Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Downloader Got Through Norton Av

  • Please log in to reply
1 reply to this topic

#1 dkr


  • Members
  • 1 posts
  • Local time:09:58 AM

Posted 17 October 2007 - 04:40 PM

Hi, I am posting for the first time although I have browsed around here from time to time and have gotten a lot of valuable advice from this forum.

My trouble is my Norton AV fully updated etc. etc. , let a downloader slip through and now I have something causing a problem. My computer slows down when I get online and those little Symantec pop up windows or boxes with "scanning email messages" keep popping up, sometimes 3 or 4 at a time. Even though no email is coming in or going out of my Microsoft Outlook. I even tried to remove my account info from Outlook so as to disable it from emailing and it still happens.

Supposedly this virus was quarantined ( although as it was happening Norton said "repair failed"- twice) and then I manually deleted it using Norton.
After numerous scans with Norton AV, Symantec online deep scan, Mcafee Stinger, Ad-Aware, Spybot, Windows Defender, nothing bad comes up. Some spyware like tracking cookies did come up and I got rid of them.

I found a log in Norton (reports, activity log) that shows two specific IP addresses being accessed at every instance of the Norton "scanning email messages" pop ups. Under the heading Worm protection - connections - these two remote IP adresses corrolate to the "scanning email messages" pop ups:
mail2.uikkl.info( smtp(25). (and) www1.rixosspa.info( https(443).
Some how they are connected to my problem.

I have attached my Hijack this log.
Any Ideas as to what is going on?

Attached Files

BC AdBot (Login to Remove)


#2 Guest_Cretemonster_*


  • Guests

Posted 19 October 2007 - 04:29 AM

Hi dkr and Welcome to the Bleeping Computer!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users