Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Norton IS Says Malware blocked from this site

Started by MarcL , Jun 22 2005 06:05 AM

  • Please log in to reply

#16
Wizard
Posted 26 June 2005 - 01:14 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,Now this is interesting!

Does this reflect you ISP

69.65.0.0 - 69.65.63.255
CREATIVE INTERNET TECHNIQUES
700 Commerce Drive 5th Flr.
Oak Brook, IL
US

Locate and Delete

C:\WINDOWS\FT2_0_0_629_GEPFAH.EXE

There may be variations of that file with different numbers so look closely for any extras in there!

Open HijackThis and Click Config>>Misc Tools>>Open Untinstall Manager>>Save List...>>Save it to your Desktop!

Post that log along with a fresh HijackThis log!
  • 0

Advertisements

#17
MarcL
Posted 26 June 2005 - 06:54 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Cretemonster.

Deleted the file as reqested. There was only one.
That is NOT my ISP provider. I am in Toronto, Canada., and my provider is Bell Sympatico. Bizarre!!!

Here is the first log you asked me to save to the destktop:

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Photoshop 7.0
Adobe Reader 6.0.1
AOL (Choose which version to remove)
AOL Connectivity Services
AOL You've Got Pictures Screensaver
Broadcom Advanced Control Suite 2
Business Contact Manager for Outlook 2003
Capture One LE 3.6
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Creative MediaSource
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
ESPNMotion
ewido security suite
GemMaster Mystic
HijackThis 1.99.1
hp LaserJet 1010 Series
Intel Application Accelerator
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1 (SR1)
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
MSRedist
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton SystemWorks 2003
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Otto
PowerDVD 5.3
QuickTime

And, here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:41 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJThis\HijackThis.exe
C:\WINDOWS\system32\HPBPRO.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#18
MarcL
Posted 26 June 2005 - 07:17 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Cretemonster, this is getting really really bizarre. I tried to acess the forums on my computer after deleting the file, in case something would have changed, and I got the same message from Norton IS. However, I noticed at the same time that I was getting attacked at a massive pace -- about 105 supposed attacks in a few minutes, all blocked. I was watching them come in. The attacker is 69.65.20.162. -- identified as Geeks to Go. I got the log as well for the "intrusion attempt" that was supposedly blocked> Here it is:

Details: Intrusion detected and blocked. All communication with www.geekstogo.com(69.65.20.162) will be blocked for 30 minutes.

You can get detailed information about this attack at Symantec Security Response.


Details: Attempted Intrusion "HTTP Netscape Cookie Monster" against your machine was detected and blocked.
Intruder: www.geekstogo.com(69.65.20.162)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: 0.0.0.0.
Attacked Port: 4555.


You can get detailed information about this attack at Symantec Security Response.

Strange enough for you?
  • 0

#19
MarcL
Posted 26 June 2005 - 07:24 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Also, cretemonster, in case this may help, here is my complete outbound NIS log for the past two days:

An instance of "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\IAMSTATS.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\IAMSTATS.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Messenger\msmsgs.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Dell Support\DSAgnt.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Messenger\msmsgs.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\alg.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\lsass.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\ISSVC.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
Firewall configuration updated: 236 rules.
NDIS filtering is enabled.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\ewido\security suite\SecuritySuite.exe" is preparing to access the Internet.
An instance of "C:\Program Files\SpywareBlaster\spywareblaster.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccLgView.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\dwwin.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\CCLGVIEW.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Messenger\msmsgs.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\alg.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\lsass.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\ISSVC.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
Firewall configuration updated: 236 rules.
NDIS filtering is enabled.
An instance of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Messenger\msmsgs.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\alg.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\lsass.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\ISSVC.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
Firewall configuration updated: 236 rules.
NDIS filtering is enabled.
An instance of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\alg.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\lsass.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\ISSVC.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
NDIS filtering is enabled.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
Firewall configuration updated: 236 rules.
An instance of "C:\WINDOWS\system32\Macromed\Shockwave 10\Download.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\Program Files\Messenger\msmsgs.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Outlook Express\msimn.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Internet Explorer\iexplore.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\alg.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Symantec\LiveUpdate\LuComServer_2_6.EXE" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\lsass.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\spoolsv.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\system32\svchost.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Norton Internet Security\ISSVC.exe" is preparing to access the Internet.
An instance of "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" is preparing to access the Internet.
An instance of "C:\WINDOWS\System32\svchost.exe" is preparing to access the Internet.
  • 0

#20
Wizard
Posted 26 June 2005 - 08:26 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK...Lets have a look at the Hosts File!

Open HijackThis>Click Config>Click Misc Tools>Click Open Hosts File Manager>Click Open in Notepad>Copy&Paste the entire Contents of that Notepad Page to your Next Post!
  • 0

#21
MarcL
Posted 27 June 2005 - 06:04 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Good evening Cretemonster...

Here you are:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
  • 0

#22
Wizard
Posted 28 June 2005 - 05:14 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Finally,I got the test PC to do it,Cretemonster was being buzzed by the Cookie Monster and Norton said No No!

I was using IE with SP1 which means the Security Settings in Internet Explorer are configured diferently!

So lets make a few adjustments and see what happens!

Go into Msconfig(Start>> Run>> Msconfig>> OK)

Click the Services tab and Scroll down and locate MDM(Machine Debug Manager)

Uncheck the Box beside it and Click OK>> Close>> Follow Prompts to Restart!

Open up Internet Explorer>> Tools>> Internet Options>> Advanced>> Select the Disable Script Debugging checkboxes!


Internet Explorer>> Tools>> Internet Options>> Press "default level", then OK>> Now press "Custom Level"

In the ActiveX controls and plug-ins section set these options:

"Download singed ActiveX controls"-> Prompt

"Download unsigned ActiveX controls" -> Disable

"Initialize and script ActiveX controls not maked as safe"-> Disable

All other options accept the default.

Restart the Machine and Try to access the site normally!
  • 0

#23
MarcL
Posted 29 June 2005 - 09:06 AM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Cretemonster.

Unfortunately, it did not work. However, note that the only change I made was unchecking MDM. In Internet Explorer Options Advanced, the Disable Script Debugging checkboxes were already checked. In Internet Options, I chose the default level for security, and all the options you wanted me to choose were already chosen. So, it boils down to this -- the only change I actually made was the first one.

BTW, I'm not at work today, so if you have any other suggestions, I'll be able to get back to it much faster. Also, should I cange everything back to where it was (ie MDM being checked)

Again, thanks for your help
  • 0

#24
Wizard
Posted 29 June 2005 - 11:22 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Unless you use the Machine Debug Manager for debugging purposes,I would leave it unchecked!

Being that I got the same error and now Norton Sees it as a threat,I have since stored my Password for this forum and sont receive the error(So Far)!

Did you get that last set of Updates from Norton like 3 or 4 days ago?

I bet this is a part of the problem!

Calling Symantec may be a part of a workable solution and if I run into this again,I plan to do just that!

Imagine me being blocked from here for 30 or more minutes!

LOL,I just went in and Unblocked it when it happened!
  • 0

#25
MarcL
Posted 29 June 2005 - 11:56 AM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Again,

So what do you suggest I do? If you are absolutely certain that there's no threat at all to this, I could just go in and tell it not to block http Netscape Cookie Monster. You may be right about one of the updates. This had never happened to me before. It just happened out of the blue one day (and the day was June 22).
  • 0

Advertisements

#26
Wizard
Posted 29 June 2005 - 02:18 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Cal Symantec Customer Support and explain whats happening and ask about the updates since 1 week ago!

Mine just did it again on the test machine but that one doesnt have passwords saved on it!

I am on the one I modified last night and walked in the door fine!

So if your Infected,I am too! :tazz:
  • 0

#27
MarcL
Posted 29 June 2005 - 04:21 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OK I will do that. I'm going to be leaving on vacation tomorrow, and will not be back until sometime next week, so I may not be able to post until then. So, please do not shut down the thread. I do want to update you on what Symantec tells me. After all, if I'm having trouble with this and you've managed to replicate it, it means that it could turn in to a problem that many people will have. Given you above comments, I will also try to locate the cookie that stores my username and password, zap it, and see if I can get through.

Again, thanks for your help!!!
  • 0

#28
MarcL
Posted 29 June 2005 - 06:35 PM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Cretemonster,

Do you know if Symantec has a free support number? What I found implied charges. :tazz: I'll pay if I have to, but I'd rather not. BTW, I deleted the Geeks to Go Cookie, and that didn't change anything either.
  • 0

#29
Wizard
Posted 30 June 2005 - 01:21 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Just for you 1-800-441-7234

I knew something was changed in the settings

Open up NIS and Click on Status and Settings>> Click Firewall>> Click Configure>>Click Program Control>> Scroll Down the list>> All Internet Explorer Instances must have "Permit All">> If not Double Click that Instance and Change the rule to "Permit"

Any Instances Of IE that wont let you change the settings>> Highlight and Select "Remove">> Click OK

Now Click "Advanced">> "General">> Scroll the list to "Block Access to Secure Sites">> Double Click and Change to "Permit"

Log out of the site!

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)

Restart the PC and Access the Site and let me know what happens!

I really mus like you,Spent an Hour on the Phone with a lady from Symantec that is based in India ;)

Most of the Convo consisted of me saying "HUH" :tazz:

Hope this does the trick!
  • 0

#30
MarcL
Posted 30 June 2005 - 09:40 AM

MarcL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks a million for that!! :tazz: Unfortunately, I have to leave, and won't be back until Tuesday at the end of the day. I'll definitely try the fix the minute I get back. So, please keep the thread open, and I'll get the results to you immediately upon my return.

Again, thanks for your help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP