Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Is Killing My Norton


  • Please log in to reply
3 replies to this topic

#1 girrl88

girrl88

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Yeehaw y'all, I'm from Texas!
  • Local time:04:22 PM

Posted 16 April 2006 - 04:15 AM

I've run Ad-Aware & Spybot S&D and several anti-virus programs but I can't find what's made my Norton Internet Security go crazy.

My Norton says that the LiveUpdate is running all the time even though the virus definitions are dated 3-22-06. I tried to uncheck the box for the automatic LiveUpdate but it says I can't because LiveUpdate is already running. When I went to the Symantec web site and tried to update the virus definitions with the auto fix option there I got a message saying

Security risk found - Critical Issue FIX IT FOR ME View details
Norton AntiVirus 2005 could not remove one or more files that are possible security risks. These files are: *and this is just a blank space, no file names or anything else*

but when I click the FIX IT button it freezes up my browser. When I try to update the virus definitions it freezes up my browser.

I tried to get online tech help from Symantec. They told me to delete LUCOMS~1.EXE from my task manager but I can't because it says the LiveUpdate is running.
I tried to uninstall the whole darn thing but can't because the LiveUpdate is running.
The rep had me download some files to delete the Norton (MSIFIX.bat, SymNRT.exe, and SYMMSICLEANUP.reg) but they didn't work because the LiveUpdate is running.
The rep then told me to do a clean boot and I started going through the steps but when I got to deleting the contents from the C:\WINNT\Temp\ there were 3 files I couldn't delete because they were "in use".


Sooo, here is my HijackThis log. I'm really hoping that this will either provide a clue to what's going on or motivate me to just reformat the whole silly thing.



Logfile of HijackThis v1.99.1
Scan saved at 3:17:54 AM, on 4/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\dw15.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVStub.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -
C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program
Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program
Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security
Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220
Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series]
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220
Series" /M "Stylus Photo R220" /EF "HKCU"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vto_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b_site.cab?1134
793367346
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://eu-housecall.trendmicro-europe.com/.../win32/activex/
hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet
Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)


Also that last entry for the Linksys router, it's a new problem. I started getting an error for this file whenever I try to shut the comp down but it only started last week and I've been running this setup for 4 months and I haven't messed with any of the files for the router.
I'm starting to feel a bit :thumbsup:

Many thanks for helping... or trying to help... or telling me to just forget it and wipe the whole thing clean. :flowers:

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:22 PM

Posted 22 April 2006 - 10:25 PM

Hello girrl88 and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

The issue with Norton is not a malware issue but I would try stopping the Live Update services as described below and then removing Norton.

Click Start->Runand then type services.msc into the editbox and clickthe ok button.

Scroll down the list of services and look for Automatic LiveUpdate Scheduler. Double-click on it to open the properties dialog. In the Startup Type dropdown choose Disabled. Then click the Stop button to stop the serviceand then click the Apply and Ok buttons.

Do the same for the LiveUpdate service.

Reboot the machine and then try and uninstall all Norton/Symantec programs.

If that does not work then I recommend posting a questionin the Anti-Virus forum and see what tricks they have up their sleeves.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 girrl88

girrl88
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Yeehaw y'all, I'm from Texas!
  • Local time:04:22 PM

Posted 23 April 2006 - 02:12 AM

Thank you so much for reviewing my HJT log and telling me how to disable the Live Update. I finally had a brainstorm last night while my ISP was updating... my comp was taking a looooong time to startup (I think partially because of the Norton freaking out) and I managed to restart and get into the control panel and uninstall it from there before the Norton had loaded up and started running the LiveUpdate. I felt like an absolute genius :thumbsup:

I reinstalled Norton and got all the updates loaded up again and my comp is running beautifully. And now that you've confirmed that my HJT log is good I'll go get my Windows updates as well.

I'm going to print out the instructions you gave me just in case this ever happens again because this has not been fun. But now I'm curious, do you know what caused my Norton to freak out like that? :flowers:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:22 PM

Posted 23 April 2006 - 09:08 AM

Hi girrl88. Good job! We'll make a geek out of you yet haha.

It's hard to say exactly why Norton went bezerk. It seems like many of the big anti-virus/security programs have a tendancy to do that. They are a bit bloated and create alot of services which tie into everything on a system and then when one of the services doesn't work properly it brings the system to its knees. Norton isn't the only one that does that.

There are a couple of excellent free anti-virus programs so if you ever get tired of paying for a yearly subscription for your anti-virus program you might want to consider one of those. I switched from Norton (due to the same issues that you just went through) to the free version of Avast and have never had any problems with it. Plus, it's free :thumbsup: . Check out these if you are interested:You should also have a good firewall for blocking unwanted access to and from your computer. These also are free for personal use (I use Kerio):It is best to have both a firewall and anti virus to protect your system and to keep them updated.

Cheers and happy computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users