I'm having serious problems with my PC and I think I've narrowed it down to a virus. My Windows suddenly decided it's not authentic any more, even though it definitely is, system restore won't work, trying to run Spybot S&D crashes the computer and Norton Internet Security won't scan. I have uninstalled it and reinstalled it and updated it but it refuses to scan anything. Both smart and full scanning stay at 0 items scanned no matter how long I leave it on (and I can only stop it by using the task manager, thereby turning Norton off completely)and a scan of the C drive finishes in a second and finds no threats. I have sent diagnostic reports to Microsoft, I have run checks on the hard drive and I have tried run programs in safe mode but nothing works. Malawarebytes found a trojan called DNSChanger but removing it didn't fix the problem. Norton finds something called Suspicious.MH960.A. every time I turn on the machine. But I can't scan.
What can I do?
[Edit: Updated Subject to better reflect topic]
Message Edited by Tim_Lopez on 04-17-2009 11:45 AM
I would recommend using the Norton Recovery Disc. "The NRD is a bootable CD that can run scans and remove threats from outside of your Windows operating system."
If you have purchased the packaged CD product of NIS 2009 you will already have this tool on the product installation disc. If you downloaded NIS 2009 here is the link to make the NRD for NIS 2009.
Spybot crashed the machine last time I tried it and it wouldn't update either.
I'm having trouble with this recovery disk too. When I boot from it, it gives me options for Windows EMU enabled and a memory tool but doesn't mention Norton. If I let it continue to boot it goes to a black and white vista startup screen (with the wavy lines) and does nothing more. Am I doing something wrong?
Well the scan from the boot disk worked but came up with no threats or problems. I’m still having the same problem and Norton won’t scan under normal modes. Trying to revalidate windows by various means brings up the strange error “Maximum number of secrets exceeded on this machine”. Does anybody have the slightest idea what this means?
have you contacted microsoft? I have heard they are very helpful. In your first post you mentioned "Windows says it's not authentic" and it's popped up again here.
JonK wrote: Well the scan from the boot disk worked but came up with no threats or problems. I'm still having the same problem and Norton won't scan under normal modes. Trying to revalidate windows by various means brings up the strange error "Maximum number of secrets exceeded on this machine". Does anybody have the slightest idea what this means?
Yes, I’ve been in touch with Windows via their help forums. I used the Authentic Windows tool and yes, my copy is authentic and although they have been trying to help me, nothing has worked so far. They don’t recognise the “number of secrets” error message either. I’m at a loss as to what to do other than wipe the drive and install again.
A search on Google provides a number of hits for this particular error. Some posters on other forums have provided Malwarebytes logs showing Seneka.dat files. It would seem that our Mo has hit upon the likeliest solution. Please post the logs here when you have run Malwarebytes as we have some very good Seneka removers if required.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49:48, on 17/04/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal
Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
I have read somewhere that Windows displays this message when a program tries to open an encrypted *.VOB file from a CD/DVD and the CD/DVD drive is not "authenticated". The error does not appear for non-encrypted *.VOB files. The same error can happen if your computer(one of the drives) is infected with Seneka and Vundo.
Yogesh
Message Edited by yogesh_mohan on 04-18-2009 01:50 AM
Vista has in the Services one or two services that in some way control the WGA/ Activation and if they are disabled or tampered with the problem can arise.
I have come across Vista own updates screwing the activation. I can't remember the name of the services, The services can be tampered with by Malware as well.
Try updating Malwarebytes and using SuperAntispyware (up dated) then in Safe Mode Run Full Scans.
The only other thing if all fails is to try Combofix.
Vista If it sees the Activation has been tampered with can limit the users ability, and it can be really hard to get back.
UPDATE
The service I am thinking of in "slsvc.exe" that Malware can affect "slsvc.exe" = Software Licensing Service
When a copy of Windows fails validation, the user is directed to a customized Web page with details about what caused the failure and recommendations for how to fix the problem. This page contains a section with troubleshooting steps. One of these steps will let you check to see whether you can use the online Product Key Update Tool.