Morning Norton community, I'm a little pressed for time at the moment, so i'm going to try to sum up my problem.

So last night while browsing the web (youtube specifically), I get a popup notification telling me something about Java, I cant remember the exact message, but something seemed to download itself, or connect itself somehow to my computer when I clicked to not allow it to run a script in that, it would slow down my computer. Dont know if that was the cause of the problem or not, but next thing I know, I have this new program called Anti Virus System Pro (Which I never knew existed) telling me I have a dozen to 30+ viruses, spyware, malware, whatnot have you.

The popups this program generated at first confused me, I thought it might have been a joke or some window pretending to be an advertisment for one of those faux programs, but no, apparently this thing installed itself into my system at some point last night between browsing videos and my msn messenger voicechatting session with my sister in law.

So this "AntiVirus System Pro" popped up a warning that "Computer cannot run _____.Exe because it is infected" including several programs which I know are relevent to norton. The lag my computer generated made it impossible to surf the web, upgrade malware bytes, or super anti spyware (which last night picked up 37 some rogue/gens, have no clue what those are). But here was the kicker, even disconected from the net (Unplugged my cable modem, this other anti virus system pro message keeps telling me "someone" or some "program" is trying to make a connection to my computer (Which should be impossible considering I had no way to connect to the net without the Cabel Modem).

I gutted it out and ran Norton even with afew popups infront of it which said certain exe's that were related to norton, were infected and were being terminated or shut down. Norton found nothing, so I called and spoke to someone that night who had a similar problem about a year ago, they gave me a few things to look out for and guided me through my registry, I deleted the program based on searching my registry and finding a location for the location the program was running from.

Using the keyword sysguard in my registry editor with assistance from the person I was talking to (due to being totally isolated from the internet at that time) I managed to find

C:\Documents and settings\UserAccount2LocalSettings\Application Data\oaujmk\lglvsysguard.exe

and in my registry editor I found something called "eqayxufx" at

"My Computer\Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run"

I restarted my computer and booted task manager before this lglvsysguard.exe started up, and disabled it the moment I saw it, then deleted it and the registry entry. 

Therein restarting my computer once more, the registry entry is back, ut the lglvsysguard.exe is not, which allows me to now get online with another browser, as my internet explorer seems incapable of connecting to the itnernet due to a connection problem of some sort. Likewise, I get errors everytime I try to update super anti sypware, or malware bytes. Norton continues to give me the green light, but now i'm getting a red shield in my tray that says "Windows Security Alert", telling me norton might be out of date (though I only installed NIS 2010 less than a month ago, obviously).

Most of this happened last night and I havent had the time to really sit down and sort out the issue, I have thing I need to do, things that are required of me, and i'm not exactly sure why things are acting up for my computer right now if I got rid of the program that was popping up and causing issues (Though I was informed it may be a regenerating program?. I'm not exactly sure how to approach the situation, and I value Norton's security, for years now, as for why it isnt picking up this Anti Virus System pro thing (let alone letting it somehow set itself up in my computer somehow without my permission, let alone notification).

So I turn to you my norton community, is this program a legitimate anti virus program?I find it odd I never had even heard of it before until it automatically started setting up and running on my system, thus I still believe it is a bug of some sort, acting as something else, i'm not entierly sure, and I dont know what to do about my other security programs like Malware Bytes, and SuperAntiSpyware, no longer being able to update.

Thanks for the info, I had someone reference a few websites, before I left the computer in the hands of someone else while I was at work, when I got home, it seems the rogue antivirus program is gone now, it isnt popping up anymore at all, i’m not getting any warnings, automatic scans, or whatnot have you, any of that, but one thing still persists, and it relates to the Norton, i’m still getting a red shield at the tray that says “Windows Security Alert”, telling me that Norton is out of date (2010, I think not), it tells me to update norton to get the latest date updates to make sure I have a proper version. So I run live update, and the red shield is still there. More perplexing is in that I still cannot update superanti spyware, or malware bytes, I get connectivity errors, as well as internet explorer having connection problems and being unable to connect to any websites or other places. Other browsers and programs work fine, but i’m a bit at a loss of what to do in terms of norton’s windows security alert, IE, malware bytes, or super anti spyware. Has anyone ever encountered anything like this before? I cant possibly be the only person to have had an issue like this.

