With the main Norton AV software interface up and running, I click on "Quarantine" which takes me to the Security History interface. This interface shows all of the quarantined items, mostly cookies.
Then, if click on any quarantined entry to see details, all of the Norton AV framework fails and all of Norton AV shuts down leaving my computer defenseless.
None of Norton AV can be restarted. I have to reboot my PC to get Norton AV to execute again.
Is there a fix for this problem?
Could my Norton AV software have been compromised by malware or a virus?
Can you please tell us what Norton product you have and the version number? Can you also tell us what operating system and servce pack and if 32 bit or 64 bit please. Was your previous security program removed properly using the control panel and their removal tool? What were the previous malware that were quarantined and how long ago and how often were they quarantined, not counting the cookies.? Thanks.
If you can click on Help & Support and about, it should tell you the version number. It should be starting with 18.. Is it Norton Antivirus or Norton Internet Security? If the program came with a firewall also, then it's Norton Internet Security.
The product and version are Norton Internet Security version 18.1.0.37.
I'm still working on the Quarantine problem. I'm trying to take a screenshot for you. I can't even open the window without crashing Norton AV. All the quarantine shows is cookies, the same cookies, over and over again.
I've attached a .pdf document with 4 screenshots. I'm pretty sure this is all of the information I can give you. Let me know if you need something else.
I am concerned about the Conhost.exe executable attempting to modify what appears to be a Norton AV executable.
I researched the Conhost.exe executable. This is a legitimate Microsoft executable stored in the System32 subfolder, which is properly signed. Additionally, I scanned it with Norton AV. No problems found.
That last screen shot is nothing to worry about. That is Tamper Protection protecting other files from getting too close to Norton files. Many legitimate windows files and other files just try and get too close. Norton just puts these types of things into logs, but these are harmless. Windows and the other programs will still be able to carry on their functions.
Thanks again for the reassurance. However, I still have a serious problem with your product. It is either defective or it's been compromised in some way.
No idea why this is happening. You say the quarantine is filled with cookies. Nothing else is in there? This can determine if you should perform a full reinstall. If there are other things in quarantine, please write back with the exact item. Can you also check security history if there are any more serious viruses detected.
Tywin7 wrote: No idea why this is happening. You say the quarantine is filled with cookies. Nothing else is in there? This can determine if you should perform a full reinstall. If there are other things in quarantine, please write back with the exact item. Can you also check security history if there are any more serious viruses detected.
Tywin7,
Please view the OP's earlier attachment. There are no cookies in Quarantine. The cookies are in Resolved Risks. Quarantine is full of many separate files that have all been detected as Suspicious.Cloud.5.D.
I leave the tough malware questions to those who are more knowledgeable on the subject than I. SInce there appears to have been a malicious agent involved, and it may be crashing Norton, I would certainly hesitate to recommend uninstalling Norton, thus leaving the system completely unprotected, until it can be determined if there is active malware still present. The chances of successfully reinstalling Norton in the presence of an infection that can already interfere with it would not be good.
Some malware creators have made removing malware harder by blocking the sites of popular virus removal programs like Symantec and Malwarebytes. Therefore, using an alternative source can prevent the program from being blocked. Please make sure to download the correct program. There are MANY ads on the site so make sure you are downloading MALWAREBYTES' ANTIMALWARE and not some other program.
(Thanks to Floplot for providing the alternative site). After you have downloaded the program, right click the exe file and select run as admin. Follow all prompts to install the software. After instalation, run an update of the program and perform a FULL scan of your computer. When scanning is finished, a message box will appear. Click on ok to continue on with the malware removal. Make sure that all detected threats are clicked on and click on Remove Selected. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Copy and paste all contents of the notepad into your next post. After that close the notepad.
Note:Many of the above steps are adapted from Floplot's instructions regarding using Malwarebytes'.
All of the quarantiend files were detected by Download Insight and seem to be associated with a single download. Do you recall what program you might have downloaded at 8:40 PM on Friday, November 12? Also, do you remember what site you were downloading from? This information would be very useful.
Also, does Norton only crash when viewing the Quarantine in Security History, or does it crash at other times as well? Can it complete a full system scan?
If the problem only occurs when accessing Quarantine and Norton otherwise appears to work normally in all other respects, it may just be an issue with the History logging. Anything else happening on your system that might indicate an infection?
Norton AV works perfectly in all other respects. I have repeatedly performed full system scans with clean results.
This morning, there is nothing in my Quarantined history. Nothing. Not even cookies.
On the evening that I inadvertently downloaded something, I was using Mozilla Firefox, searching for information on Highway 590 in Canada. Google responded with links, I clicked on a few and suddenly a popup appeared demanding that I do something, with a reponse of "yes" or "no". I couldn't kill the popup. I couldn't close the Firefox tab window, I couldn't shut down Firefox, so, foolishly in retrospect, and being very tired, I selected the "no" button. I'm sure that's what allowed the download. I don't remember the website.I know better than to have done this. I was just very tired.
I just looked at my browsing history. It only goes back 7 days so I've lost the history of the URL's I visited 8 days ago.
I am going to attempt your recommended malware search-and-destroy solution.
An interesting and timely question. And I did install and execute the Malware software that was recommended. No problem found.
Navigation within the Quarantine page is no longer fatal to Norton AV this morning. But, I am seeing high risk interceptions by Norton AV. There are a lot of files involved but they all relate to Trojan.FakeAV Gen 28. I have seen these interceptions for over a week.
I have performed a full AV scan with Norton updates from 9 minutes ago. I have run the Norton Power Eraser product several times. Nothing rids my PC of these interceptions. I have even Googled on this to look for solutions to eradiate, rather than intercept this problem. Nothing works. So, I can only surmise that I have an infection and Norton AV can only intercept it's attempts to do something, not get rid of it.