware as suspect and left it on my computer.Now only if you could find some company to fix your norton Framework fault and PC Checkup programs faults as both has shutdown and Norton's only responsed has been to want me to renewed although I still have over 5 months left on my current 360 program.Granted renewing does seem to fix the problem but to have this happen every year is bull.I mean I paid for a year not six months as now this is a second time in two years.
It wasn't the amount of removals I was doing by logging and scripting for the individual PC or at times just the trying to keep up with where I was up to and the hours and hours,
I didn't mind, just took a fair bit of energy drink
It was the fact in this open forum, people would tell the user to install or run everything but the kitchen sink, which could make things worse, harder to remove, or start telling the user to run tools I was using, but yet they didn't know how how to properly use the tools, know what they were looking at or how to script / fix a problem if it occurs.
Other times I would be half way through removal and waiting for the user reply, I would be offline. another user would jump in saying do this do that. GEEZ, made things harder.
So I decided it's not a good idea to do advanced removal on a open forum and I can see why removal forums have protection in place.
I don't (didn't) care about kudos and the Solved I care(d) that the users PC was correctly and completely clean without losing data or damaging the system further.
Quads
No but when you paid the extra 99 dollar fee you expect more than just removal of viruses.But then Nortons isnt that great in fixing their own problems.Such as Nortons framework shutdown error an other norton problems.Their answer is for me to renewed which does fix it but this has happened every year I've had nortons.After 5 months this problem always pops up.Paying for a year and to have this keeps reaccurring 5 months into that year is BS and sorry if that offends you as I mean no disrespect.As tech support for this matter is sorely lacking as their quick fix is to get you to renew which won't happened in about 160 days.
See some of the variants of the well known kits now have Windows not starting up after the use of FixTDSS,NPE, Combofix, TDSSkiller, or AV software etc.
The making of Windows bootable again is enjoyable (take that, Zeroaccess,TDL4, MaxSS, Bamital.Q..........) But it does have me double or triple checking logs and then also doing the same for the fix script, for that system only. To make sure the script is correct and it will do what I ask it to do.
Quads
Tackled a zeroacces variant on a laptop (x86) took a bit of time and 3 restarts and still not all files can be shifted. People love to bag Norton (Symantec) with stating to use even like Avast or AVG etc. but I had a laugh as Zeroaccess on this system selected to infect AVG (Haha, no anti-tamper protection).
list
c:\users\Marewa\AppData\Local\31868fd4\U
c:\users\Marewa\AppData\Local\31868fd4\U\00000001.@
c:\users\Marewa\AppData\Local\31868fd4\U\000000c0.@
c:\users\Marewa\AppData\Local\31868fd4\U\000000cb.@
c:\users\Marewa\AppData\Local\31868fd4\U\000000cf.@
c:\users\Marewa\AppData\Local\31868fd4\U\80000000.@
c:\users\Marewa\AppData\Local\31868fd4\U\800000c0.@
c:\users\Marewa\AppData\Local\31868fd4\U\800000cb.@
c:\users\Marewa\AppData\Local\31868fd4\U\800000cf.@
c:\windows\$NtUninstallKB16813$\206546423
c:\windows\$NtUninstallKB16813$\830902228\@
c:\windows\$NtUninstallKB16813$\830902228\L\xadqgnnk
c:\windows\$NtUninstallKB16813$\830902228\loader.tlb
c:\windows\$NtUninstallKB16813$\830902228\U\@00000001
c:\windows\$NtUninstallKB16813$\830902228\U\@000000c0
c:\windows\$NtUninstallKB16813$\830902228\U\@000000cb
c:\windows\$NtUninstallKB16813$\830902228\U\@000000cf
c:\windows\$NtUninstallKB16813$\830902228\U\@80000000
c:\windows\$NtUninstallKB16813$\830902228\U\@800000c0
c:\windows\$NtUninstallKB16813$\830902228\U\@800000cb
c:\windows\$NtUninstallKB16813$\830902228\U\@800000cf
c:\windows\system32\service
c:\windows\system32\service\05022011_TIS17_SfFniAU.log
c:\windows\system32\service\18072011_TIS17_SfFniAU.log
c:\windows\$NtUninstallKB16813$ Could not delete folder, had to manually powertool force delete
C:\Windows\system32\DRIVERS\avgtdix.sys infected!!
Still to force delete below, but have copied.
C:\Windows\system32\FreeTdi.dll
C:\Windows\system32\tsp.dll
C:\Windows\system32\GTPTSER.dll
C:\Windows\system32\motmodem.dll
Quads
Quads wrote:[...]
It was the fact in this open forum, people would tell the user to install or run everything but the kitchen sink, which could make things worse, harder to remove, or start telling the user to run tools I was using, but yet they didn't know how how to properly use the tools, know what they were looking at or how to script / fix a problem if it occurs.
Other times I would be half way through removal and waiting for the user reply, I would be offline. another user would jump in saying do this do that. GEEZ, made things harder.
So I decided it's not a good idea to do advanced removal on a open forum and I can see why removal forums have protection in place.
[...]
Given that one-on-one remediation has become necessary again, the forum Admins need to look at options here that will allow you to assist these particular thread authors without interference from third-parties. My initial thoughts on this; is thread access controlled by a Forum Security Group? If so, then could a 'Quads' Forum Security Group be created that had the following attributes:
- Forum members (including Gurus): Read only;
- Quads + Moderator-selected thread authors: Read / Write
If so, then Forum Moderators could add users targeted for one-on-on remediation to the 'Quads' Forum Security Group, based solely on an appropriately worded 'Report Inappropriate Content' notification to the Moderators from yourself. Forum Moderators would then add the forum member and apply the 'Quads' Forum Security Group to the thread in question, effectively locking it from third-party interference.
Another reason for this post is that threads like this one hardly reflect a positive forum experience for the user who posted advice with best intentions. Expecting forum members to know the status quo around here by virtue of the fact that you are participating in a thread is hardly an effective way of maintaining thread integrity, as you, yourself, have acknowledged above...
I trust that the forum Moderators/Admins will review this and advise what options are available here.
My primary thought on reading this post is are you/we expecting too much of Quads? He does an amazing job but despite his name there is but one. [As far as I am aware!]
There is only one Quads (I hear people saying thank gawd for that).
Quads
Quads wrote:There is only one Quads (I hear people saying thank gawd for that).
Quads
And there are those who say 'Thank God that there is one!'
How to Remove Trojan.Zeroaccess.B
1. Temporarily Disable System Restore
2. To be able to identify even the most recent variant of Trojan.Zeroaccess.B, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4.Delete the following file:
C:\Windows\System32\ consrv.dll
5.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems .Export from regedit, manually edit to replace consrv.dll with the correct data, then re-import.
6.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\”Windows” = “consrv:ConServerDllInitialization”
Press CTRL + ALT +DEL to access Task Manager and stop the following process:
consrv.dll
Go To Regedit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems .Replace the consrv with good substring ServerDll=winsrv:ConServerDllInitialization with the infected substring ServerDll=consrv:ConServerDllInitialization.
7.Delete Associated Files and Folders:
%Windir%\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} %System%\consrv.dll %Windir%\assembly\tmp\U\80000000.@ %Windir%\assembly\tmp\U\800000cb.@ %Windir%\assembly\tmp\U\800000cf.@
8.Restart The computer computer.Issue is Fixed
I have found where these instructions don't work for 64 bit systems either hahaha it just changes it back after you change the registry. a bit more clever.
Quads