We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Norton Security
Comments
-
It can be a real pig to remove, just did a machine with Norton360 yesterday, then ran the NRT (twice). the whole operation took nearly an hour.
Try running CCleaner registry cleaner to clean up the hundreds of files that neither the uninstaller or NRT remove properly.No free lunch, and no free laptop
0 -
You shouldn't have installed AVG until you have fully got rid of Norton-2 AV's on one system will cause many problems.No free lunch, and no free laptop0
-
You shouldn't have installed AVG until you have fully got rid of Norton-2 AV's on one system will cause many problems.
AVG has been on for nearly a month (free trial) and I didn't intentionally install Norton, from what I understand it sneakily installed as I was installing flash, but can't be sure about that.
I run CC regularly but untick the registry bit as I'm not sure. If i tick it, will it remove other things?0 -
Hi Russ, yes I selected that as I watched the video first. It seemed not to see the Norton though.
I wonder if I could have not run the Norton remover correctly, on a similar thread the advice was to open it from the desktop, but I couldn't see how to do that so just followed 'next' etc.0 -
I didn't intentionally install Norton, from what I understand it sneakily installed as I was installing flash, but can't be sure about that.
Um, what? Well that changes things. Installing flash shouldn't give you Norton Antivirus, so at a guess it's a fake.
Install Malwarebytes, Update it, and run a quick scan > post a log if it finds anything please:
http://www.users.on.net/~russ/mb.exe
Also post a DDS log (here) by running it as administrator. It won't appear to do anything, until about 3 minutes in it'll generate two reports. Save both reports, and copy/paste the DDS.txt report here.
Afterwards if you don't mind, please do the same with Hijackthis! (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html) - run as administrator, and copy/paste the log. Don't worry about 'fixing' anything yet.0 -
oh no! Not another virus!
will run malware0 -
Scan still running, and has found several threats. Have to be up early for work so will post log tomorrow evening.
Thanks to all.0 -
I ran the CCleaner using the tools option and was able to select Norton and remove it. Not sure if it has totally gone, and also what all the threats were. I had a complete re-install 2 weeks ago and the dodgiest site I visit is Facebook!! I've posted Hijack and Malware logs, so would be grateful if you would look.
Hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:49:44, on 01/04/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gill\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gill\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_S4D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299409905205
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4314 bytes
MalwareMalwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org
Database version: 6230
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
01/04/2011 00:07:47
mbam-log-2011-04-01 (00-06-48).txt
Scan type: Full scan (C:\|)
Objects scanned: 171123
Time elapsed: 1 hour(s), 9 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777BD76595B3EAE94 (Malware.Trace) -> Value: SRS_IT_E8790777BD76595B3EAE94 -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> No action taken.
c:\program files\questbrwsearch (Adware.QuestBrowse) -> No action taken.
c:\documents and settings\all users\application data\questbrwsearch (Adware.QuestBrowse) -> No action taken.
Files Infected:
c:\system volume information\_restore{ed163d61-ea6e-4119-9c23-133adf543ead}\RP35\A0004864.exe (Adware.Hotbar) -> No action taken.
c:\system volume information\_restore{ed163d61-ea6e-4119-9c23-133adf543ead}\RP35\A0004865.dll (Adware.Hotbar) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> No action taken.
c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> No action taken.0 -
1. Delete all your restore points there was something hiding in there, see this guide for multiple methods (http://www.bleepingcomputer.com/tutorials/tutorial56.html). Easiest way is just to turn off system restore, but make sure you re-enable it later.
2. Did you run Hijackthis as administrator?
3. In Internet Explorer, click on Tools > Internet Options > Connection > LAN Settings, and make sure it looks like this:
http://www.users.on.net/~russ/connection.png (tell me if it does or doesn't)
4. Please run DDS scan as previously mentioned Also run it as admin.
5. Run Spybot: Search and Destroy, update it, and run the Immunisations so that it says that it is immunised fully (this will block certain malware sites passivley). Run a scan as well, and let me know if it detects anything.0 -
No I didn't run as administrator - just looking now - how do I do that?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards