Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Comcast Norton takes too long to run


  • Please log in to reply

#31
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The log you requested:SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
WebSite: www.safezone.cc
DateLog: 22.08.2017 18:36:34
Path starting: C:\Users\sucat\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: sucat
VersionXML: 4.50s-22.07.2017
___________________________________________________________________________

Windows 10(6.3.15063) (x64) Core Release: 1703 Lang: English(0409)
Installation date OS: 14.05.2017 15:45:44
LicenseStatus: Office 16, Office16HomeStudentR_Grace edition Windows is in Notification mode
LicenseStatus: Windows®, Core edition The machine is permanently activated.
LicenseStatus: Office 16, Office16HomeStudentR_Retail edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [899.7 Gb] Used: [136.8 Gb] Free: [762.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.540.15063.0 [+]
User Account Control enabled
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
Norton Security Suite (disabled)
Malwarebytes (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Norton Security Suite
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
Norton Security Suite (disabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Norton Security Suite v.22.10.0.85
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.1.2.1733 v.3.1.2.1733
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.1 Warning! Download Update
Microsoft Silverlight v.5.1.50907.0
TeamViewer 12 v.12.0.81460 [+]
LibreOffice 5.1.6.2 v.5.1.6.2 Warning! Download Update
TeamViewer 12 (TeamViewer) - The service is running
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.6.2.20
Bonjour v.3.1.0.1
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 26 NPAPI v.26.0.0.151 [+]
Adobe Flash Player 26 PPAPI v.26.0.0.151 [+]
Adobe Acrobat DC v.17.012.20095
Adobe Acrobat Reader DC v.17.012.20095 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.60.0.3112.101 [+]
Mozilla Firefox 55.0.2 (x86 en-US) v.55.0.2 [+]
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 52.3.0 (x86 en-US) v.52.3.0 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.3.0.0.1068
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.479
Norton 360 (N360) - The service is running
C:\Program Files (x86)\Norton Security Suite\Engine\22.10.0.85\n360.exe v.15.0.0.80
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
Windows Defender Antivirus Service (WinDefend) - The service has stopped
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
 Now can I reinstall Comcast Norton? Again, do we need to remove the quarantined items from the computer before reinstalling Comcast Norton? I do not want them back on my computer, I want them GONE!

 

Thanks for reading this! :) :)

Susan


  • 0

Advertisements


#32
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
Hi Susan

It looks like the scan has removed the threats found on the E drive in your back ups. They were indeed in the firefox profiles so why the scan took a while with them. There should be no further action needed.

C.N can be reinstalled again. :)

Back ups

Your C drive now appears to be clean so take a back up of this and I would recommend deleting any older back ups on your E drive.

Now the good bit..

Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    Staying Protected

    Malwarebytes - Update and run weekly to keep your system clean.

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • If installing for the first time you will get asked if you want to whitelist items in known blocked locations. Say No to this.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.


    Useful tips
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    That's us finished the cleaning process. It's been a pleasure working with you.

    P.S Please don't forget to post the Delfix log.

  • 0

#33
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Ok. I am late in posting because I wanted to ensure I understood somethings about my backup system and double check USB connection types (I.E. was the C. N. run also slow because of improper choice of USB 2.0 over USB 3.0).

I was satisfied to find that E: is indeed connected via USB 3.0 connector(computer has both kinds of connections). I was dissatisfied to find out that WD Back up does not have a mechanism for deleting particular backups: you must wipe the drive to remove backups. The wiping method available to do this does not work for me. Snap-Happy Susan did not snap a jpg when this happened! I ended up formatting E: via Windows 10.

 

I have security questions about this set up as it seems that if I want to remove a file from E: it must be removed from the originating drive in order for it not to be backed up on E: I am assuming from what I have read, Norton encrypts quarantined files so they exist on the computer. Does this mean that the quarantined files that exist on the computer will automatically be replaced on E: the next time backup occurs?

 

I removed Malware Bytes before I reinstalled C. N. because I thought it had been the best practice to remove it before reinstalling Norton. I removed the PUPs identified by MBAM prior to uninstalling MBAM via Programs in Windows.

 

Installing C. N. I changed a few settings to turn on "foxfire history" removal and I am trying to remember what else. I ran Norton Insight before running a full scan which COMPLETED. After C. N. was reinstalled, I did immediately do "Live Update" until no more available, but there was a time lag between that and the running of the complete scan. It seems easier to take jpgs than to get a nice copy of scan results. The results presented are the first full scan after reinstall; apparently many quick scans were run between last post and this. See photo:https://www.dropbox....nstall.jpg?dl=0

 

If you prefer logs:Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Total Security Risks Resolved,Total Security Risks Requiring Attention,Tracking Cookies,Tracking Cookies Resolved,Recommended Action,Component Name,Good driver (Signer: Microsoft Windows Hardware Abstraction Layer Publisher),Good driver (Signer: Microsoft Windows),Good driver (Signer: Symantec Corporation)
8/24/2017 4:05:55 PM,Info,Quick Scan results,Completed,0:00:02:41,"10,176","6,134",772,"2,666",600,4,732,0,0,0,0,,,,,,,
8/24/2017 1:52:56 PM,Info,Full System Scan results,Completed,0:04:36:45,"1,843,567","1,839,498",772,"2,691",602,4,"5,355","45,636",0,0,0,,,,,,,
8/24/2017 10:20:18 AM,Info,Quick Scan results,Completed,0:00:03:30,"10,001","6,102",772,"2,523",600,4,706,85,0,0,0,,,,,,,
8/24/2017 3:18:51 AM,Info,Quick Scan results,Completed,0:00:03:03,"10,182","6,133",772,"2,673",600,4,732,0,0,0,0,,,,,,,
8/24/2017 12:46:00 AM,Info,Quick Scan results,Completed,0:00:03:24,"10,375","6,140",772,"2,753",706,4,198,0,5,5,0,5,5,,,,,
8/24/2017 12:20:21 AM,Info,Early Launch Anti-Malware scan,Completed,,47,,,,,,,,0,,,,,No Action Required,Early Launch Anti-Malware,"C:\WINDOWS\System32\drivers\intelpep.sys, C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys, C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys","C:\WINDOWS\System32\drivers\msrpc.sys, C:\WINDOWS\System32\drivers\werkernel.sys, C:\WINDOWS\System32\drivers\tm.sys, C:\WINDOWS\system32\PSHED.dll, C:\WINDOWS\system32\BOOTVID.dll, C:\WINDOWS\System32\drivers\clipsp.sys, C:\WINDOWS\System32\drivers\cmimcext.sys, C:\WINDOWS\System32\drivers\ntosext.sys, C:\WINDOWS\system32\CI.dll, C:\WINDOWS\system32\drivers\CEA.sys, C:\WINDOWS\System32\drivers\storport.sys, C:\WINDOWS\system32\drivers\NETIO.SYS, C:\WINDOWS\System32\drivers\fwpkclnt.sys, C:\WINDOWS\System32\drivers\CLASSPNP.SYS, C:\WINDOWS\System32\drivers\pcw.sys, C:\WINDOWS\System32\drivers\vdrvroot.sys, C:\WINDOWS\system32\drivers\pdc.sys, C:\WINDOWS\System32\drivers\partmgr.sys, C:\WINDOWS\System32\drivers\spaceport.sys, C:\WINDOWS\System32\drivers\volmgr.sys, C:\WINDOWS\System32\drivers\volmgrx.sys, C:\WINDOWS\System32\drivers\mountmgr.sys, C:\WINDOWS\System32\drivers\storahci.sys, C:\WINDOWS\System32\drivers\EhStorClass.sys, C:\WINDOWS\System32\drivers\FLTMGR.SYS, C:\WINDOWS\System32\drivers\fileinfo.sys, C:\WINDOWS\System32\Drivers\Wof.sys, C:\WINDOWS\System32\drivers\CLFS.SYS, C:\WINDOWS\System32\Drivers\NTFS.sys, C:\WINDOWS\System32\drivers\ksecdd.sys, C:\WINDOWS\System32\Drivers\Fs_Rec.sys, C:\WINDOWS\system32\drivers\ndis.sys, C:\WINDOWS\System32\Drivers\ksecpkg.sys, C:\WINDOWS\System32\drivers\tcpip.sys, C:\WINDOWS\System32\drivers\wfplwfs.sys, C:\WINDOWS\System32\DRIVERS\fvevol.sys, C:\WINDOWS\System32\drivers\volume.sys, C:\WINDOWS\System32\drivers\volsnap.sys, C:\WINDOWS\System32\drivers\rdyboost.sys, C:\WINDOWS\System32\Drivers\mup.sys, C:\WINDOWS\system32\drivers\iorate.sys, C:\WINDOWS\System32\drivers\hwpolicy.sys, C:\WINDOWS\System32\drivers\disk.sys",C:\WINDOWS\system32\drivers\N360x64\160A000.055\SYMEFASI64.SYS

************************************************************************************

So a back up to E: has been performed after E: was wiped clean. Hoping E: is still clean because when I went to do your Delfix, I get a message from C. N. about it:https://www.dropbox....ltafix.jpg?dl=0

 

So I am afraid to go any further until I hear from you. Thanks for the help thus far. I await your reply.
 


  • 0

#34
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
Hi Susan

Ok, so you have removed all previous back ups by re formatting. That's fine.

Your back up will take all the files that are to be backed up on C: and store them in the back up file on E: If there are quarantined files in Norton on the C: drive then these will be copied over in the back up.

Quarantined files will cause no harm to your computer. Usually there is a way to empty the quarantine. I think if you can get into the Norton application and look at history, is there an option to clear entries from quarantine?

Your logs run on the C: drive appear to be clean so your back up should be fine.

Norton is flagging Delfix as a false positive. It is perfectly safe. Please turn off Norton temporarily and download and run Delfix and post the log. :)
  • 0

#35
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

This may confuse you as I have been reading about how to remove malware, viruses etc from computer via the C. N. Quarantine and how to remove the particular malware that C. N. viewed your removal tool as containing.  It may be stupid, but I followed the advice to remove the particular malware that C. N. viewed your removal tool as ****VIA**** Norton Power Eraser.

 *************This malware that I have referred to twice in this post already was the only malware in quarantine after first attempt to use your removal tool.************

 

Pictures save a lot of words so please see this picture folder that refers to what happened when I ran Norton Power Eraser. If you don't understand the pictures please ask me!!!!!

https://www.dropbox....lpao4YRGKa?dl=0

 

After running Norton Power Scan (and I did as many reboots as I was notified to perform), I checked the C. N. Quarantine. Please see photo:https://www.dropbox....mxLML0mHta?dl=0

 

So I am thinking as result of what I see that I must remove the malware via the C. N. Quarantine. I want you to see what was showing when I clicked on clear entries.  It is uncertain as to whether clearing entries just clears the entries or whether it removes only the records of security risks. The resulting "pop up" from the clicking clear entries seems to indicate the later action. See https://www.dropbox....UDfDFrc6Sa?dl=0

 

Confused, I decide to skip this quarantine issue to remove your tools. I go to your post and click on the link. I view:https://www.dropbox....l tool.jpg?dl=0

Picture of what I selected:https://www.dropbox....hecked.jpg?dl=0

 

The log you asked for:

# DelFix v1.013 - Logfile created 25/08/2017 at 18:07:35
# Updated 17/04/2016 by Xplode
# Username : sucat - DEBORAH
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\Users\sucat\Desktop\FRST-OlderVersion
Deleted : C:\Users\sucat\Desktop\adwcleaner_7.0.1.0.exe
Deleted : C:\Users\sucat\Desktop\FRST64.exe
Deleted : C:\Users\sucat\Desktop\JRT.exe
Deleted : C:\Users\sucat\Desktop\Info20170825173000.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #13 [Scheduled Checkpoint | 08/08/2017 04:38:40]
Deleted : RP #14 [Scheduled Checkpoint | 08/17/2017 18:04:25]
Deleted : RP #17 [JRT Pre-Junkware Removal | 08/19/2017 15:58:37]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Now this might look OK, but I find the following left on my desktop: the Emsisoft stuff, WhoCrashed, something mb3-setup......

 

Please look this over and tell me where I've gone wrong. 


  • 0

#36
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
Hi Susan

You've done fine. :)

The Norton power eraser utlility is flagging 2 of my tools as security risks - securitycheck.exe and delfix.exe. Both are false postives. The tools are perfectly safe and pose no risk to your system. It has not identifed anything else.

The Delfix utility is what I use to clean up the applications I have used and this has removed Security Check from your system as highlighted in the log below. Delfix also removes itself. :)
 

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\SecurityCheck
Deleted : C:\Users\sucat\Desktop\FRST-OlderVersion
Deleted : C:\Users\sucat\Desktop\adwcleaner_7.0.1.0.exe
Deleted : C:\Users\sucat\Desktop\FRST64.exe
Deleted : C:\Users\sucat\Desktop\JRT.exe
Deleted : C:\Users\sucat\Desktop\Info20170825173000.txt


It has not removed Emsisoft Emergency Kit or Who Crashed - you can remove these through windows add/remove programs. The MBAM set up file can be deleted from your desktop.

Your machine should now be clear of any suspicious files or potential malware. You've cleared out infected back ups and now have clean back ups in place. With C.N reinstalled hopefully you won't have any crashes. It certainly seems to be doing what it should and hopefully scan times will now be shorter.

Do you have any further questions?

I can see your pictures no problem thanks, for future reference you can also use the windows snipping tool to create a screenshot picture and can post or attach the file directly into the post. Here is a quick guide to the snipping tool.

In your reply, click on attach file, browse to the file and click open. It will upload the file. Then position the cursor where you want the image to display and click on Add to Post. The image will be inserted into your reply. :)
  • 0

#37
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I had an error message when removing WhoCrashed: it had already been removed. :) :) I put Emsisoft  Emergency Kit's set up exe and WhoCrash's exe in the recycle bin. I figured out that it was MBAM's set up exe on the desktop and simply removed that last night. Tools would be ok except....

 

C. N. Quarantine is Not empty.  Today's photo of C. N. quarantine:https://www.dropbox....antine.jpg?dl=0

I am confused as to how to empty it. Please see:https://community.no...uarantined-item

The article dates from 2012 and I have Comcast Norton, not NIS. An expert could tell me if this is still valid.I am not an expert!

 

You want to know why it is not empty. Your flagged tool (first attempt to use) was left there because I could not tell if clearing the entry meant that the item in quarantine was removed as well as the history of it. The article I refer you to distinguished between items placed into quarantine by computer user and those placed there by Norton. When I attempted to download your tool the first time With C. N. Auto Protect still on, C. N. placed it into quarantine.Wanting to get onward to remove your tools, I again went to your link but this time with C. N. Auto Protect Off, it wasn't flagged. Thus there are two instances of Delfix.

 

 

So Decision time: What do you want me to do about my confusion? I am perfectly happy to declare this finished and take up the quarantine issue in the Norton Community forum. But you are in the driver's seat and what is your pleasure? Thanks for your help thus far.  :) :)


  • 0

#38
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
In the security risk window in quarantine there is an options link beside restore. What options do you see?
  • 0

#39
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

OK, I'm in Comcast Norton's security history and showing the quarantine. The word options appears several times in this window.  To be clear about what we are talking about, I'd like to show step by step what is appearing. So the first window we will look at is the security history (showing quarantine).

 

Trying to show you all the places options appears and went to try your snippet tool. I can snip alright but the forum doesn't seem to allow me to directly post it. Drop box works so:https://www.dropbox....apture.PNG?dl=0

 

Notice the yellow buttons in the picture: Add to quarantine, Clear entries, Close. Notice Restore and options underneath Recommended Action. More Options appears in blue below the box with malware details.

 

Now I have clicked on Options which appears next to Restore. Picture of what I see now:https://www.dropbox....apture.PNG?dl=0

 

The two options are :Restore & exclude this file      Remove from history.

 

I await your reply.


  • 0

#40
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
The easiest way to ensure it will not be present at all on your system is to choose option restore & exclude this file. This will restore it to your desktop.
Then run Delfix and it will remove itself.

Let me know how this goes. :)
  • 0

Advertisements


#41
sccm&49HELP

sccm&49HELP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

OK. I did that and it only required an extra step of moving the file from Downloads onto the desktop.

 

Resulting log:Deleted : RP #20 [Scheduled Checkpoint | 08/25/2017 23:16:18]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

If this looks good, I guess we are Done!


  • 0

#42
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,594 posts
:thumbsup:

looks good. :)

Your good to go.

Regards
Bruce.
  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP