Hi All,
I support an internet banking package that is installed on out customer's PC. The product consists of a number of services and a main server that communicates with the bank. Unfortunately one of our customers is having an issue with this service being unable to access the internet. We have a strong suspicion that the customer has a virus as they are unable to access the www.symantec.com despite the fact that they can access every other webpage we checked (please note that we did not check any other antivirus providers). The customer has version 16.8.0.41 of Norton Internet Security installed. Does our diagnosis sound correct?
Thanks,
JBurtton wrote:
Hi All,
I support an internet banking package that is installed on out customer's PC. The product consists of a number of services and a main server that communicates with the bank. Unfortunately one of our customers is having an issue with this service being unable to access the internet. We have a strong suspicion that the customer has a virus as they are unable to access the www.symantec.com despite the fact that they can access every other webpage we checked (please note that we did not check any other antivirus providers). The customer has version 16.8.0.41 of Norton Internet Security installed. Does our diagnosis sound correct?
Thanks,
This message is posted having regard to the following statement which you are kindly requested to read first.
http://community.norton.com/t5/Forum-Feedback/Statement-of-contribution-by-cgoldman/m-p/215993#M5047
A "suspicion" is not a "diagnosis". he he! But you may be correct. The version the customer is running is not the latest version. The customer may be able to get a free upgrade to NIS 2010 17.6.0.32.
However, not getting to www.symantec.com is not necessarily confirmation of a virus infection. For example, it is possible to block www.symantec.com using the "hosts" file.
You could have them rename the hosts file i.e. renamed to hosts.sam and/or check other AV websites.
Thanks cgoldman. We did check the host file and could see nothing unsual in there, we also changed the DNS servers as they were pointing to some strange ones. Yes you are quite right that a suspicion is not a diagnosis :-). The customer's subscription has only recently been extended. The hard part may be to get the upgrade onto the customers PC. I'll try to get the customer to go to another AV website but he is in denial that he has a problem.
Hi JBurtton,
Do what you can to convince the user to visit other security websites like McAffee, etc. Many virus's and malware first try to block access to the very security websites which can provide assistance.
This is not to say that there is a virus but it definitely needs to be checked.
Another note: as cgoldman said the version of NIS is old and if the user's subscription is current, they are entitled to a free upgrade to NIS 2010.
Allen
Hello JBurtton
However, if the system does have malware on it, the preferred thing, in my opinion, is first to get the computer cleaned up and then upgrade it to the 2010 version. If you try to upgrade with an infected machine, then there is a good chance you will get a corrupted upgrade also.
Hi,
I have spoken again with the customer and he is unable to access both www.symantec.com and www.mcafee.com. He can however get through to www.avg.com and www.kapersky.com.
Thanks,
James
Hi James,
Thanks for the update. It is still not certain yet but given that two security sites are affected I would recommend to download and run a full scan with the free version of MalwareBytes as explained below. The free version is an on demand scanner only and will not interefere with NIS.
Please download, install, update and run the free version of MalwareBytes following the procedure outlined below. Any other recommendations will follow after you have a chance to provide any other details requested.
Please go to www.malwarebytes.org
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) free version and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” The program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly choosing a "full scan".
7. When scanning is finished click on “Show Results”
8. Make sure that all detected threats are marked with a check mark, click on "Remove Selected".
9. Restart your computer.
Please post the logs back to this thread using "add attchments" at the bottom.
Note: Sometimes the main site is blocked from attempts to download MalwareBytes. If this occurs please try to download from:
http://www.filehippo.com/download_malwarebytes_anti_malware/
Please do not download the Spyware Doctor which you will see on this page!
After this please have them run a full scan with NIS.
We'll look forward to further update.
Thanks
Allen
Thanks Allen. I will give that a go.
Hi James,
You are very welcome and please let us know how it goes.
Thanks very much.
Allen
Hi All,
I support an internet banking package that is installed on out customer's PC. The product consists of a number of services and a main server that communicates with the bank. Unfortunately one of our customers is having an issue with this service being unable to access the internet. We have a strong suspicion that the customer has a virus as they are unable to access the www.symantec.com despite the fact that they can access every other webpage we checked (please note that we did not check any other antivirus providers). The customer has version 16.8.0.41 of Norton Internet Security installed. Does our diagnosis sound correct?
Thanks,