Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader Got Through Norton Av


  • Please log in to reply
1 reply to this topic

#1 dkr

dkr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 17 October 2007 - 04:40 PM

Hi, I am posting for the first time although I have browsed around here from time to time and have gotten a lot of valuable advice from this forum.

My trouble is my Norton AV fully updated etc. etc. , let a downloader slip through and now I have something causing a problem. My computer slows down when I get online and those little Symantec pop up windows or boxes with "scanning email messages" keep popping up, sometimes 3 or 4 at a time. Even though no email is coming in or going out of my Microsoft Outlook. I even tried to remove my account info from Outlook so as to disable it from emailing and it still happens.

Supposedly this virus was quarantined ( although as it was happening Norton said "repair failed"- twice) and then I manually deleted it using Norton.
After numerous scans with Norton AV, Symantec online deep scan, Mcafee Stinger, Ad-Aware, Spybot, Windows Defender, nothing bad comes up. Some spyware like tracking cookies did come up and I got rid of them.

I found a log in Norton (reports, activity log) that shows two specific IP addresses being accessed at every instance of the Norton "scanning email messages" pop ups. Under the heading Worm protection - connections - these two remote IP adresses corrolate to the "scanning email messages" pop ups:
mail2.uikkl.info(208.72.169.158): smtp(25). (and) www1.rixosspa.info(74.208.13.39): https(443).
Some how they are connected to my problem.

I have attached my Hijack this log.
Any Ideas as to what is going on?
Thanks,
DKR

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 October 2007 - 04:29 AM

Hi dkr and Welcome to the Bleeping Computer!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users