I suspected a malware infection, so after running a complete scan, I tried to run power eraser. I started P. E. and rebooted as instructed. The program ran up until it reached "checking internet connectivity." Power Eraser then stayed at this step - the program did not freeze, it just remained at "checking internet connectivity." I let it run for 20 minutes, but nothing happened. The icon/indicator kept turning.
If you are infected, then probably you may use MBAM to be sure your system is clean. Use of NPE can have serious effects on your system files as said by F4E. You may need to make sure that internet connection is not dialup or slow connection. Also did you try the steps you performed in your message sometime later, to filter out any chances of network connectivity problem with Norton/ Symantec server?
The machine I use is also used by my teenage kids. They have downloaded infected files before, and when they did, the machine always acted "strange>' When I say strange, I mean that I could tell something was not right. Most recently, When I visit web sites I frequently access, I end up at a phising site, or a site designed to look like it is legit - though it is not. Norton caught one of the sites this AM. (See attached file).
Anyway, I was not able to run Norton's PE. So, I downloaded the file from norton.com and ran it successfully. Unfortunately, the scan revealed nothing. However, I still believe that some malware is sitting on this machine - the one I am using to compose this reply.
So, while PE may be "a powerful tool" in your words, it did not quarantine any files when I ran it last night.
Thank you for the reply. Yes, I verified my internet connection worked (I have TWC Turbo) and as I stated in my prior post, I ran NPE after downloading the file from norton.com. The scan revealed nothing. I will try MBAM and post the results here when available.
UMRK
PS - Whenever I see the NPE mentioned, I always see the words "powerful, serious effects on OS," etc associated with it. I find this interesting because I have run NPE several times (I have it installed on two machines) and I have yet to experience any troublesome issues with it. Each time I ran it, the results were always "clean."
My apologies. I was busy replying to the other posts, so I missed yours. Please see the attached file below. Remember, once I realized NPE would not complete the scan, I downloaded the NPE file from norton.com. So, this log may include info from the successful scan, which I believe is the case judging by the time the file was created.
As an update, I ran MBAM and it identified two issues:
1. Registry key
2. A DLL file named alert.dll
I am not certain if these issues are truly a threat. Perhaps one of you with greater experience can determine whether MBAM found the problem or not. I included the log file from the scan for your reference. Any comments or suggestions are welcome.
It appears that my follow-up post din which I wrote that the file was too large (at >28 MB) to post. So, please send me your email address and I will forward you a compressed copy of the file.
I ran MBAM on my second machine and it located and quarantined a trojan horse named "AUTOKMS." Interestingly, I have a scheduled scan of my entire HD every night. So, if this file is indeed malware, I am very dissappointed that NIS failed to identify it. It appears that this file resided on my HD since January 1, 2014. I have attached the MBAM log for your reviwew.
I also kept a copy of the file in question that I will be happy to forward to the norton support team. Please provide any feedback or comments, e.g., is this a real threat? Why didn't NIS identify the threat, but MBAM freeware did?
As an update, I ran MBAM and it identified two issues:
1. Registry key
2. A DLL file named alert.dll
Hi Umrk111:
The MBAM log you attached in message # 9 would indicate that you have been infected with a browser hijacker known as Conduit Search - see the Wikipedia decription here as well as information here for the CLSID {3c471948-f874-49f5-b338-4f214a2ee0b1} MBAM identified for this PUP (potentially unwanted program).
If you search for the word "conduit" in this forum you will find posts by many other Norton users who have been infected by this browser hijacker. It's possible that MBAM was only able to remove the dropper for this PUP but was not able to remove all traces from your system, so I would advise that you register with one of the free malware removal sites listed in delphinium's post here and work with a malware removal specialist one-on-one to ensure your system is clean. My personal preferences are:
The Norton Power Eraser (NPE) is intended to be used as rescue tool when your system is infected with malware such as a rootkit or bootkit that makes your Windows OS unstable or unbootable. The NPE home page here states that "Be aware that, because Norton Power Eraser is an aggressive scan that looks for deeply embedded threats, it may quarantine a legitimate program." There are several examples in this forum where malware "hooked" itself into an important Windows file and the user corrupted their Windows OS after a NPE scan, so we usually recommend that this tool only be used under the supervision of a malware removal specialist who can correctly interpret diagnotic logs and help you repair your system if NPE causes any unexpected damage.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I ran MBAM on my second machine and it located and quarantined a trojan horse named "AUTOKMS."
...and regarding the MBAM log entry C:\Windows\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> No action taken from message # 11, that program is usually associated with a key generator used to activate illegal copies of MS Office - see the thread here on the MS Answers forum and additional information here on File.net.
Since MBAM only generated a warning and did not remove this file, you can submit the file for a SHA256 hash tag analysis at VirusTotal as long as AutoKMS.exe is smaller than 64 MB. A high detection rate with VirusTotal would indicate that a wide variety of AV software considers the file to be unsafe/malicious.
----------- MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
An advice for you to prevent such troubles again. You may throughly go through your kids system to find any unwanted toolbars and addons installed in the system. You also may install Norton Family on those system(s) to make sure you can deny such attempts and have a control over them.
Happy to hear you are successfully overcoming this trouble.
To Nikhil_CV, F4E, lmacri and everyone else who replied to my post(s): Thank you for taking the time to address my problem with your thoughtful and informative posts.
I will submit Autokms for analysis as instructed. Adding three teenage kids to two desk tops, two laptops, and three iPads results in what I can only describe as a massive headache. I thought I had a handle on things, and in a way, I still do, though I am only 97% effective in controlling things. Only six months ago, nearly every device was routinely infected by all sorts of bad things.I grew tired on wiping HDs, reinstalling software, and yelling at my kids. They seem to have gotten the message - almost.
Anyway, while I sincerely thank you all for your help and advice, I am still stuck with my original problem - NPE still hangs at "checking internet connectivity." So, I compressed and sent NPETraceSession.etl to Surendran. I am hopeful he can determine what is causing NPE to hang. Otherwise, I suppose I will need to reinstall NIS.
I am still stuck with my original problem - NPE still hangs at "checking internet connectivity." So, I compressed and sent NPETraceSession.etl to Surendran. I am hopeful he can determine what is causing NPE to hang. Otherwise, I suppose I will need to reinstall NIS.
Hi Umrk111:
There have been other posts in the forum recently about NPE and problems with internet connectivity - see Surendran's comments here in huggi3s' thread titled NPE.exe stuck on Checking for New Version screen & unable to end task for one example. I don't know if there is a bug in the current version of NPE that effects connectivity with the backend Symantec servers (possibly when NPE tries to download and update its malware definitions?) or if this is due to some residual side-effect of the Conduit infection, but I'm sure the log you sent to Surendran will shed some light on the exact cause. NPE and NIS are separate programs and if NPE isn't working correctly it's unlikely that a reinstall of NIS would solve the problem.
Nikhil_CV's suggestion in message # 15 to look into the parental controls in Norton Family sounds like a good idea, and the basic version comes free with your NIS subscription. I've never used this software myself but it can be launched directly from my NIS v. 20.x (2013) main window and there's a separate Norton Family board in the forum where you can get help from other users.
------------ MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
I had a Norton tech use NPE.exe when i had a problem with NIS 2013, and when he was finished I couldn't get back on line without doing a restore, and he/NPE did NOT fix the problem.
I had a Norton tech use NPE.exe when i had a problem with NIS 2013, and when he was finished I couldn't get back on line without doing a restore, and he/NPE did NOT fix the problem.
HP pavilion g6-2225nr
Win 8 X64 V6.2.9 IE 10
NIS 2014
This can issustrate the point that F4E makes in post 2 above, that NPE can cause more trouble than it is worth.
