Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is www.symantec.com down?

Started by Buchas , Nov 13 2004 10:03 AM

  • Please log in to reply

#1
Buchas
Posted 13 November 2004 - 10:03 AM

Buchas

    New Member

  • Member
  • Pip
  • 6 posts
It has been two weeks since the last Symantec virus definition update (2004 10 29) on my PC. Is it down or is it just me having problems accessing Symantec?

I can't open www.symantec.com with Internet Explorer6 and Opera7. However I have no problems opening other internet sites.

I'm afraid it might be some kind of virus, that prohibits me from renewing virus definitions.

Here is the error message:
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Unable to connect to host
LiveUpdate could not connect to your Internet Service Provider. Verify your dial-up information is correct.
LiveUpdate session is complete.

Any ideas?
  • 0

Advertisements

#2
Yarnouth
Posted 13 November 2004 - 10:18 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Hi Buchas. I'm not sure from what you've mentioned what it can be. Symentec Updates are definately not down. I have had updates every day for the last 6 days in a row.

There was a new liveupdate .exe recently called lucomsrv2.5 ( Don't look or quote me on this. It is named something like it.) or something similar. Basically to integrate the updater with Service Pack 2. Have you got SP2? The lucomsrv2.5 will be in program files symentec updates folder

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Yarnouth
Posted 13 November 2004 - 10:19 AM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
Here is the proper name: LuComServer_2_5.EXE
  • 0

#4
admin
Posted 13 November 2004 - 01:02 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
I would reinstall live update from here:
http://www.symantec....iles/lu/lu.html
  • 0

#5
Buchas
Posted 13 November 2004 - 01:55 PM

Buchas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
There is no file named "LuComServer_2_5.EXE" in my C:\Program Files directory. The closiest ones are LuComServer.exe and LUInit.exe.

Originally posted by Admin:
I would reinstall live update from here:
http://www.symantec....iles/lu/lu.html


As I said, my browsers can't open www.symantec.com. This links as well.

Here is HijackThis log after PC restart:

Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Programos\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Programos\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~2\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\rpcxsys.exe
C:\Programos\StrokeIt\strokeit.exe
C:\WINNT\system32\internat.exe
C:\Programos\Hotmail Popper\hotpop.exe
C:\Programos\BestCrypt 7.10.3\BCResident.exe
V:\download\software\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iccf-webchess.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 62.212.199.54 gg.muchina.com
O1 - Hosts: 62.212.199.54 ogg.muchina.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programos\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Programos\StrokeIt\strokeit.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~2\SERV-U~1.1\SERVUT~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Hotmail Popper.lnk = C:\Programos\Hotmail Popper\hotpop.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programos\BestCrypt 7.10.3\BestCrypt.exe
O4 - Global Startup: Zone Labs Security.lnk = C:\Programos\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Programos\flash\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Programos\flash\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - AppInit_DLLs: hplun.dll
  • 0

#6
Yarnouth
Posted 15 November 2004 - 03:30 PM

Yarnouth

    Visiting Staff

  • Member
  • PipPipPip
  • 508 posts
You have a worm
Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

After plese post a new log.
  • 0

#7
Buchas
Posted 16 November 2004 - 04:08 AM

Buchas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I think I have removed worm.
I googled for rpcxsys.exe, and found a link rpcxsys.exe manual removal. However I couldn't open it (virus prohibited opening certain sites), so I asked a friend to email that page to me. I followed all steps there, after that I was able to open symantec website, download Intelligent antivirus definitions updater. Restarted PC, and NAV has caught the worm. Now rpcxsys.exe is sitting in quarantine. <_<

However, I still couldn't retrieve virus definitions with LiveUdate. I had the following error.

Initializing...
Unable to connect to host
LU1814: LiveUpdate could not retrieve the catalog file of available Symantec product and component updates. Please verify that you are able to connect to the Internet and run LiveUpdate again.
LiveUpdate session is complete.

So I took admin's suggestion, reinstalled LiveUpdate, and now everything works smoothly. I have no complaints, but still here is the log, maybe you'll find smth i don't see :D

Logfile of HijackThis v1.98.2
Scan saved at 12:05:02 PM, on 11/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Programos\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Programos\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~2\SYMANT~1\SYMANT~1\vptray.exe
C:\Programos\StrokeIt\strokeit.exe
C:\WINNT\system32\internat.exe
C:\Programos\Hotmail Popper\hotpop.exe
C:\Programos\BestCrypt 7.10.3\BCResident.exe
V:\download\software\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iccf-webchess.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 62.212.199.54 gg.muchina.com
O1 - Hosts: 62.212.199.54 ogg.muchina.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programos\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~2\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Programos\StrokeIt\strokeit.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~2\SERV-U~1.1\SERVUT~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Hotmail Popper.lnk = C:\Programos\Hotmail Popper\hotpop.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Programos\BestCrypt 7.10.3\BestCrypt.exe
O4 - Global Startup: Zone Labs Security.lnk = C:\Programos\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Programos\flash\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Programos\flash\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - AppInit_DLLs: hplun.dll

Oh, and thanks for the links, but I guess there is no need to run those scans now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP