PC: Dell Inspiron 620
OS: Windows 7 Home Premium - Service Pack 1
Browser: Windows Explorer 11
On Saturday, June 21, my computer suddenly and inexplicably rebooted itself. I'm not exactly sure of the sequence of events, but my best guess is that I powered up my machine, a dialog popped up "Do you want to allow the following program to make changes to this computer?" (Program name: A tool to aid in developing services for Windows NT, verified publisher: Microsoft Windows, Program Location: "C:\Windows\System32\sc.exe" start "Garmin Core Update Service"). I clicked "OK" and then connected my machine to the internet. I'm not sure if I started to play some internet games while the Garmin software updated or after. But while playing the games, my system rebooted.
After the pc rebooted and I reconnected to the internet, I started to receive popup messages from Norton 360 that it had blocked access to my system. The exact text is as follows:
Norton blocked an attack by:
Trojan.Viknok Activity 3.
In the popup, there was a link to "View Details".
The attacking sites were listed when I clicked "View Details" There were several:
Here are the actions that I've taken:
Researched Trojan.Viknok Activity 3. There wasn't much information. The Symantec site didn't seem to have much on the Trojan, the security response is as follows:
**** BEGINNING OF NORTON SECURITY RESPONSE FOR Trojan.Viknok Activity 3 *****
Severity: High This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
The Trojan then infects the following file so that it executes whenever Windows starts:
- Windows 2000, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
**** END OF NORTON SECURITY RESPONSE FOR Trojan.Viknok Activity 3 *****
As you can read above, the recommended advice is to take immediate action, but which specific actions should be taken are left unsaid. And, I just noticed, Windows 7 is not listed.
This being the case, I decided I needed to get back to a clean system. I have a Dell computer and had created a repair disk (flash drive) sometime last year. I booted the flash drive, selected the option to backup my disk image and selected files (which I did to an external 500GB drive). The Dell DataSafe Local Backup software said that it would restore my system and then copy my selected files back to my system. The interface was a bit confusing and I ended up restoring back to the factory image; none of my files were copied back to the system. After much angst and more research, I managed to retrieve the files, or so I thought. The Dell DataSafe Local Backup listed all my files, but did not have those files. The one file I was most interested in did not get restored--I tried restoring it and it alone to an empty folder, and the backup/restore software restored a different file. I tried restoring three files from my backup to an empty folder and again got different files.
The only thing that I could do was move on, so I started loading software back onto my system. First, the Norton 360 software. Next, I started updating Windows 7. This was a long process and gave me time to think. It occurred to me that I had backed up an image of my disk before trying to recover my system. The Norton popups had disappeared, but I needed my mail file and the other file--and I couldn't help but think what other important files I was missing; so I decided that I needed to restore the disk image. I knew that I would get the Norton popups on Trojan.Viknok Activity 3 after reverting back, but I had to do it.
I restored the image, connected to the internet and the Norton popups started happening again as I had predicted, one after the other.
I'm not sure who to contact at Norton. I would think they would want to investigate this further. I'm pretty sure they've probably already seen this before, but there is no clear avenue to take to contact them. Their technical support seems to want money before they'll talk to anyone.
So I have several questions. Do I have an infection? Since my factory restored system did not get "attacked" (as described by the Norton popup), was the software running on my pc triggering the attack? How do I get it to stop? (Along the line, someone suggested rebooting my modem and router, which I did; but the popups did not stop.) I also have a laptop (some funny things were happening on it, but I think they have been resolved), but I do not get and have never gotten the Norton popups on it (I'm creating this post on the laptop). What should I do next?
The folks in the Norton Community suggested (not to me, but in a few other posts) to contact the folks at four different sites. You guys were at the top of the list. So, can you help?
Edited by hamluis, 26 June 2014 - 12:55 PM.