Norton Antivirus Email Error

I have this Email Error Ever since i installed the Norton AV 2010 17.7.0.12, I use Windows XP SP2,

as Suggested in other threads i used Malwarebytes ( log attached ) but still no use , i used Norton Power Eraser but of no use,

 

The Email Errors are of Different types every time For Example

 

 552 Exceeded storage allocation

or

571 Virus detected - psmtp

 

or

552-5.7.0 our system has detected an illegal attachment on your message,

 

and my internet speed has slowered, and costantly in use,

I have this Email Error Ever since i installed the Norton AV 2010 17.7.0.12, I use Windows XP SP2,

as Suggested in other threads i used Malwarebytes ( log attached ) but still no use , i used Norton Power Eraser but of no use,

 

The Email Errors are of Different types every time For Example

 

 552 Exceeded storage allocation

or

571 Virus detected - psmtp

 

or

552-5.7.0 our system has detected an illegal attachment on your message,

 

and my internet speed has slowered, and costantly in use,

Hi evilengineer,

 

Norton sits between your email client and your ISP, so any error message will be displayed in a Norton popup, even if the message originates from your ISP, which yours appear to do.  To determine if Norton is causing the issues being reported turn off incoming and outgoing email scanning in Norton and see if the problem continues or is resolved.  Problems can sometimes occur if you use anything other than ports 25 and 110 for sending and receiving email.  If you are required to use ports other than these you should leave Norton email scanning disabled. 

 

EDIT:  floplot is correct.  Your mail may be being blocked by your ISP because of malware associated with the rootkit that was detected on your system.  You need to fix the rootkit.

Hello SendOfJive

 

I think his email problems are originating from the malware on his computer. His ISP may be rejecting them because of the malware which I believe are rootkits since mbam is showing windows system files being involved. I think once his malware problem is cleared up, his email will work again.

Malwarebytes may not have detected all of the objects (files, registry etc) to do with this Malware combo or not be able to remove some of what it has found either.  

 

Between Zbot and TDSS,  But NO Windows system files are involved although MBAM is not to detect critical system files that are patched or modified.  Could be one that hooks "beep.sys"

 

For instance "AtapiDrv.sys" is NOT "atapi.sys"

 

A least I can laugh, saying to myself  "one reason why people should go to specialist forums and people for removal as logs and file names can be read correctly" on what is a Windows system file and what is not. 

 

 

Quads

evilengineer - Once these good folks help you get your PC cleaned up, you might want to upgrade to XP sp3.  Sp2 is outdated and sp3 may have fixed some security holes and added some extra protection for your PC.

A report on a variant of this with the Email use plus downloads more files (or attempts to)

 

http://www.threatexpert.com/report.aspx?md5=7b61b18a4cc5bc795258e1a81a0a7ee9

 

Quads

Can a rootkit survive OS re-installation, because after i posted this thread , and Norton Power Eraser, and restarted the system, my LAN was not there, I tried to re -installed but no use,

 

so therefore if rootkits survive the installation i will register myself to bleeping computers

 

Thankyou.

"and Norton Power Eraser, and restarted the system, my LAN was not there, I tried to re -installed but no use"

 

You used Norton Power Eraser?? and it found objects, then restarted the PC to remove the selected items??

 

Quads

I have also found another variantion with these entries detected by Malwarebytes

 

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. 

 

But Malwarebytes can cannot remove them, as its another file that has to be looked for.

 

Quads

IF the same variant  where Malwarebytes detects but cannot remove these two files

 

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot. 

 

The two probable infected / or corrupted legit files to look for are:

 

C:\Windows\System32\Drivers\ndis.sys

C:\Windows\System32\Drivers\tcpip.sys

 

If Norton Power Eraser has detected the change and the user has had Norton Power Eraser remove these files on restart (similar to TDL3), that would be the reason why there is NO Internet now.

 

The files are required by Windows.

 

Even after replacing the files with a clean backup version people may have to do a Winsock reset.

 

Quads