Hi

You probably still have some remains of that malware in your computer. How to completely clean it, I wouldn't know. I could venture a guess, but it would be a guess and I won't endanger any one else's computer.

Morning Norton community, I'm a little pressed for time at the moment, so i'm going to try to sum up my problem.

So last night while browsing the web (youtube specifically), I get a popup notification telling me something about Java, I cant remember the exact message, but something seemed to download itself, or connect itself somehow to my computer when I clicked to not allow it to run a script in that, it would slow down my computer. Dont know if that was the cause of the problem or not, but next thing I know, I have this new program called Anti Virus System Pro (Which I never knew existed) telling me I have a dozen to 30+ viruses, spyware, malware, whatnot have you.

The popups this program generated at first confused me, I thought it might have been a joke or some window pretending to be an advertisment for one of those faux programs, but no, apparently this thing installed itself into my system at some point last night between browsing videos and my msn messenger voicechatting session with my sister in law.

So this "AntiVirus System Pro" popped up a warning that "Computer cannot run _____.Exe because it is infected" including several programs which I know are relevent to norton. The lag my computer generated made it impossible to surf the web, upgrade malware bytes, or super anti spyware (which last night picked up 37 some rogue/gens, have no clue what those are). But here was the kicker, even disconected from the net (Unplugged my cable modem, this other anti virus system pro message keeps telling me "someone" or some "program" is trying to make a connection to my computer (Which should be impossible considering I had no way to connect to the net without the Cabel Modem).

I gutted it out and ran Norton even with afew popups infront of it which said certain exe's that were related to norton, were infected and were being terminated or shut down. Norton found nothing, so I called and spoke to someone that night who had a similar problem about a year ago, they gave me a few things to look out for and guided me through my registry, I deleted the program based on searching my registry and finding a location for the location the program was running from.

Using the keyword sysguard in my registry editor with assistance from the person I was talking to (due to being totally isolated from the internet at that time) I managed to find

C:\Documents and settings\UserAccount2LocalSettings\Application Data\oaujmk\lglvsysguard.exe

and in my registry editor I found something called "eqayxufx" at

"My Computer\Hkey_Current_User\Software\Microsoft\Windows\CurrentVersion\Run"

I restarted my computer and booted task manager before this lglvsysguard.exe started up, and disabled it the moment I saw it, then deleted it and the registry entry. 

Therein restarting my computer once more, the registry entry is back, ut the lglvsysguard.exe is not, which allows me to now get online with another browser, as my internet explorer seems incapable of connecting to the itnernet due to a connection problem of some sort. Likewise, I get errors everytime I try to update super anti sypware, or malware bytes. Norton continues to give me the green light, but now i'm getting a red shield in my tray that says "Windows Security Alert", telling me norton might be out of date (though I only installed NIS 2010 less than a month ago, obviously).

Most of this happened last night and I havent had the time to really sit down and sort out the issue, I have thing I need to do, things that are required of me, and i'm not exactly sure why things are acting up for my computer right now if I got rid of the program that was popping up and causing issues (Though I was informed it may be a regenerating program?. I'm not exactly sure how to approach the situation, and I value Norton's security, for years now, as for why it isnt picking up this Anti Virus System pro thing (let alone letting it somehow set itself up in my computer somehow without my permission, let alone notification).

So I turn to you my norton community, is this program a legitimate anti virus program?I find it odd I never had even heard of it before until it automatically started setting up and running on my system, thus I still believe it is a bug of some sort, acting as something else, i'm not entierly sure, and I dont know what to do about my other security programs like Malware Bytes, and SuperAntiSpyware, no longer being able to update.

Circumstances considering I can connect to the internet using another browser, I manually downloaded the latest updates for super anti spyware, and rebooted to safe mode, ran a full system scan, this being before I left for work. I was informed (With a picture taken by a cellphone), by the person who was at home, that nothing was found, nor did Malware Bytes pick up anything. I have been considering uninstalling, then reinstalling malware bytes, but i’m not entierly sure that would work, if it already is having complications, I wager to suspect, there would be a problem during setup, though, I can guess as much as I like, that doesnt mean i’m correct, so before doing something I may regret, I really dont want to uninstall and then reinstall norton (or any programs) if the issue can be fixed properly.

Dear Scam,

I am concerned that you are not taking the infection seriously enough.  The kind of malware hit that your computer took was heavy.  That means that anything at all might have been infected, right down to the root of your system.  There may be quiescent malware routines left behind too new to be detected and simply waiting to start their mischief.

It is the nature of this malware to go after the host's security systems and to disable as far as they can.  Was your Norton's tamper protection set to on?  Was it password protected?  Doing this makes it stronger against attacks.

At this point, it is clear that there has been enough corruption in your system that Norton can not be relied upon.  You should not even think of it as Norton because of the possible changes the malware might have done to it.  Updating it, trying to run it, these things are neither safe nor desirable.

The same, unfortunately, applies to your entire system.  You do not know what is trustworthy and what isn't.  Even applications you download from the internet can be modified as they arrive.

You have a few choices here; and I will list them in the order in which I would apply them:

1.  On a safe computer, download the Norton Recovery Tool, following the directions carefully for creating your own disk to use on your own computer.  Get it and instructions from NRT.  You need to put the NRT disk into the CD drive and boot up from the disk.  You will need to have your Activation Key on hand at the time.  You will need to be hardwired (if possible) to the internet so that the NRT can acquire the most recent malware signatures.  Follow the instructions.

     Hopefully, this will clean most of the malware from your computer, perhaps even all of it.  Unfortunately, it may not undo all the damage.  I will suggest that it most likely won't undo the damage.

2.  Next, I would re-image my harddrive with a recent backup of my system.  If you haven't been making backup images of your system, I would then suggest you use whatever disk or method came with your computer for restoring factory settings.  Since this could be a "destructive" restoration (meaning your entire harddrive will be reformatted), you need to copy off of your computer all the data files you can.   It is vital at this point you think carefully about what these can be.  Here are a few suggestions:  Letters, memos, any correspondence, pictures, movies, music, all media, email, business data, financial data, tax data including digital copies of returns you have filed, spreadsheets, powerpoint presentations.  You need all activation/installation codes for software you will need to restore.  You may need to try to deactivate things Adobe Acrobat because these have limited licenses based on number of activations.  You will need copies on installation files to reinstall software, BUT do not try to get these off of your machine.  You have no idea how they may have been contaminated or damaged.  Be aware that somer re-imaging applications do offer the possibility of saving your original system in a separate folder or partition so you can go after the data after re-imaging your harddrive.

    There is an alternative some people might suggest.  Most restoration disks/processes have a "repair" option.  In this option, Windows is basically restored to its original working condition as are some MS products.  In theory, a number of your personal applications MIGHT still work.  Most won't, and some of those that appear to won't really.  I consider this choice unacceptable for my needs; but that would be your judgement call.  It does have the virtue of leaving your data preserved.

3.  Upon re-imaging my drive and booting up to my desktop, I would immediately and only run through a succession of Windows updates until my system was completely current.  Do not browse or do anything else.  It's not worth the risk.  Do not install NIS until you have finished updating your system because NIS depends on many of the updates to run well.  Once you are updated (and this includes accepting all Framework components and updates that MS offers, even if it is not in the required section of the update), then immediately install NIS.  After that you can begin rebuilding the rest of your system.

     Before restoring any data, first scan it with Norton.  Be especially cautious with media files and pdf's as they can contain infections.  The same thing with html stuff - be very carefully.

That's my general summary and suggestions.  Others might have different strategies, but this is the only one safe enough for me to feel comfortable.  I am sorry it is so dismal.  Good luck, and please stay with us and let us know how it worked out.

Thank you for this detailed insight, it is much appreciated, having done what I can (with a few workarounds, as I have no other safe computer under this roof, I had to go to an outside source), I managed to get everything functional again, at least to online accessability, no more popups, no more browser redirects, none of that kind of stuff. Even still, Norton seems to be acting strange (now that everything else seems to be restored to functionality, Norton is the only thing which continues to question its valid date). I am still quite perplexed at how easily this Antivirus System Pro got into my system without prompting for download, let alone bypassing Norton live monitoring (via sonar protection), and within only seconds, managed to defeat my NIS 2010 (which I had paid for only last month as I have mentioned, there is no reason why it should be out of date) to create all the trouble that it has. 

As norton is still acting odd while everything else is now functional (at least as far as I can tell), I wont consider the situation fully resolved until Norton is as smooth and running as it was, five days ago prior to the issue with this Antivirus system pro virus/ware thing. If I were to reinstall norton yet again (much to my displeasure that I should even have to uninstall it in the first place), how can I be sure that it isnt being tampered with?

With fake antivirus, all you have to do is click on it.  Needless to say, even if you click to close the popup, the writers are not going to let you choose yes or no, it gives the script access to your computer.  When something like that occurs, you are best to use alt>F4, unplug your internet connection, or both.  You need to respond very quickly.

Norton may have become damaged during the removal of the malware, or you may still have malware on your system. Presumably your system restore has been disabled at some point to get rid of any remains of the rogue, and your browser cache and temp files should be emtied.  When you know you have a clean system, you can manually set a restore point.

"So I run live update, and the red shield is still there. More perplexing is in that I still cannot update superanti spyware, or malware bytes, I get connectivity errors, as well as internet explorer having connection problems and being unable to connect to any websites or other places. Other browsers and programs work fine, but i'm a bit at a loss of what to do in terms of norton's windows security alert, IE, malware bytes, or super anti spyware. Has anyone ever encountered anything like this before? I cant possibly be the only person to have had an issue like this."

These are all indications that the rogue is still affecting your computer and preventing your antivirus software from working.  You need to take the machine to someone more advanced in the removal of this type of infection.  Just getting rid of the popups is not sufficient.

That may be problematic, as I am required to use a computer regularly for what I do, though in my current situation, I have very little money to take my computer to any “professional” type of repair shop, it simply is not an option. Though as I had mentioned, everything has been returned to what seems to be functionality. Liveupdate is recognizing pulse updates and whatnot again, as is malware bytes, super anti spyware, internet explorer is able to browse again and update as expected (as far as I can see, a nights ago malware bytes plucked something out of my system that it had missed before, apparently it is able to acknowledge the new updates and remove infected files accordingly), so the issue as far as I can see, all that remains is norton’s relationship with the security center, as it claims to still be out of date, which somehow seems to be affecting the general functionality of norton, in terms of how cranky it has been lately. I am not sure if it is security center, or norton itself, but if I had to guess, i’d say it was something on norton’s side, but again, thats just a guess, based on the behavior of norton, compared to other programs on my system which have seemed to got their bounce back.

just to give you an idea of what is involved in removing this infection    www.bleepingcomputer.com/forums/topic269965.html      the good old days of running a program to remove an infection are gone.  i would take delphinium’s advice.  good luck.

---

Topopurim47 wrote:
just to give you an idea of what is involved in removing this infection    www.bleepingcomputer.com/forums/topic269965.html      the good old days of running a program to remove an infection are gone.  i would take delphinium's advice.  good luck.

---

That poor, poor person.

But one thing to understand:  the more you play around with an infection without knowing what you're doing, the worse it gets.