What I had to do to get Norton 360 to work again - Who says Conficker is no big deal?

Norton Security | Norton Internet Security
1

 

  • I have had 360 v. 2.0 installed since May 2008.(It's now v. 2.5.0.5)
  • It seemed to be doing a fine job of spotting Downadup/Conficker for quite a while. When I would pick it up on a USB at work (yeah it's a mess there ... they are working on cleaning it up.) it would always see it and stop it on the flash drive without asking and always clean it right out when I did scan it.
  • For the past few weeks I have been looking for information about the suspicious invitations to add as contacts I have been getting from yahoo messenger. (Apparently an update that I accepted caused the IM feature that I rarely use in to come alive.) I have only been able to find descriptions/warnings about a Conficker clone attacking through MSN Messenger. (Perhaps Yahoo Messenger's much ballyhooed ability to communicate with MSN is biting back.)
  • I have never accepted nor denied the invitations. I simply closed the windows.
  • That seemed to work until yesterday.
  • Yesterday I was greeted with a familiar looking but somehow suspicious notice that Liveupdate needed to connect. The logo was the give-away. I think I had seen it in prior Antivirus 2008, 2009, 2010 or Pro (Conficker if you ask me) infections. 
  • Again, I chose neither OK nor Cancel but closed the window. It didn't listen when I tried to open 360 the intruder warned me that it was already connecting to run (bogus) Liveupdate.
  • I defeated the connection with task manager.
  • Norton 360 would not complete the real Liveupdate and would not scan.
  • I contacted Norton chat and bored them with all these details (you can see why they became distracted) but seriously could not get a response that was germaine. The link they gave me would not work (the infection apparently successfully blocked it too.)
  • They transferred me to the Norton Spyware and Malware Removal Service. There I was given all of the disturbing language designed to assure me that my life would end if I didn't sign up for the service. Pulling teeth they finally told me the price was $99. If I wasn't so short lately I might have done it.
  • At work, the worm would not allow the Norton Fixdownadup.exe program nor the Malwarebytes program to work. But here at home the Malwarebytes program did work. It saw the numerous worms that Norton wouldn't/couldn't scan and removed them.
  • After running Mawarebytes Anti-Malware Norton 360 now is able to perform liveupdates and scan.  But my confidence is shaken.

 

I'm sure the Norton Removal Service would have cleaned it for another $99, but didn't I already pay for that?


 
Mr. B.
2

Conficker was definitely blocking Norton. Blocking Norton, McAfee, and other antivirus programs is one of the things it does so well.

 

One Trojan Agent, One Trojan.Zlob,  Two Trojan.Vundo, and the rest Adware.

 

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

3

Hello rburtnick,

 

The link for the removal tool for  W32.Downadup, W32.Downadup.B and W32.Downadup.C is: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDwndp.exe

 

Which comes off of the webpage:  http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

 

 All these come from the link at the top of the page of this forum entitled "Questions about Conficker/Downadup? Learn more".

 

It helps to Keep antiviral and operating system software up to date as well as other progams that are installed on a system that may have security loopholes that are plugged up over time with newer updates of each piece of software.  Except for Java(I believe it is Java?) that apparently is known for needing the user to remove the older versions manually in most cases for the Java Virtual Machine (JVM).

 

SuperAntiSpyware and MalWareBytes have been mentioned a lot for the free or non-real time spyware (adware etc) scanners.

 

There is an active thread with information and other links concerning the worm at:  http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=31036&view=by_date_ascending&page=1

 

Take care,

Mumford68

 

[Edit] I would never have said that conficker and it's variants are not a big deal :)

Message Edited by mumford68 on 04-11-2009 03:59 PM
4

Thanks for the response. I have been using those links and FixDwndp.exe with great success for months. It wasn't until the incident that I described that the Norton 360 program would not work on my machine at home.

 

(However back in January, it did work, i.e. scan, my brothers PC after he had downloaded and paid $99 for Antivirus 2009 Pro ... but didn't find W32.Downadup.x ... and I would have bet money that he had just paid money for a super case of Conficker.)

