Norton 360 not scanning

Steve_K · June 5, 2013, 1:41pm

Hi, Norton 360 doesn't do a quick scan or full scan on my laptop which has Windows 8. It scans OK on my desktop which has Windows 7, I've had the laptop for about 3 weeks, previous to today (05May13) everything was fine. Any ideas, is anyone else having problems

delphinium · August 25, 2009, 3:00pm

Hi millerjp:

I have asked the Mods to move your post to a thread of its own. We aren't able to find you by name on a solved thread.

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

millerjp · August 25, 2009, 9:11pm

attached is the log created after running sysprot.exe

Message Edited by millerjp on 08-25-2009 02:12 PM

delphinium · August 25, 2009, 9:44pm

millerjp:

You have a kbiwk rootkit infection. I will add you to Quads' list, It requires careful attention to the instructions and tools given. It will take Quads some time to get to you. Please do nothing else with it in the meantime.

millerjp · August 26, 2009, 1:45am

thanks for the help, will wait for further instructions from quad

thanks again

Quads · August 26, 2009, 4:55am

Hi

I have sent you a Personal Message (PM) look for the yellow envelope near the upper right hand corner.

Quads

Quads · August 26, 2009, 8:08am

Hi

Continuation of Stage 1, File removal

Now the registry entries will be greyed out I think, will get them later.

Tick (check) these entries (little square box beside each entry) Only the entries below, not the others

C:\Windows\System32\kbiwkmtupnvepb.dll

C:\Windows\System32\drivers\kbiwkmwqddyxko.sys

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmtqfeqmiqoo.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmqmsmyihvbt.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmbvvmdnucrg.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmmgljhtvbuy.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmquxfrcprbp.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmvtrqxiktpm.tmp

C:\Windows\System32\kbiwkmepeitbju.dll

C:\Windows\System32\kbiwkmbfqwxrmw.dat

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmrqeuwsgbqf.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmoucqbjkvxu.tmp

C:\Windows\Temp\kbiwkmwhkynqconm.tmp

C:\Users\Jeffrey Miller\AppData\Local\Temp\Low\kbiwkmbbftnnpcff.tmp

C:\Windows\System32\kbiwkmxucaycxq.dat

Then click the Clean items button

Follow the prompts to remove them and restart your computer.

After reboot, a dialog box displays the files you selected for removal and the action taken.

Step 2 after

Quads

millerjp · August 26, 2009, 9:18am

ok, all files specified checked and cleaned, and after reboot have been removed successfully.

delphinium · August 26, 2009, 3:19pm

millerjp:

Step 2

Download, install, and update Malwarebytes. Run a full system scan to clean up leftovers and friends.

http://www.malwarebytes.org

Attach the log for Quads to look at, when he becomes available.

Quads · August 26, 2009, 7:35pm

Yes as Delphie states as step 2. is

Step 2. Detect - Delete any buddies

Quads

millerjp · August 27, 2009, 1:21am

ok, ran MBAM and attached is the log it created.

Quads · August 27, 2009, 3:46am

Step 3. Registry

If you have Spybot S&D installed remove it

Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.

1. Download Avenger to your desktop,

Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger/

OR Creators website http://swandog46.geekstogo.com/avenger2/avenger2.html with zipped version to the unzip to desktop

2. Click to run "Avenger.exe" (right click "Run as Administrator" if using Vista)

3. In the "Input script here:" copy and paste the script between the lines

Drivers to disable:

kbiwkmrhxlycen

Drivers to delete:

kbiwkmrhxlycen

Files to delete:

C:\WINDOWS\system32\drivers\kbiwkmwqddyxko.sys

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\kbiwkmrhxlycen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\kbiwkmrhxlycen

Here is a screenshot (script updated since shot)

Make sure the "Automatically disable any rootkits found" is NOT selected

4. Click "Execute"

You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

Quads

millerjp · August 27, 2009, 6:06am

here is the log from avenger that was created.

Quads · August 27, 2009, 6:11am

Hi

Everything should work corectly now.

Quads

millerjp · August 27, 2009, 6:19am

thanks a lot for the help, i greatly appreciate it.

its very discouraging though knowing i have a total protection package and yet i still have to go out and download other things in order to find and delete problems when they occur.

thanks again for all the help.

Quads · August 27, 2009, 6:23am

This Rootkit Group gets around all AV's as far as I have found, even had people with AV's other than Norton get to this forum wanting it removed, whether they have AVG, NOD32, McAfee, Kasperspy, Avast, Avira, ..................................

Even though they have the products own forum

Quads

Steve_K · June 5, 2013, 3:05pm

Tried the autofix and also running live updates but still doesn't scan. McFee trial was on the laptop but I uninstalled it and it doesn't show in the programmes list in the contrlo panel area. I have got something called Rapport, which is something to do with online banking I think. Like I said the not scanning only seems to have started today.

Steve_K · June 5, 2013, 1:41pm

Hi, Norton 360 doesn't do a quick scan or full scan on my laptop which has Windows 8. It scans OK on my desktop which has Windows 7, I've had the laptop for about 3 weeks, previous to today (05May13) everything was fine. Any ideas, is anyone else having problems

Steve_K · June 5, 2013, 6:13pm

Went on to Norton live chat and allowed remote help which uninstalled and then reinstalled Norton. Problem has now been sorted. Help was really good, many thank Norton !!

peterweb · June 6, 2013, 2:54am

Glad to hear you got things sorted out.

Another example of Chat resolving a user's issue.

Norton 360 not scanning

Announcements