Virus!! Help!!

Quads is already working on this for me but he suggested I post the problem and the progress in the event someone else can benefit from it.

 

 

I understand you may be the resident expert.  I got a virus on my computer a few days ago and it's kiling me.  We should I post to get some help?

 

Thanks,

Phill

 

 

 

Hi

 

What Security Software do you have installed??  

 Also what is the Nature of your infection, the way that it is acting or a name that it is detecting it.

 

Quads

 

 

 

Hi Quads,

 

I have NIS 15.0.0.60 and it was up-to-date as of July 2008 but everytime I went to run LiveUpdate after that it would be done in about 10 seconds and say there we no new updates, yet the icon in tray was still the red circle with the "X" instead of green with the check mark.  I figured some thing was up then but I never got around to resolving it.  A few days ago I was browsing a site and then I think it started to load Adobe Reader and then a bunch of pop up ads. I closed out of everything and rebooted.  When I browse the web now it contantly brings up pop up ads.  As a matter of fact, what scares me is when I type something in a search engine and hit Return it will often times bring up a pop up ad that has the word I typed somewhere in a box and brings up ads related to what I typed.  Worried usernames and passwords are not protected when I log into various sites.  Anyway, I finally tried resolving the NIS issue.  The Norton knowledge base suggested downloading and running a file called "piupdate".  Once I did that NIS made all kinds of updates and recognized a trojan on my computer and I thought it was resolved.  After rebooting and browsing the web, the pop up problem still occurs.  I also thought I remembered a prompt from NIS mentioning "downloader" when I first encountered the virus problem but I can't be sure.  Where do I start to find the problem if I don't know the name and path of the problem file?

 

Thanks

 

 

Hi

 

In your case  you can post in the NIS/NAV forum as well. http://community.norton.com/norton/board?board.id=nis_feedbackYou can say I (Quads) is  already dealing this. Click on the "New Message tab This way  if other people already have this infection or in future, others can read the hopeful fix it.

 

OK now, sounds like some sort of Trojan.Downloader. Which has a BHO, (basically browser Hijacker). Does by any chance NIS 2008 have the name of the Trojan in it's History logs??

In any case, lets see if this finds the bad BHO.

Download Hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download and download the third in the list (Excutable) and click "Scan with log"  open the log in Notepad, the paste me the results please in a Personal Message.

 

Lets see how we go at spotting it running, It's harder without a name to go by, but oh well. Step by step.

 

Quads

 

 

 

 

Wow, I hope all this makes sense to you.

 

Thanks again.

 

 

[removed hi-jack this log at the Authors request]

 

 

 

Looks like I may have found more than one but at least one,   To give me time to go through the list, You could now do the post.

 

Quads

 

Back soon. 

 

 

 

I searched the NIS history and on 12/6 NIS Auto-Protect detected Downloader. It says it blocked it and it shows a zip file with a long name.

 

On 12/6 it shows a Trojan.Vundo that was removed by Auto-Protect.  It has that 3 different times.

 

Also shows an HTTP Fake Scan Webpage intrusion attempt that was blocked as well as an HTTP Misleading Application Detection intrusion attempt that was also blocked.

 

Also a Trojan Horse detected by Virus Scanner and removed on 12/7.

 

Also HTTP Trojan Vundo activity that was blocked around midnight last night.

Message Edited by Allen_K on 12-09-2008 10:58 PM