Hello all,

So I was dawlding on a certain website I admit I should not have been on thanks to the suggestion of a gentleman I work with. Over the course of the week I frequented this nasty, infested website I noticed something called 'Norton Notifier' next to my Norton Internet Security 2008 logo near my clock. After highlighting it, the notifier said I have two messages; 1)I was late doing a system scan and 2) An update for NIS 2008 is available.

At first I thought it was spyware (should have trusted my instinct), but it looked pretty legit. I clicked the link to update which brought me to a page that, in internet explorer, even had the lock on the top right meaning it was secure, and looked exactly like the page I had seen on the Symantec website many times before. The page offered me the system tools for my pc to run faster and better and some of the other programs symantec offers, but I chose to go ahead and download the free 2008-2009 update. After clicking it even brought up a menu bar telling me the download progress blah blah blah. While this was running I looked up and noticed that, thought it said symantec on the website address at the top of the screen, before that it did say 'webdll.symantec(and so on)'. oops.

The installer completed and I immediately noticed my Norton logo had vanished from the bottom tray. I searched my computer for any traces of my beloved NIS to no avail. Then I had a notifier balloon saying something about relevant security issues, clicked it to see that this blasted thingy had also turned off my malware protection and my Windows firewall (unless it was still off from Norton or Webroot covering them instead?).

After a restart I still did not have Norton on my system, so frightened I reinstalled Windows, hoping to remove any traces of the virus. Had to reinstall a few times due to technical issues (blue screen one time while installing Windows) but finally I have my Vista 32 bit resinstalled and 9/10 drivers up to date, etc.

Tried running a full system scan and encountered this message 3 times: "Internal Program Error 0x800706BE" at about the same exact spot during the Full Sytem Scan (about 180,000 files in).

So before even troubleshooting I have a few questions, which brings me to the forum =)

1)When I downloaded this 'thing' that removed my Norton and left me exposed to other 'things', could my Norton Acct have been hijacked? My concern is all my passords and log ons stored in identity safe have been compromised! If this is the case, should I use the same product key, etc for my Norton Acct? or purchase new?

2)I always ran Webroot WITH Norton, hoping they would superhero team and and watch each others backs whilst fighting intruders. Should I continue to do so, or just run one or the other?

3)Could this or any issue I may have be associated with the 'thing' I had prior to reinstalling windows, or does reinstalling windows remove any and all viruses from the PC (as I have been told it does from less than reputable sources)? In other words, do the viruses survive a factory reinstall of the vista operating system???  I read another thread where the guy had the same number message I recieved during the virus scan and one of the replies he recieved was someone telling him to download malware bytes. Again; do I still have the virus/ spyware from prior to the factory reinstall?

4)If this 'thing' has my ip address/ has accessed my computer once before, is it possible it is doing so again? My concern is, since I have reinstalled the same version and product key of Norton that it may target me knowing that the (hijacked?) version is here on my pc? I'm so paranoid...

Thanks for reading this mouthful, and for any help/ suggestions you can offer!

-Anthony

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan, as well as any other antimalware program you may have installed on your PC.

Once it is downloaded to your desktop, right click on the SysProt icon, go to properties, and click unblock and apply.

Choose log, check all the boxes except show hidden objects only and then scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Once we check the log we will be able to advise what further actions may be needed.

Ok here's the log. Think I did it correctly. FYI after it ran I got a brief message regarding Symantec service ... think it said framework?... was down. Unsure what that message meant, but my computer froze after trying to open internet explorer.

Anyhw here's the log thingy and thanks =)

BettaFisher:

Your log is incomplete.  Did you right  click and run as Administrator?

Hi Betta,

I for one am curious about this error message you got during the full system scan. When you received the error message were you provided with an option to run One Click Support? If so, did you run OCS? Could you also let us know what type (i.e. part of system registry, system file, .exe file, some kind of picture or document, etc.) of file NIS is scanning when you get this error message. The more specific you are the better particularly if you find it to be part of the registry or tied to the Vista OS.

And when you reformatted did you do a destructive (complete) wipe of every little thing on your hard drive or did you attempt to save any of the files on your computer? Also, you said when you got the infection you were running a version of NIS 2008. Please let us know which year and version of NIS you are currently running.

Thanks!

Pexley

Hi BettaFisher,

I am actually not so sure that malware was involved.  If the "Norton Notifier" pop up you saw was actually Norton LiveUpdate Notice (system tray icon looks like a yellow and black envelope), then it was a legitimate program update announcement.  If this is true then the initial issue you had was a failed installation of the new program and not anything malicious.  If you had Webroot running real-time protection at the time, then it is quite possible that it interfered with the Norton update.

So now the question is, did you have Webroot installed after the format when you reinstalled Norton, which again could have corrupted the installation?  Moreover, Webroot, if it is currently installed could also be interfering with the Norton scan.  To answer your second question, no, you should not run two real-time antivirus programs simultaneously as they do not watch each other's backs, but rather they will constantly interfere with each other.  I would suggest that if Webroot is on your system you uninstall it.  Then try the Norton scan again.  If it still fails to complete successfully, uninstall Norton and run the Norton Removal Tool twice with a reboot after each pass.  Then reinstall Norton.

I am not completely dismissing the possibility of malware involvement here, but suggesting that there may be a less worrisome explanation for your symptoms.

It will also be easier to get some reasonable function from scans with the conflict resolved.  Good catch SOJ

Ok this file's a bit larger. Ran as administrator with auto-protect off.

For the record, I do not have Webroot Installed now, nor was it installed after last reformat. I did, however blue screen while reinstalling windows the time before this, resulting in very slow explorer functioning, wchich drove me to reinstall windows yet again.

Thanks for clarifying it is NOT helpful to have more than one antiwhatever program at once. Superhero team fail!!! Norton fights evil alone!!!

Lemme know how bad it is =/, and thanks again!

BettaFisher:

I don't see an answer to Pexley's question about formatting.  If you are not wiping the drive, just reloading Windows over and over, that is not reformatting.

It will not resolve any issues with a failed download.  You still seem to have a lot of the 2008 files in your log.  I am inclined to recommend that you use the Norton removal tool to clean your system of old files, twice, with a reboot after each one, and then reinstall Norton properly.

I don't know if any Windows errors caused by the multiple installs are going to give us grief.  One of the others may have a suggestion to make.

NRT

http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&ssfromlink=true&sprt_cid=1a13409b-29db-4397-a286-9dec49f8e252&seg=hho&ct=us&lg=en&docurl=20080828154508EN

New version   choose the one that you have

http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&selected_nav=&pvid=&docurl=20090121104844EN

Sorry I did not respond to questions this morning- was in a rush for work.

I ran the program to uninstall Norton two times, restarting after each wipe, then reinstalled Norton using my Retail Disc version of NIS 2008. The install auto- prompted me if I wanted NIS 2009 and I agreed. The install went smoothly and I have successfully completed two full system scans and have experienced no other problems.

To answer a few previous questions:

- Yes, the full system scan did stop in the same spot every time. I unfortunately did not take note of the exact file name.

-When I said reformat I may have used the word incorrectly. What I meant was to say I performed a Factory Reinstall of the Vista OS. Supposedly this should wipe any traces of viruses, Malware, etc? That's what I was told at least.

-I may very well have has Webroot installed at the time I tried updating Norton. To be honest I have had to install and reinstall OS so many times in the past week or so I can't truly say. My apologies.

In the end, it appears NIS experienced an error during either initial install or when updating as some of you stated earlier on. Using the Norton remover tool two times and reinstalling the program worked excellent and my paranoia is no more.

A heartfelt thanks to all of you for your contributions.

-Anthony

PS: Delphinium- I did have NIS 2008 installed when I performed the sys prot log for you guys, hence the many 2008 files. I have only ever had the NIS 2009 program on my computer since this morning when, with everyone's help, I was finally able to resolve the issue. I'm confused; does the log show I was running NIS 2009 when i was actually running 2008 at the time? Or perhaps it is considered 2009 though it appeared as 2008? lol. Thanks again.

To Pexley:

One thing I failed to mention was my computer also has an external hard drive I use for back ups of ONLY music files and such. Don't know if this would affect Norton or retain Norton files?

Another back up type my computer features is 'Spare Back-up'. Unsure how that works too and I've never fooled around with it. I do recall, however, seeing there were about 5 GB on the 'recovery disc' after each factory reinstall. Probably just the OS? Pretty sure the factory reinstall should wipe the recovery disc partition of the hard drive.

Hi BettaFisher,

Good to hear everything is working properly now.  Thanks for posting back and tidying up the loose ends. 

Hey Betta,

Are you by any chance using a Gateway or Emachines computer? Mine has sparebackup preloaded. It is an online backup service that they charge you to use. You can just uninstall it.

The recovery partition, assuming your computer is like mine (is your recovery partition by any chance protected by pc angel?), contains all of your computer's preloaded drivers and software. When you reformat your computer you should have the option to either do a destructive (complete) reformat or a reformat that basically saves your my documents folder.

The recovery disk you place in your computer contains your copy of Vista. Once the disk reinstalls Vista your disk drive should open and let you take the disc out before your computer restarts. Once it restarts the factory created recovery partition will kick in and begin re-installing all of your drivers and software from the day you first turned on your computer. It essentially does all of the work for you minus updating all of your programs and Vista.

Hope this helps!

-Pexley

Hey betta

I suggest you do a system restore , this always helped me when i got a virus and stuff like that

to do so just go to run and type msconfig then press system restore or something like that , then select the time before you browsed that website and wolah! everythings gone (everything bad )