[Norton 360 v3] Adware.gen: I can´t eliminate this, norton only take it in quarantine - Help Pls

Dear All,

 

I delete all temp files, disable windows restore and delete and restore the ie configuration, I make a full scan in safe mode and no risk detects, but when work in normal mode Norton (Auto Protect) make a lot of reminders per our about files (2) in quarantine.

 

Could you please give me more information (?) I Looking for know about the folders to erase the temp files and how eliminate the adware.

 

Thanks in advance, regards, Eduardo.

Dearm delphinium,

 

The files in quarantine by Norton Auto Protect are:

 

- c:\documents and settings\egia\datos de programa\messenger\drivers\msgasst84.dll

- c:\documents and settings\configuracion local\archivos temporales de internet\content.ie5\o63em3sk\msgasst84[1].dll

 

Norton reports Adware.gen risk in this files, and only put it in quarantine, but the antivirus make a lot of reminders for this files after this.

 

I install Malwarebytes' Anti-Malware soft, and make a full scan:

 

Addware.SmartAds

Trojan.Agent

Trojan.BHO

Backdoor.Bot

 

This soft put the files infected in quarantine and eliminate this.

 

After this, Norton no makes reminders about related issues.

 

I don´t understand why norton no detects this risk (....)

 

Thanks in advance and sorry for my poor english.

 

Dear All,

 

I delete all temp files, disable windows restore and delete and restore the ie configuration, I make a full scan in safe mode and no risk detects, but when work in normal mode Norton (Auto Protect) make a lot of reminders per our about files (2) in quarantine.

 

Could you please give me more information (?) I Looking for know about the folders to erase the temp files and how eliminate the adware.

 

Thanks in advance, regards, Eduardo.

egia4u:

 

Could you please save the Malwarebytes log in Notepad and post it using the "add attachments" link you will find just below the post button. 

 

Norton quarantines files in case of false positives, so that you can get the data back if necessary.  When you click on more details, an option to remove, or remove from history should be visible.  Removing it from history also removes it from your system.  Malwarebytes does something similar, in that it also quarantines the files.  You have to specifically tell it to remove the files.  Files that are quarantined are isolated from your system so that they can't harm you.

 

Different scanning engines also have different definitions.  That is why it is good to have one antivirus suite and one or two on demand scanners for a cross-check.  New malware comes out all the time for which definitions may not be available.  That is why it is also a good idea to submit suspicious files to Symantec.

 

Have you told Norton to remove the threats in your quarantine?  Is Norton still giving you reminders about these files, or is Norton still finding these files?  Norton might also react to files in another product's quarantine.


Dear delphinium,

Please find attached the file (I have some page errors and I cant attach this).

Malwarebytes’ Anti-Malware 1.41
Versión de la Base de Datos: 3221
Windows 5.1.2600 Service Pack 3

24/11/2009 12:08:23 a.m.
mbam-log-2009-11-24 (00-08-23).txt

Tipo de examen : Examen Completo (C:|)
Objetos examinados: 171384
Tiempo transcurrido: 1 hour(s), 18 minute(s), 49 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 3
Claves del Registro Infectadas: 16
Valores del Registro Infectados: 2
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 8
Ficheros Infectados: 11

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\TypeLib{e3a14032-f6fc-426d-a024-bead613d5db3} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icymzktjikubtghl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{07570d66-a51c-9367-2225-cf51c96c9ec0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{07570d66-a51c-9367-2225-cf51c96c9ec0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{fac5b618-653f-4e64-9504-c26fd75dabf8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{fac5b618-653f-4e64-9504-c26fd75dabf8} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxsys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lepocjzvawqi (Trojan.Agent) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\Aud32 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.1.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\EGIA\Datos de programa\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Documents and Settings\EGIA\Datos de programa\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\MsgUpdate.dll (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Sys\mu.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icymzktjikubtghl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\conf.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\IgfxSys.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\phuninst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\pub.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\EGIA\Datos de programa\Messenger\Drivers\Aud32\msgutil84.dll (Trojan.Agent) -> Delete on reboot.
C:\Archivos de programa\Smart-Ads-Solutions\SmartAds\1.1.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\njdfawjdjnn.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxgqazbe.dll (Trojan.BHO) -> Quarantined and deleted successfully.




Thanks in advance, Regards, Eduardo.

It looks like it could be a nasty one egia4u.  Can you update Malwarebytes again to the latest version, and run another full scan?  Sometimes Malwarebytes says it has removed something when it is unable to do so.  Did you reboot your machine when MBAM called for it?

Dear, I update MBAM and run full scan, no more risks has detected.

I don´t have another reminder from norton about adware.gen.

 

I hope MBAM eliminated the risks.

 

Regards, Eduardo

As long as you have no further problems, and as long as your Norton is working correctly, it sounds like you are good.  Keep MBAM on hand and update it regularly, because it does come in handy.  A lot of malware is witten deliberately to bypass known Antivirus products, including Malwarebytes sometimes. If you have further problems, let us know.

 

Best wishes