Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan?


  • This topic is locked This topic is locked

#16
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Do you have to put a check to the answer 'always'?

Ewido can activate a realtime shield, maybe that's up too. My security delays access too.

Your log is clean.
  • 0

Advertisements


#17
Crackers

Crackers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for not being that clear. It is when I try to update the antivirus programs that norton firewall interupts and asks if I want to block traffic to the internet. I say "allow always" and it keeps going in some cases and freezes up in others. The weird thing is that the next time back to that program it gets blocked again. Therefore i think something is changing it back or has a simple way of blocking other traffic.

By program:

Spybot freezes on update and needs to be restarted.
Ad-aware gives and error in retrieving update.
ewido updates fine. it finds altnet every time.
norton updates fine.

C
  • 0

#18
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Norton Firewall should created a rule if you put a check to 'always allow this action'.

You can created a rule for any program.
Let's create one for AdAware SE 1.06

Open your Norton Internet Security Option window and click on "Personal Firewall" and then on the right side "Configure"

Switch to the register card "Program Control" and click on the bottom of the card "Add"

Browse to the folder that contains AdAware:
By default:
C:\Program Files\Lavasoft\Ad-Aware SE Personal
find the programfile (it's icon is a red circle with a red stripe through it).
mark the file, confirm with OK!

See if you can update if now.
  • 0

#19
Crackers

Crackers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
No, still gives message "error in retrieving update".

And i don't think that will work in this case because it still won't update even when the firewall is turned off.
  • 0

#20
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let dig a bit deeper then.

To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.

1. Please download and unzip Rootkit Revealer to your desktop.[/b]

2. Please leave the defaults set as they are to:
* Hide NTFS Metadata Files: this option is on by default
* Scan Registry: this option is on by default.

3. launch rootkit revealer on the system and press the Scan button.
RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.

4. The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.

5. Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)
  • 0

#21
Crackers

Crackers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is the result:

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 8/24/2005 8:10 AM 80 bytes Data mismatch between Windows API and raw hive data.

Everything else was a "C:\RECYCLER\NPROTECT\" file
  • 0

#22
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Sorry for the late reply, I had to look into this.

As far as I could assess it is just a seed for a random number generator used by an MS encryption process. The seed must have been updated in the background during the RR scan. We can ignore it.

It still looks like Norton Firewall is the cause.

Run the application scan under internet, deleted everything in the list (You can delete all of the apps that you gave permission, if you use it again, it will ask for you permission again), then enabled automatic Internet access control.

Seems like some rule in there is keeping these programs from updating.

Let me know if this worked.




EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 10 September 2005 - 11:27 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP