Looking at the history, norton tells me it's been removed, not quarantined, removed.
If so, why does the pop up continue?
here are screen shots of the issue.
This is started the issue yesterday at 5pm
"Statistical Submission downloader"
Looking at the history, norton tells me it's been removed, not quarantined, removed.
If so, why does the pop up continue?
here are screen shots of the issue.
This is started the issue yesterday at 5pm
"Statistical Submission downloader"
If you have not done so, clear out your browser cache and history / temporary files. This has been blocked so no damage done but the source may be hiding in the files mentioned above.
Well, that is just not satisfactory then; let's clean that out.
Please download MalwareBytes' AntiMalware from this LINK . Choose the free version as this does not have a real time scanner that will interfere with Norton products. Install the program and update the definitions.
Boot into Safe Mode:
Start your system and tap the F8 key until the Advanced Options Menu appears. Using the arrow keys, select Safe Mode (no networking or command prompt) and press ENTER.
Once Safe Mode is loaded, run a full scan with MBAM. Have the program fix / delete whatever it finds and make a log file. Please post the log file contents back here for review.
Since you are able to restore it or delete it, it may also be sitting in quarantine. You can check your quarantine in the history menu, and delete it.
Hi
the is a legit "vshost.exe" that belongs to Visual Studio
but there is also an Autorun Malware that attempts to create "vshost.exe", So this could be what you have every time the file is created Norton takes again and again and again.........................................
Quads
Thanks to each of you that shared your 2 cents. I followed dbrisendine's instructions and no more pop ups plus the malware software quarantined some trojans. Here's the log.
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3
6/17/2009 6:40:03 AM
mbam-log-2009-06-17 (06-40-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 316766
Time elapsed: 2 hour(s), 2 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Owner\my documents\emerald passport\team-allstars\pageswirl\MasterWebGraphics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I am glad this has worked out for you; in our haste to help you, some basics seem to have been overlooked that I would like to follow up on. What type and version of a Norton product are you using? I was a little worried when we finally saw your screen shot as I did not immediately recognize the version.
Also, I would run Live Update manually until it states that there are no more updates for your Norton product. Then, run a full system scan to see if anything else was hiding "behind the Trojan".
If you need anything else, come back and post anytime.
good idea - As far as I know, it's Norton Antivirus - I bought it on a disc - it's 2009 issue and I plugged into the live symantec site. But, I did have a problem early on with live updates. So, I'll go run the full scan and report back.
Thanks again,
Patricia
Can you check the version please? It is located in the Help&Support menu on the main screen under Version and should be listed as 16.xx.xx.xxx . Thanks; I just wanted to check that you are on the latest updated build.
15.0.0.58
I have 301 days to go on the acct.
Does it say Norton AntiVirus Tech Center Edition on the main screen?
Here's the first page:
2nd page:
Help & Support 1st page
Help & Support 2nd page
Help & Support 3rd page
Hope this helps you - I can't find what you describe.
Patricia
Hi Patwin:
You found what we needed. You have NAV 2008. Are you using anything else for a firewall?
The cd says Nortorn Antivirus 2009 System Builder Edition
Where do I go to get the right edition?
I have the windows XP operationg system firewall
Also, I don't think the full scan got the bug
Folllowing is the history:
I don't know what quicktime is doing - I rarely use it.
I use MWSnap to take these screen shots
Should I click the remove on the tab - does that remove the file???
Patricia
Hi
Looks like by the first lot of screenshots and the last lot. that you have "PSW-Stealer.wow.bhc"
As shown by ...............\system32\vshost.exe and ...................\system32\tempvshost.exe
System32 in this case is it's working directory. the data being blocked etc will be your personal data from being taken.
Do you have in the System 32 folder 2 files, one starting with "yr" and "aepa"
Quads
where do I find the System 32 folder?
Sorry, I've never seen the version numbers on the Systembuilder version before. Always something new.
Go to "My Computer">C drive if that is your operating drive>Windows>system32.
did a search - found the System 32 that says can't access - clicked the link had a lot of stuff in it and there is an
aepa-
file:///C:/WINDOWS/system32/aepa-872d09e4-215d-4d6a-b056-515b9c76f5a8.dll
dated 4-9-2009
I am trying to thik a way around this.
What happens if you click on "My Computer" then the HD drive (C:\)??
Quads