Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton 360 woes


  • Please log in to reply
11 replies to this topic

#1 johnnycobra

johnnycobra

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 07 February 2009 - 07:18 PM

I have been running with Norton 360. Yesterday it gave me a message "Norton 360 is no longer protecting you" and, you know what, it was right. I couldn't launch N360 and whatss more IE slowed right down, I could not access syetm restore and I had all the symptoms of a security breach.
I ran spybot and identified a SMITFRAUD and Virtumond. I removed them with spybot and then ran Malwarebytes and it identified a whole host of infected files which i then removed.

N360 still wouldnt run, so I downloaded an ran the N360 removal tool and, on symantec' instructions downoaded N360 2.0. This will not install. It hangs halfway through the installation and breaks the link with my ethernet router. Everything else runs fine except when i try to see the windows firewall settings it give me the message "due to unidentified problems windows firewall is unable to display settings"

So i downloaded and ran sharedaccess.reg (apparently windows firewall registry enty can be corupted by deep malware removal) but after this the machine would not boot. Wisely I had set a restore point prior so I am up an running but I have no firewall of any kind.

I am no expert. Unitil I came on this site i had no idea what Windows Registry is for example.

How can I get the firewall up, can anyone help?

Any thoughts on how I cn get N360 to install. The Symantec techs seem to know less about this than I do.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 07 February 2009 - 10:03 PM

Is this XP or Vista ..
If running.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Run part 1 of S!Ri's SmitfraudFix :
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 09:57 AM

Hi boopme, thanks for the reply.

Tea Timer is already disabled, so I dont think thats the problem. Here is the Smitfraudfix report. Any thoughts?

SmitFraudFix v2.53

Scan done at 9:55:47.15, Sun 02/08/2009
Run from C:\Documents and Settings\John and Fran\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\John and Fran\Application Data


Start Menu


C:\DOCUME~1\JOHNAN~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Scanning wininet.dll infection


End

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 08 February 2009 - 12:26 PM

Was 360a trial?
teatimer sometimrs interferes with other scanning tools, that's why I need to check on it.
Now do these,please'

Next run ATF:
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Then RERUN MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 01:19 PM

done. here is the scan

Malwarebytes' Anti-Malware 1.33
Database version: 1738
Windows 5.1.2600 Service Pack 3

2/8/2009 1:18:54 PM
mbam-log-2009-02-08 (13-18-44).txt

Scan type: Quick Scan
Objects scanned: 53691
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 01:26 PM

and btw N360 was not a trial. I have been using it for some time....

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 08 February 2009 - 01:26 PM

Let me ask you is this a Paid version of 360? as perhaps we just dump it and use something else if it is still not installing.

EDIT: we posted at the same time.
REmove it all again. Then Download and save it to the desktop. Then boot to Safe mode with Networking and run the Install off the desktop.

Edited by boopme, 08 February 2009 - 01:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 01:46 PM

yes its a paid version. i uninstalled version 1 at Symantecs advice and then downloaded and tried to install v2.0. I previously tried to install in safe mode but got an eroor message saying n360 must be installed in normal mode. I'll try agian and let you know.

Thing is, I cant install N360 and i also cant access windows firewall

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 08 February 2009 - 01:56 PM

The rest of the PC is running well as in no malware symtoms corrrect.

EDIT: erhaps if you post in the AntiVirus, Firewall and Privacy Products and Protection Methods
Michael York a Norton supervisor will spot it, he seems helpful with Norton issues.

Edited by boopme, 08 February 2009 - 02:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 03:34 PM

you are correct, boopme. I seem to have managed to clear out the bad stuff. The machine runs well. Just the firewall and the N360.

Thanks for the help. I'll post in the AntiVirus, Firewall and Privacy Products and Protection Methods
as you suggest and see what comes up. Thanks again.

#11 johnnycobra

johnnycobra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 08 February 2009 - 06:24 PM

FYI boopme, I finally got it loaded ( i manually deleted all the symantec stuff in the registry and eslewhere)! thats the good news.

The bad news is when I have N360 loaded I have no internet access. So I have uninstalled it. Thansk for your input.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 10 February 2009 - 02:06 PM

Perhaps till you can sort that out. You can use a free AV from here ,I use AntiVir http://www.bleepingcomputer.com/forums/topic3616.html
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users