Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Norton Antivirus 2005


  • Please log in to reply

#1
hovs12

hovs12

    New Member

  • Member
  • Pip
  • 2 posts
hello,

i bought my laptop with norton antivirus 2005 preinstalled. it was running fine until yesterday. My wife opened an email with an attachment called be_not_jealous.
It was a text file saying "Sorry". Afterwards we ran a scan to see if it was a virus.

Norton did not find a thing. this morning i thought i would try another scan.
Norton does not start. I got an error telling me it was corrupt of had files missing. Needed to be reinstalled. I tried and tried and i keep getting the same message.

Any help would be much appreciated.

Also, i can not go to symantec's website for help.

thks,
Hov
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
If you can, run Panda scan

Panda Scan

Panda should auto-clean
  • 0

#3
hovs12

hovs12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
tks Keith. I used another online antivirus.
Was infected with Bagle.bh

it attacks Norton and a few other antivirus programs as weel as not giving access to their websites.

once i removed it, norton seems to working well.

hov
  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Which one did you use
  • 0

#5
Bizerk88

Bizerk88

    New Member

  • Member
  • Pip
  • 2 posts
I just got an email to and it was from someone named 'bizerk' and thats my most commen name and i opened it. i know a bit about networking... ill leave it at that. anyway he didnt have an X-Originating IP so i knew it had been forged. and the originating IP's that it had were counterflicting. then i ran a search for the attachment "be_not_jealous.zip" and i got this thread. what most made me wonder was that it was from "Bizerk79@aol.com" and i have an aol account thats Bizerk88. very odd. and my hotmail, on which i got it, is also called bizerk. i wonder if this is from a hijacked computer or not, because if it is ill inform the person some how. if its not... then i dont know.
-biz
  • 0

#6
gotoakandfreeze

gotoakandfreeze

    New Member

  • Member
  • Pip
  • 7 posts
:tazz:

Hello,

I have the same thing happening.

I will tell you that I am pretty sure I got it from:

http://unknownorigin...ezik/ntuser.avi

That is the last thing I clicked before my firewall blew up, then the e-mail with Be_not_jealous.zip with contents of my desktop.

It spoofed (prolly): mailto:fabian.camenzind@risk.sungard.com

That guy and the site are real.

Let me know what you think. I finally completed a pandascan without a blue screen of death. I have yet to find anything other than very slow running and several DOS (65.61.181.240) too many port scans to mention, and 13 trojan active aimspy's (in a minute or so) from pubcu-akamai-vip.conxion.com.

It could be a grand coincidence, but I doubt it.

Something is deleting my help files after I use them. Many bad blocks on my HD.

Spybot is clean over and over again.

Nortons is clean every time. Every online scan is clean.

Just because I am paranoid doesn't mean they aren't after me!

Help!

-freeze
  • 0

#7
hailey

hailey

    New Member

  • Member
  • Pip
  • 1 posts
i see im not the only 1 that opened this darn email Be_not_jealous up...i found it in my junk mail last night and opened it...the sender was haileymiller1426@yahoo.com...they used my name and it really thru me off....so like a dummy i opened it...i tired 2 get it off but couldnt....finally 2day i went online and purchased Xoftspy and it removed it all...so let us all learn a lesson ... NEVER open up a email from some1 u dont know even if that some1 is u (in my case) lol...tc...hagd ev1
  • 0

#8
gotoakandfreeze

gotoakandfreeze

    New Member

  • Member
  • Pip
  • 7 posts
Well,

I tried Xoftspy... nothing. I guess it is possible that I don't have anything. Odd how many BSOD's and trojan attacks I got. Plust there is the whole mail that got sent.

Anyone have suggestions?

-freeze
  • 0

#9
Bizerk88

Bizerk88

    New Member

  • Member
  • Pip
  • 2 posts
Hmm this is interesting. as what it seems it gives you an email from one like/similar to yours... clever. okay, a note to all you noobs out there: when you get an email like this one search on ask jeeves or something. i found this thread by doing that and i saw someone else had opened it and screwed themselves. i cant think of how they got my email. its my private one that i dont give out often... alright, this looks fairly new because of norton failing and yadda yadda. i suggest that you update your virus protection. anyone want to help track this down?
  • 0

#10
gotoakandfreeze

gotoakandfreeze

    New Member

  • Member
  • Pip
  • 7 posts
The saga continues...

Today Norton's found 2 spyware.perfect files, but could not delete them. My auto update is broken, and I can't reinstall.

I manually deleted those files.

Fun stuff!
  • 0

#11
gotoakandfreeze

gotoakandfreeze

    New Member

  • Member
  • Pip
  • 7 posts
Also... The bottom two lines of my msconfig/startup are text boxes where the name of the service should be, that point somewhere in HKCU/Windows NT/...
I went there, but didn't see anything obvious, but I am clueless.

Lates...
  • 0

#12
starjax

starjax

    Global Moderator

  • Global Moderator
  • 6,591 posts
there are several new viri out doing this. very similar to the bagel virus.
W32.MYtob.... vith varients. however symantec does have a cleaner and defs for it.

Description: Trojan.Tooso.F is a Trojan horse that interferes with the operation of security software by terminating processes, stopping services, removing registry entries, and deleting files. This Trojan is similar to W32.Beagle@mm but it does not send emails.

the alert for this one came out on april 16th, and at that time symantec did not have virus signatures for it.

and after a bit of searching:

W32.Beagle.BP@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on the compromised computer on TCP port 80.


more info here


First rule of thumb is to never open an attachment from someone you don't know.

Second rule is to run WindowsUpdates. these take advantage of an unpatched system... of course once you open the attachment you become infected. by being patched you prevent it from spreading.

also, regarding email spoofing, a good host (provider of your email) will not allow delivery of messages not sent specifically to you. for example some providers will allow anything addressed to username*wildcard*@host.com. for example bizek88 is getting everything with bizek in the address. Good providers don't allow that. Infact i switched host providers for my website for this very reason.

hope this helps.

Starjax
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP