BleepingComputer.com: GoogleRedirect;Shutdowns;HighCPUUsage;IETrouble

Norton 360, version 5.2.0.13

I note that there is a "registry cleanup" option. Should I run that now? If not, should I ever run it?

Hi,

what kind of registry cleanup? From norton?

Can you try this: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?lg=english&ct=united+states&docid=20080625082908EN&product=home&version=1&pvid=f-home

Yes, the registry cleanup option was within Norton 360.

I am able to get online if I disable the Smart Firewall. Once it is re-enabled, there are some things I can't do--on www.chess.com's chess diagrams, the pieces don't show up until I disable the firewall again, and at least some--perhaps all--pages fail to load if I don't disable the firewall. But once I'm on a page and it has loaded properly, I can re-enable the firewall without ill effect.

Now to click on the link you just provided.

I already tried the reset operation described in the link. I tried it again. No luck. If you wanted me to try the modify operation, I don't know what traffic rule modifications to make.

Hi,

do you still have the installer for Norton 360? If so I would try to uninstall and reinstall the program.

regards myrti

I wouldn't know where to look for a Norton installer tool. My desktop has an icon for a Norton uninstaller. When I search for programs and input the word "Norton," I get the results "Norton 360," "Norton Recovery Tools," "Norton VRQ Tool," "Uninstall Norton 360," and "Uninstall Norton VRQ Tool" under "Programs" and the results "Norton 360 Key," "Norton Premium Services," and "Norton Removal Tool" under "Files." I do not know whether or not they are all relevant to Norton 360, as I probably had Norton anti-virus protection before 360 came out.

My computer is still slow booting up. (It is also still only permitting me to go to Web pages if I first disable Smart Firewall.)

One thing I don't think I ever remembered to mention is that after I had that Security 2011 thing--the one that displayed a four-colored shield--and got rid of it, a few of my desktop icons that I don't remember ever having those shields developed them in their lower right-hand corners. (The icon for, say, MalwareBytes, is there on my desktop, but there's a little four-colored shield on the icon's corner.) Even the ComboFix icon has it. And there's a trash-can-shaped icon labeled "TFC" (but I don't mean my Recycle bin, whose icon looks different), which I don't remember having been there before, although I could be mistaken. Should I worry about any of this? (The ones having that four-colored shield are MalwareBytes, ComboFix, SecurityCheck (whatever that is), GooredFix, Norton Removal Tool, MBRCheck, TFC, and FixZeroAccess.)

Hi,

did you recently ask for help elsewhere? Follow a self-help guide? Those are all wellknown removal tools. The icon in the lower left means it needs administrative powers to be executed and that you will be prompted for admin priviledges when it gets executed.

Norton does not provide the installer again for free, if you downloaded the program more than 30 days ago. This is why I asked if you would be able to reinstall if I asked you to uninstall.

They have the uninstaller along with instructions available here:
HERE.

Just make sure you can reinstall it, before you uninstall.

regards myrti

I don't know how I could reinstall Norton360.

Some of those programs (GooredFix, for example) are on my desktop because I got help here on bleepingcomputer once before. FixZeroAccess is there because I recently had a ZeroAccess problem and had to have it fixed, as described in an earlier post in this thread.

Is uninstalling Norton360 and then purchasing an installation my only option?

Somewhere on the Web, someone said that if you had to disable Smart Firewall in order to get online, that meant you had another firewall already (I guess the two conflict?). Is that true? (I have Windows Defender turned off.)

Hi,

from what I can see there's no other firewall installed on your PC. Personally I think that the infections you had corrupted your AV install and it is therefore making problems.

Can you try to see here if you can download Norton360 again: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20090501124807EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

regards myrti

(a) There's a Windows firewall, but it's been switched off.
(b ) ZeroAccess hit again, and I ran FixZeroAccess. It switched off my computer and restarted it, after which it reported no infection. Then something called "Security Check" opened, with the little Windows logo, and reported problems. A whole bunch of "Windows - Delayed Write Failed/Failed to save all the components for the file \\System32\***," with the "***" being a number of varying length, I think, but more than three alphanumeric digits. (One was "0000280b".) Security Check then ran a scan and found fourteen errors, divided into four categories (I'd have to start my computer again to see the categories, which I can do if it's important. One had to do with the hard drive, and another had to do with RAM.) Since I was not surprised to see problems, I hit "Fix Errors," and it said it had fixed some of the problems but not others. It said to complete the fix, I needed to buy the fully functional version. At that point, I became suspicious that it wasn't really what it was claiming to be, and I shut down my computer and restarted it, but I'm getting the same messages. Meanwhile, it's not letting me do anything else--whether because my hard drive really is corrupted (quite possible at this point, or so it seemed to me) or because Security Scan is a fake that is controlling my machine, I don't know. Is this "Security Check" legitimate? Or is it another infection? (I also keep getting a message about the unreliability of my RAM.)

This post has been edited by Nil Desperandum: 11 February 2012 - 07:02 AM

I have recently heard of something called "sandboxie." Should I start using it (when my computer is working properly again, or when I am using a new computer)?

Hi,

I am not sure. I know of a tool called SecurityCheck, which is legitimate and used on the forums, but it only checks for outdated software really: http://screen317.spywareinfoforum.org/

There's also something called Symantec SecurityCheck: http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=00&pkj=AEBVGZBZTVOGXFSTZHS

These are both legit. There may be more legit tools. There may also be malicious tools, as far as I know there's nothing from Windows itself that is called Security Check, so it is not unlikely that it actually is a rogue.

Can you run ComboFix once more?

regards myrti

I'm very sorry--I hope you haven't been spending a whole lot of time trying to figure this out. As it turns out, it was "System Check." It finally occurred to me to look it up on the Internet (on my nephew's computer), whereupon I discovered that it was a virus and that bleepingcomputer had a page devoted to its removal. So, I followed the steps. In safe mode with networking, I ran rkill and tdsskiller. tdsskiller rebooted, and since there was so much about not rebooting (because the malware would start running again), I wasn't sure I should continue with the directions; I tried Malwarebytes, but when it didn't seem to work right, I shut down my computer and started it in safe mode with networking again. Then I ran rkill again and ran tdsskiller again. Finding nothing, tdsskiller didn't reboot my computer. At this point, I was able to connect and to get to bleepingcomputer on my own computer, so I did. Malwarebytes was 57 days out of date, and it wound up giving me a new version to download, which I did. Then I ran it. It found various things, which I removed. Then I went through the steps of changing my desktop back and of unhiding files. Since then, the computer has been restarted at some point--I don't really remember when--and it is running fine. I don't even have to disable the Norton firewall to get to Web pages now.

I've also run Secunia. Certain programs were out of date or vulnerable. I've used Secunia's fixes on all but three of them. Those three are Microsoft Office PowerPoint Viewer 2003 (end-of-life, but Secunia gives a link to Microsoft Update); Yahoo! Toolbar 6.x (I have 7, but when I go to uninstall 6, I find the list of programs to install/uninstall doesn't differentiate between them, listing only Yahoo! Toolbar, so I don't know how to uninstall 6.x); and FoxitReader 5.x (Secunia has an "install solution," and I used it, but it doesn't seem to make any difference--the solution seems to be downloading the latest version of FoxitReader). I just ran Secunia again, and it's still picking up those three.

So, I'm down to those questions--which I'll try to find answers to on the bleepingcomputer forums--and also whether or not I should be using sandboxie (which might also be on a forum). The major stuff seems to be OK now. Thank you!

I'm also curious about how to set a Restore Point *and keep it there*. Restore points seem to update every so often, while old ones are deleted one by one, but I want to set one that I can use much later if I want to.

P.S. So that you know and don't have to ask: I did *not* run ComboFix, and have absolutely no plan to, being under the impression that to do so without a computer expert's having directed me to would be dangerous.

This post has been edited by Nil Desperandum: 13 February 2012 - 08:46 PM

Hi,

I must have mixed up topics, sorry. I was udner the impression we had alerady run ComboFix together.

Secunia will normally offer you information as to where that outdated file is located. Some fo these files can be incorporated into other programs which is why you will be unable to update them.

Sandboxie is an added protection for your browser, it will fail to protect you from anything, the moemnt you want to save a downloaded file permanently, as then it needs to leave the sandboxie.

System Restore will not allow you to make a permanent "restore point". It always saves the latest x points depending on how much room there is for the system restore points. If you want to do backups that are restorable at a later point, maybe look into this: http://www.bleepingcomputer.com/tutorials/how-to-use-vista-complete-pc-backup/

regards myrti

Oh, I didn't mean that we hadn't used ComboFix; we did. I meant that in what I did recently (as described in my previous post), I did not use ComboFix *again*, and that I do not plan to.

I did use Secunia's display of where to find files to delete something--Yahoo Toolbar 6.x, after uninstalling Yahoo Toolbar 7 (and that came after copying my favorites list to a file), I think. FoxitReader and Microsoft Office PowerPoint Viewer 2003 (the latter of which I never use, to my knowledge--I use Word, but not the rest of Office, and I use Word without opening Office, to my knowledge) are the remaining problems. I used Secunia's "install solution" link to download FoxitReader's latest version, but it didn't help with the remaining problems. Secunia's link for patching (I suppose) PowerPoint Viewer 2003 had lots of possible downloads, and I really don't know which to use. I tried a couple of security updates, but that didn't remove it from the list. My computer is running fine now, but I'd like to do something about those vulnerabilities, and I'd like to know what I can do to protect my computer against those viruses that Norton 360 isn't stopping.

This post has been edited by Nil Desperandum: 14 February 2012 - 04:25 PM