Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Why Was Norton Not Able To Detect My Looksky Trojan?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Blue4motion

Blue4motion

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 14 September 2007 - 04:34 AM

Hi,
First, thanks to this site for describing the steps and linking the freeware needed to remove my virus.

I had been running Norton IS 2005 and kept it frequently updated. However I was infected with the looksky trojan. My IS 2005 was not able to detect or remove. I visited the Symantec's site and they were pushing Norton 360 as the best all inclusive package. So yesterday I upgraded, ran the updates and completed a full scan. It failed to detect or remove the virus. There web site indicates that it was a known virus that it should be able to remove: http://www.symantec.com/security_response/...-99&tabid=1

I contacted customer support who pasted me to virus removal who wanted to charge 70 ($140) to remove on top of the 60 I'd just spent on the upgrade.

It appears to me that Norton failed to live up to the promises. Is there anything I can do to make norton more reliable against future threats? Alternatively can you recommend a better anti-virus or Internet security package?

Thanks,

Richard

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:12 PM

Posted 14 September 2007 - 09:37 AM

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new malware infections appear. Each vendor has its own definition of what constitutes malware and testing a computer using different anti-virus programs would yield different results. Although I find it odd since Symantec says it detects Trojan.Looksky

Norton, however, is as good as any other well known anti-virus program. My problem with using Symantec products is that they are resource hogs.

If your looking for an alternative, see BC's List of Virus & Malware Resources and Freeware Replacements For Common Commercial Apps.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Blue4motion

Blue4motion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 14 September 2007 - 05:48 PM

I spoke too soon! The fake warnings and ad sites had ceased after I ran ad-aware 2007. However they have returned when I restarted the machine today.
I did some more searching and found that spyhunter was a recommended virus scan for trojans. This highlighted that I have three viruses. trojan.puper (also known as pepop). trojan.vundo and trojan.Zlob (also known as lookski). I'm currently running another full system scan with Norton 360. If that doesn't detect and remove them I'll run a hijack this log and request some help.
I'm not too hopeful that Norton will detect them as the symantec's site includes a separate vundo removal tool download. I used this and after scanning it told me that I don't have the vundo virus. Even though spyhunter showed it is within my registry.

Thanks for the forum links below I'll check them out once I'm up and running.

Richard

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:12 PM

Posted 14 September 2007 - 08:52 PM

If your using Win XP or 2000, please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

Also see the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

Then download and scan with SUPERAntiSpyware Free.
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.

Edited by quietman7, 14 September 2007 - 08:55 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Blue4motion

Blue4motion
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 15 September 2007 - 04:26 PM

Thanks Quietman7. I ran through these steps but unfortunately spyhunter still indicates the viruses still remain. Last night I posted a HijackThis log in the relevant forum section for these. I don't want to have multiple people knowingly assisting me in parallel so I'll continue the request for assistance on the following under the following topic:

http://www.bleepingcomputer.com/forums/ind...st&p=618457

I've just ran a log after completing your steps and will post this there.

Thanks,

Richard

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:12 PM

Posted 15 September 2007 - 06:08 PM

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users