Norton support led me to an online Live Chat to resolve an issue. Is this legit ? Seemed strange that the first thing he wanted to do was gain remote access to my computer.
I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.
My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search. His next best solution was hit "stop notifying me".
SPS wrote:
Norton support led me to an online Live Chat to resolve an issue. Is this legit ? Seemed strange that the first thing he wanted to do was gain remote access to my computer.
I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.
My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search. His next best solution was hit "stop notifying me".
Did the agent ask you for your permission before gaining access. Our chat support agents will seek your permission prior to establishing a remote connection. Additionally, you will need to accept some prompts from your computer before the connection is established.
Thanks,
Venkat Jammalamadugu
Norton Forums Moderator
Consumer Products and Solutions
Symantec Corporation
Thanks for your help.
Yes, he asked permission to gain access to my computer. Not a chance I was going to allow it though. I thought it would be prudent to double check with the forum, just in case fake Norton chat lines were known to exist.
I don't think the Trojan.FakeAV is related to my issue, actually. I got two warnings recently, but that was after the Google warnings started. I have seen the FakeAV screen pop up a number of times in the past. It is obviously fake.
I still get a warning that an attack attempt was blocked, every time I do any Google search, A search finds that this has happened to others, but I have not found an explanation to why it is happening. Without understanding if this is a real attack, I am hesitant to simply click on "stop notifying me".
Norton support led me to an online Live Chat to resolve an issue. Is this legit ? Seemed strange that the first thing he wanted to do was gain remote access to my computer.
I am a little more suspicious than usual, because I received warnings of Trojan.FakeAV twice in the last few days.
My initial problem was that I get a warning "a recent attempt to attack your computer was blocked" every time I do a Google search. His next best solution was hit "stop notifying me".
Hi SPS:
It might be best if you tatke a screen print of the intrusion by highlighting one entry, click more details, so that the path is visible, and then paste the screen print into Paint. You will be able to insert it on your next post by using the little green tree in the reply editor.
Hello SPS
Trojan.FakeAv is malware which needs to be removed from your computer. It belongs to a rogue antivirus program which will continuously try to download more malware into your computer and give you more symptoms of being infected. Trojan. FakeAv is definitely a real attack. Malware can cause the problems you are having with Google. You definitely need to get this malware removed from your computer.
FakeAV is gone.
Full system scan found nothing but a tracking cookie. ( and its gone too, now )
See attached screenprint. You can see I tried a few Google searches just after 5:00 today.
I am running Windows XP.
SPS,
Many or at least some readers may be interested to know how you cured or fixed your infection problem.
My guess is that it is not cured. It looks to me as though he has a rookit on his machine trying to get access rather than something trying to get in as this post indicates. The other malware may have been removed for the time being, but the true problem is still there.
Hello
If you look up one of the ip's shown in the screen shot, you will see that it comes from the Russian Federation and will also see items there listing BleepingComputer being involved in cleaning up and also other remediation sites involved. Take a look in Google and put in the ip and you will see what I mean.
I am starting to see the light.
The Google search on the IP address revealed a lot.
I had to Google rookit just to find what it is, and it does not sound good.
Shouldn't Norton AV be able to identify and resolve this type of issue ?
I'll try some of those sites Terminator suggested.
Hello SPS
Good choice. Please let us know how you made out after you have signed up with one of them and you can give us a progress report. Thanks.
OK, I trust that the Norton Live chat reps are legitimate.
But back to my problem that my computer is infected. I have had a few more chats with Norton reps. They even phoned me at work once to offer suggestion. But really, they were pretty useless. The Norton applications could not find the issue. And the Live Chat reps seem to have a hard time reading my description of the problem ( suggesting I download a routine, and when I get there, I find its the same Power Eraser that I had just described had found nothing ) I didn't think too much of their suggestion that I hire one of their experts for $100.
I went to Cybertechhelp.com They are real pros. I think they have my computer all cleaned up now, but they think there still might be something in my computer, so we are running more scans. For forum viewers that are not familiar with them, they have been suggesting I run various routines, which then generate a full log text file, and I post the log on the forum for them to review.
Hello SPS
Thanks for coming back and giving us a progress report from the remediation site that you chose to use. Just stay with them until they say you are all cleaned up and then check to make sure that it stays clean. Please come back again and let us know when it has been completed. Thanks.
An ESET online scan found one more item. I have now been given the all-clear. I highly recommend Cybertechhelp.com
Hello SPS
I'm glad to hear that you are all cleaned up now and that you found that Cybertechhelp.com was very effective in helping you. Have you removed your restore points and created a new one since you are now all cleaned up? In case you have to use System Restore, we wouldn't want you to get reinfected. Could you please mark the post which gave you the solution to your problem so that all will know that your problem has been solved and will be able to find the solution quickly. Thanks in advance.
SPS wrote:An ESET online scan found one more item. I have now been given the all-clear. I highly recommend Cybertechhelp.com
Hello SPS!
From the screenshot you posted , it seems you are running Norton 2009 . Make sure you update to version 2010 and later on this year to version 2011 . These two new versions provide better protection and better detection .
Hello SPS
Since I'm not sure if you are running NIS or NAV, here are the links for both programs. You are entitled to a free upgrade to 2010 if your subscription is still valid.
You can download 2010 NIS from here
http://www.norton.com/nis10
Please remember to run live update after install to make sure all updates are received and then please reboot.
You can download NAV 2010 from this site.
www.norton.com/nav10
Please don't forget to run live update until there are no more updates.
Since your computer should be working fine now, you can just do an install over the top of your current version. Just please make sure to pick the correct product since I gave you links to 2 different products and the keys are not interchangeable. Thanks in advance.
