Running "Norton Internet Security"
Not sure where to start with this, so I'll try the very beginning...
I had a virus last week.
My Norton is set to autoupdate so I assume it has the latest definitions.
The program installed ok and ran ok. When I tried to "preview" the image slideshow, I got some kind of "virus found" error message and it offered me some fixes from free anti-virus programs. I recognized most of the names as well-known anti-virus programs so I trusted it. I clicked one of the ones that would supposedly help ("Red Cross"), but I believe that was the ACTUAL virus.
It downloaded and claimed to be scanning my computer but was probably infecting files, not scanning them. After this, I could not open any internet browsers or run "task manager." Instead, this "anti-virus" program would pop-up and say (paraphrased) "that program has been found unsafe and is blocked, to fix the program please enter your credit card info and buy the upgraded version."
At this point, I finally realized this was not a legit program.
I looked up the problem online and it seemed the Malwarebytes program was going to be able to fix it. I downloaded the program on another computer, put it on a thumb drive, ran it on the infected computer, and seemingly everything was fixed!
I also downloaded Securnia PSI and began using it to check/update programs that might have been vulnerable.
Everything ran fine for a few days.
In the last 24-ish hours, Norton keeps popping up saying "an attack on your computer has been blocked" and then it gives a some information that I don't really understand. A series of IP addresses and a long harddrive location ending in svchost.exe.
I get this message constantly. Seems to be more while surfing the net (regardless of site). Again, Norton claims to be blocking the attacks and that "no action is required."
I've run several full system scans but nothing is found.
I did some searching and heard that a "rootkit" is a type of virus that Norton might not recognize that could be responsible for these issues. However, I ran "Blacklight" and it found nothing.
Also, once a day I get an error saying "Generic Host Process for Win32 Services has encountered a problem and needs to close." My taskbar then changes from its usual blue to gray and the smooth edges of certain WinXP applications (calculator, etc.) become blocky and ... basic-looking.... hard to describe.
Before I made this post, I tried to go through the bleepingcomputer "Preparation Guide." I tried to set up my firewall but it said "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service? YES/NO"
So I click Yes and get "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service. OK"
What is wrong!? What can I do?! =
I'm really not great with advanced computer troobleshooting so.... feel free to speak to me like a 5-year-old.
Thanks in advance! I really need your help!!
"HTTPS Tidserv Request 2"
"HTTP Tidserv Request"
are the names in Norton.
Also, in addition to svchost.exe, firefox.exe is getting flagged in these.
Lastly, each "blocked attack" is coupled with a "Pending" "IPS Detection Statistical Submission" at the exact same time.
Just noticed those because Norton wasn't bringing them to my attention.....
by the way, here's the thread with the up-to-date information on this situation:
Edited by JAL36, 18 October 2010 - 09:42 PM.