 

That aside, I have been an advocate of the tool and had great confidence in the Norton 360 protection, until this incident.  Conficker locked Norton 360 out and I had to use the Malwarebytes tool to get it back. I think the Removal team would have found that out but the Norton Organization wanted me to pay their tuition to find it out. 

 

Please do not misunderstand my attitude in this matter. While I certainly could have learned something, and of course there folks that would take your organization into bankruptcy, I really do appreciate how far Symantec has come in providing excellent support for its products. I didn't have the 100 bucks and I knew I could resolve it myself. In addition, I was looking for a way to inform your organization of the vulnerability when I connected ... sure, I assumed it would be a two-way street.

 

For over 20 years it has been my practice to let support organizations know the cause of a problem when I discover it ... often days or longer after the support desk personnel have been unable to help me resolve it. This may not have always been appreciated at the time (and more than once the problem was my incomplete or overly detailed description of the situation) but the database is enriched with this information.  

5

Hi, rburtnick,

 

Please remember that you need to keep Anti-Virus Products up-to-date in order to Protect you.  And please also remember that, even although Norton Products do Protect you from W32.Downadup - Norton Products do have Virus Definitions - that these Threats, especially W32.Downadup.C and W32.Downadup.D, Target Anti-Virus Products and your Anti-Virus Product does have Technology to Block Programs that try to make Changes to the Norton Product, but, clearly, Norton did not Detect this.

 

Just to be sure your Norton Product is working correctly: Open your Norton Product > Help & Support > One Click Support > Run the Auto-Fix Tool.  Let us know how you get on.

 

6

 

  • I have had 360 v. 2.0 installed since May 2008.(It's now v. 2.5.0.5)
  • It seemed to be doing a fine job of spotting Downadup/Conficker for quite a while. When I would pick it up on a USB at work (yeah it's a mess there ... they are working on cleaning it up.) it would always see it and stop it on the flash drive without asking and always clean it right out when I did scan it.
  • For the past few weeks I have been looking for information about the suspicious invitations to add as contacts I have been getting from yahoo messenger. (Apparently an update that I accepted caused the IM feature that I rarely use in to come alive.) I have only been able to find descriptions/warnings about a Conficker clone attacking through MSN Messenger. (Perhaps Yahoo Messenger's much ballyhooed ability to communicate with MSN is biting back.)
  • I have never accepted nor denied the invitations. I simply closed the windows.
  • That seemed to work until yesterday.
  • Yesterday I was greeted with a familiar looking but somehow suspicious notice that Liveupdate needed to connect. The logo was the give-away. I think I had seen it in prior Antivirus 2008, 2009, 2010 or Pro (Conficker if you ask me) infections. 
  • Again, I chose neither OK nor Cancel but closed the window. It didn't listen when I tried to open 360 the intruder warned me that it was already connecting to run (bogus) Liveupdate.
  • I defeated the connection with task manager.
  • Norton 360 would not complete the real Liveupdate and would not scan.
  • I contacted Norton chat and bored them with all these details (you can see why they became distracted) but seriously could not get a response that was germaine. The link they gave me would not work (the infection apparently successfully blocked it too.)
  • They transferred me to the Norton Spyware and Malware Removal Service. There I was given all of the disturbing language designed to assure me that my life would end if I didn't sign up for the service. Pulling teeth they finally told me the price was $99. If I wasn't so short lately I might have done it.
  • At work, the worm would not allow the Norton Fixdownadup.exe program nor the Malwarebytes program to work. But here at home the Malwarebytes program did work. It saw the numerous worms that Norton wouldn't/couldn't scan and removed them.
  • After running Mawarebytes Anti-Malware Norton 360 now is able to perform liveupdates and scan.  But my confidence is shaken.

 

I'm sure the Norton Removal Service would have cleaned it for another $99, but didn't I already pay for that?


 
Mr. B.