Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Norton Dosen't Work Anymore!

Started by ChrisP , Jul 05 2005 09:29 PM

  • Please log in to reply

#1
ChrisP
Posted 05 July 2005 - 09:29 PM

ChrisP

    New Member

  • Member
  • Pip
  • 5 posts
When I try to use my norton antivirus, it's only load up a blank window, I can't update my definitions or scan my computer. I tried to uninstall and reinstall it, but it just dosen't do anything.


everytime i start my computer I get a prompt telling me netdc.exe or dll. not sure is missing, plus when I load up my IE, I get only thr best advertisements and favorites I never added.

thanks in advance
  • 0

Advertisements

#2
Michael
Posted 05 July 2005 - 10:12 PM

Michael

    Retired Staff

  • Retired Staff
  • 1,869 posts
Try this uninstall Norton and make sure the folders are gone in Windows Explorer. and the get a progrm that remove unused things fron your regersty and run this to remove all those created by Norton (you will have to remove all the unused stuf from you regersty, this will help you computer) and then reinstall Norton, Hope it works.

if you do not have a regersty cleaner go Here to see a topic that I posted with some very good links in it.
  • 0

#3
starjax
Posted 05 July 2005 - 10:47 PM

starjax

    Global Moderator

  • Global Moderator
  • 6,678 posts
you have a virus among other things:

http://www.sophos.co...ojdumaruap.html

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT Log and the Ewido Scan .txt Log file you saved by using Add Reply

keep in mind that I recomend that after you update your definitions for ewido that you reboot into safe mode and run the scan from there.

follow the instructions HERE
and post back in this thread if you still have issues after removing the virus and malware.

thanks,
Starjax.
  • 0

#4
ChrisP
Posted 07 July 2005 - 12:37 AM

ChrisP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:10:06 PM, 7/6/2005
+ Report-Checksum: F5CC6A7A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A01394EE-8B14-B1D4-AE65-22E7424A71D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta family@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Panetta Family\Cookies\panetta [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\adddf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:txoxkv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ipjk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntsautodial.ini:bcdjfc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:tdvozm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setuplog.txt:kpzyug -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addla.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apirq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cruu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\dsjrq.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\iegs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieqm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntuv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\oanzm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\syscp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysna.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vbaddin.ini:mrhiqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\win.ini:frznkq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:dlbmsb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wincp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\zebvl.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_default.pif:bzwspe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:feliq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fxmlo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:uaoxjg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:uxjden -> Trojan.Agent.bi : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 2:35:28 AM, on 7/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Panetta Family\Desktop\Security\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zebvl.dll/sp.html#73077
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zebvl.dll/sp.html#73077
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC91388-6832-49F3-9543-6C83F3F0B132}: NameServer = 206.47.244.91 206.47.244.14
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winpm.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks for the help, but for some reason I can't use norton yet and when I tired to update with live update it couldnt get the new definitons for internet worms
  • 0

#5
Night_Shift
Posted 07 July 2005 - 01:44 PM

Night_Shift

    Member

  • Member
  • PipPip
  • 40 posts
hey, you should never run or install anything "NORTON" :tazz:
  • 0

#6
starjax
Posted 07 July 2005 - 05:22 PM

starjax

    Global Moderator

  • Global Moderator
  • 6,678 posts
I just moved this to the malware forum. someone will be with you shortly to help you finish cleaning up your malware.

Starjax
  • 0

#7
ChrisP
Posted 10 July 2005 - 08:52 PM

ChrisP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ok thanks guys
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP