Spyware Alert - not detected by Norton Antivirus has hijacked my PC

It seems if have a malware/spyware program that has infected by PC and norton didn't pick it up...

 

I get a red Spyware Alert box that state Vulnerabilities have been found and I'm infected... tons of red shields with Xs lined up at the bottom of my screen and alert after alert keeps popping up and asking me to activate my antivirus software (this while I'm running norton's full scan)... Also I have gotten many many "application canno be executed" security warnings and every few minutes my browser opens to a different porn, viagra, or adult website... I've been scanning for quitea while and norton hasn't picked up any security risks while these things keep going wild on my desktop. Anyone have any experience with this? I'm writing from my Mac since I don't want to open any programs on the PC. Thank you!

Hello ruthmaugeri,

 

I am sorry to hear of your problem. Could you tell us which Norton Product and version (year) you have installed?

Hi Phil:

We have a current subscription ... the one in the middle ... I can't login on my PC right now with the scan and malware on it. I think it's

 

Version 16.7.2.11

It seems if have a malware/spyware program that has infected by PC and norton didn't pick it up...

 

I get a red Spyware Alert box that state Vulnerabilities have been found and I'm infected... tons of red shields with Xs lined up at the bottom of my screen and alert after alert keeps popping up and asking me to activate my antivirus software (this while I'm running norton's full scan)... Also I have gotten many many "application canno be executed" security warnings and every few minutes my browser opens to a different porn, viagra, or adult website... I've been scanning for quitea while and norton hasn't picked up any security risks while these things keep going wild on my desktop. Anyone have any experience with this? I'm writing from my Mac since I don't want to open any programs on the PC. Thank you!

Hi checo:

thanks for your reply... i'd prefer to take care of it within the norton family of products rather than downloading something new if I can. I appreciate your response though. 

Okay, 16.7.2.11 is a 2009 Product, but also let me know if it is Norton Antivirus or Norton Internet Security.

 

I understand your reluctance to install another application, but Malwarebytes can often prove useful in situations like this.

 

We can try using Norton in a few ways first if you prefer.

  

• First, you should delete your System Restore points. You may find that they are unaccessible or may have already been deleted.

 

• Start your computer in SAFE MODE while disconnected from the internet and run a Full Scan with Norton. Note any threats detected by Norton and let us know the results.


• Second, if you purchased your Norton Product on CD, then that CD has a built in Norton Recovery Tool. This tool scans your system outside of the Windows environment.  If you have this CD, insert it into your CD / DVD drive and then restart your computer. Your computer should boot from the CD, Please follow the onscreen instructions and have your Norton Product Key available.

 

Let me know how you do with this.

 

 

 

 

 

Hi Phil:

Well, we'll go ahead and give Malwarebytes a try. I'll post back and let you know how it goes.

 Hi Phil:

I can't run the program ... I get a security alert that mbam-setup is infected and do I want to activate the software it's trying to get us to buy. 


ruthmaugeri wrote:

Hi Phil:

Well, we'll go ahead and give Malwarebytes a try. I'll post back and let you know how it goes.


Ruth, that's a good place to start.  One caution.  Avoid rebooting until it's essential; these viruses propogate themselves with each reboot.  There are a couple of other scans you might want to try before rebooting.  The recommendation of SuperAntiSpyware is a good one.  You can run this without rebooting after you complete the Malwarebytes scan.  Download the free version of SAS only from their official site for SAS.  There are imitations out there.

 

When you are done with your scans, that's when to reboot INTO SAFE MODE and rescan there.

Hi Ruth

 

Please try and see if you can download malwarebytes from this site. It may not be listed with that rogue antivirus malware you have.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread. Please let us know if this site will work for you.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.


ruthmaugeri wrote:

 Hi Phil:

I can't run the program ... I get a security alert that mbam-setup is infected and do I want to activate the software it's trying to get us to buy. 


Ruth, this is a trick of the virus.  Try downloading it again, but rename it something innocuous, like Myrecipe.exe; so it can't be intercepted by the virus.  The same would apply to SuperAntiSpyware, which at the moment is one of the best catch-it's for the latest route or rootkits, which you may have.

 

I am asking Phil here to see if he can get our resident rootkit expect here.  His name is Quads.  When he shows up, follow his instructions to the letter.  Do absolutely nothing he does not tell you.  That includes rebooting.  Hold off on that until he gives you advice.  Do not second guess him or do anything extra.  After downloading the two security programs we recommended, and updating them immediately, stay off the internet.

 

Good luck,

Ruthmaugeri:

 

It sounds to me as though you have managed to find a bad site for Malwarebytes.  If you need to use it, please use this link rather than a Google search.

 

http://www.filehippo.com/download_malwarebytes_anti_malware/

 

Hi mij

 

A lot of times the rogue antivirus program will block the official sites for malwarebytes and other security programs. Sometimes it's necessary to go to other sites to get the program.


floplot wrote:

Hi Ruth

 

Please try and see if you can download malwarebytes from this site. It may not be listed with that rogue antivirus malware you have.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread. Please let us know if this site will work for you.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.


Good advice, Flo, but that advice and my own should be the end of our participation until Quads shows up.  Rootkits, if that's what this is, is one place where too many cook will really spoil the cure.  :smileywink:


floplot wrote:

Hi mij

 

A lot of times the rogue antivirus program will block the official sites for malwarebytes and other security programs. Sometimes it's necessary to go to other sites to get the program.


Flo, she does not want to go to any other site to get superantispyware.  There is a definite imitator out there with the same name that will ravage her computer.

 

Ruth, you have another computer.  You can download both programs onto the other computer.  Rename both of them keeping the exe extension WHILE ON THAT OTHER COMPUTER.  Copy the renamed installers to a memory stick.  Bring them to your computer.  Install them.  Update both of them.  Disconnect your connection to the internet.  Run them one at a time. 

Message Edited by mijcar on 12-14-2009 07:56 PM
Message Edited by mijcar on 12-14-2009 08:02 PM

 


ruthmaugeri wrote:

 Hi Phil:

I can't run the program ... I get a security alert that mbam-setup is infected and do I want to activate the software it's trying to get us to buy


 

 

There are ones now that block .exe's from running including like "MS Paint.exe", "Oulook.exe"  etc.   Security Software or not.  But instead has a message appearing saying  "mspaint.exe" is infected with ****. "notepad.exe is infected with****" "hijackthis.exe is infected with****" 

 

Quads 


Message Edited by Quads on 12-15-2009 03:01 PM

Flo, you have another computer.  You can download both programs onto the other computer.  Rename both of them keeping the exe extension WHILE ON THAT OTHER COMPUTER.  Copy the renamed installers to a memory stick.  Bring them to your computer.  Install them.  Update both of them.  Disconnect your connection to the internet.  Run them one at a time.


Mij, is this meant for me??? I have only this one computer and I'm not having any problems??? 

floplot wrote:

Flo, you have another computer.  You can download both programs onto the other computer.  Rename both of them keeping the exe extension WHILE ON THAT OTHER COMPUTER.  Copy the renamed installers to a memory stick.  Bring them to your computer.  Install them.  Update both of them.  Disconnect your connection to the internet.  Run them one at a time.


Mij, is this meant for me??? I have only this one computer and I'm not having any problems??? 

Sorry, Flo, thanks for the catch.  I've corrected it now.  Trying to type too fast.

Quads, what about Safe Mode?  Do you think that would be blocked?

 

Additionally, the Norton Recovery Disk gives you command line access through its Advanced tab.  Is there anything she can do from there that would help?

Message Edited by mijcar on 12-14-2009 08:07 PM

You can try Safe Mode if the PC is allowed to boot into it, 

 

Trouble is a user can state "antivirus2009"  but there a many variations  ones that allows safe mode, ones that may not.

 

Quads