Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No virus scan in safe mode or safe mode with netwrkg


  • Please log in to reply
11 replies to this topic

#1 kbrownfocus

kbrownfocus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 12:50 AM

:thumbsup: ok i have a huge problem, i no virus scan capabilities in safe mode and in safe mode with networking, now i have tried to go back to reg. booting, and see if it is installed corectly, and from the looks of it, it is all icons and file folders are there and working.....now when im in either one of the two safe modes wither im on the amnstdr or mine the software will not open and it won't open, here is what comes up when i try to open it from program files:



:flowers: "Faild to start the Symantec Management Client service. Error code returned:
0x8007043c


i am getting frustrated badly with this, i am running XP home ed. on an ACER aspier one, (say what you want but its practical) and as you can tell i am running live update/Symantec Endpoint Protection
and yes everything is up to date, i have waxxed the backdoor troj. with no prob. but i am needing help tring to fig. out how to solve this prob so i can make shure i completly killed the attack...thanx

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 01:50 AM

Hi and Welcome to BleepingComputer,

Not all anitvirus programs work in safe mode, I don't know about Symantec but I do know my ZoneAlarm does not. I do not see the reason to run it in safe mode. If you are really wanting to run stuff in safe mode, run SuperAntiSpyware in it and just run your antivirus program in regular windows.

Btw, it sounds like you had something on there that has backdoor capabilities and if that is the case, then unless you reformat the computer, it will never be truly safe again.

Edited by Stang777, 27 January 2010 - 01:52 AM.


#3 kbrownfocus

kbrownfocus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 02:50 AM

:thumbsup: that is a good point, the software i have is the buisness ed. and its pretty potent as far as tasking and attacking the attack.....no it wasnt a back door, that i have delt with before and it killed one of my laptops i mean lit. it died :flowers: but still tring to fig some of the error code it throws out though
thanks for the welcome

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 03:02 AM

You are welcome.

According to Symantec, it seems that error code is because you are trying to run it in safe mode...

Question/Issue:
Why is error 0x8007043c being produced when trying to start the SEP (Symantec Endpoint Protection) user interface in safe mode?

Symptoms:
When launching Symantec Endpoint Protection (from the Start menu) in Safe Mode the following error is displayed:

"It appears that the Symantec Management Client service is not running. You will not be able to manage network protection settings through the main user interface until it is running.
Do you want to start the service now?"

Clicking "Yes" will trigger the following error and the Symantec Endpoint Protection user interface will not open:

"Failed to start the Symantec Management Client service. Error code returned: 0x8007043c"

Cause:
The SMC (Symantec Management Client) service will not start because networking is not available in safe mode.

Solution:
Click "No" instead.

http://service1.symantec.com/SUPPORT/ent-s...007121210520948

I know you said that it does it in safe mode with networking too and I am not sure of the reason for that one unless you are not actually able to connect when in that mode or if it is just a case of, like ZoneAlarm, it just does not run in safe mode

Edited by Stang777, 27 January 2010 - 03:07 AM.


#5 kbrownfocus

kbrownfocus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 03:58 AM

thanks for the quick link....running a full scan in S.M.N......quick question though how the crap do you get rid of that fake antivirus sheild that pops up over on the bottom right that opens a bogus buy now window?

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 04:08 AM

You are welcome.

Being as I do not what fake virus program is on your system, I cannot say for sure how to get rid of it but as long as it is still there, your system is still infected.

You should run scans with Malwarebytes (gets rid of a lot of the fake virus programs) and SuperAntiSpyware.

Until your last post I was under the impression you had already cleared up the infections but since that does not seem to be the case, I am going to request this topic be moved to the "Am I Infected" section of this forum so you can get help in removing the infections.

#7 kbrownfocus

kbrownfocus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 04:29 AM

yeah, i thought i did too, but i guess it was inbeded deeper than i thought, i think it is more of a malware than anything, witch in my mind is worse than a mosiquto buzzing in your ear....but yeah..its the blue and white stiped sheild that pops up and rouques IE, and makes everything you try to open infected or not able to open.....
just found out it was a Trojan.Droppler..... :thumbsup:

#8 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 04:53 AM

I have already put in the request to have this moved to that section.

Go ahead and run the Malwarebytes (from Malwarebytes.org) and SuperAntiSpyware (from SuperAntiSpyware.com) scans and post the logs from them in a post here. You should be able to get further help with it after your topic gets moved over to the Am I Infected forum.

If you have problems getting either program to run, use the following link and follow the instructions in post #2 by Boopme. Running rkill (link for it is in that post) first should make it so those programs will start but you may have to run it more than once if once doesn't do the trick...

http://www.bleepingcomputer.com/forums/t/290764/win32netsky-infection/

Edited by Stang777, 27 January 2010 - 05:05 AM.


#9 kbrownfocus

kbrownfocus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 05:46 AM

:flowers: hey thanks for the two softwares, downloaded both and they are scanning on all of my comps. as we speak, oh yeah and i had a lil boo-boo in safe mode but it turned out to be a good thing, was runing laptop on the batt. and wasnt paying attn. and then it shut off but i plugged it back in, turned it on it did a disk check then i opened reg. and when my virus protec opened it caught the pain that ailes hahahaha but realy the threat was...

pmdsyguard.exe trojan.FakeAV
zpskon_1264587342.exe downloader
APQ1A.tmp downloader
OLbO.exe trojan.FakeAV
Bloodhound.SONAR.1 freddy82.exe
Hacktool.Rootkit fio32.sys
W32.Koobface.A fio32.fll


so I hope the two things you told me to download work as well they have pulled up alot of threats as well
i am in the proccess as of now searching the contacts of the file names and seeing what sights use them and well soon follow up with some post on them, thanks much for the help, i have been at this prob. for almost 2days and 18hrs
thanks much :thumbsup:

#10 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 05:56 AM

You are very welcome.

Oh crap, looks like you have a rootkit, Hacktool.Rootkit fio32.sys.

If you have done any online banking, use a computer you know is clean to change your passwords right away. You might want to consider reformatting because rootkits usually make a computer unsafe without doing that, even after it has been cleaned. I do not know anything about this particular one, but just having the word rootkit in the name makes me think it is no different than any other rootkit when it comes to the future security of your system.

That does not mean that we cannot continue cleaning it if that is what you want to do, but if it were mine, I would never again use it to buy anything or to do online banking unless I did a low-level reformat of it first.

It is obviously up to you as to what to do at this point, but I wanted you to be aware of what having a rootkit can mean.

#11 kbrownfocus

kbrownfocus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:hawaii
  • Local time:01:58 PM

Posted 27 January 2010 - 06:33 AM

:flowers: done and done.....yeah i just remembered that when you posted so i had to come back and reread all that you posted, but the acer is back up and 100% agin thanks for all the info you've been a huge help oh dont know if you know yet or how old it is but the koobface virus i got was from an email on face book.....i posted a thing about it on the new virus forum but anyways thank for the help, cause im going to be needing my laptop as a main comp. for the next 6days (moving back to the mainland)
thanks :thumbsup:

#12 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 27 January 2010 - 07:00 AM

You are very welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users