Ewido can activate a realtime shield, maybe that's up too. My security delays access too.
Your log is clean.
Trojan?
Started by
Crackers
, Aug 15 2005 10:56 PM
-
This topic is locked
#16
Posted 23 August 2005 - 08:02 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Ewido can activate a realtime shield, maybe that's up too. My security delays access too.
Your log is clean.
#17
Posted 23 August 2005 - 11:14 AM
Crackers
- Topic Starter
-
- Member
-
- 11 posts
Member
Sorry for not being that clear. It is when I try to update the antivirus programs that norton firewall interupts and asks if I want to block traffic to the internet. I say "allow always" and it keeps going in some cases and freezes up in others. The weird thing is that the next time back to that program it gets blocked again. Therefore i think something is changing it back or has a simple way of blocking other traffic.
By program:
Spybot freezes on update and needs to be restarted.
Ad-aware gives and error in retrieving update.
ewido updates fine. it finds altnet every time.
norton updates fine.
C
By program:
Spybot freezes on update and needs to be restarted.
Ad-aware gives and error in retrieving update.
ewido updates fine. it finds altnet every time.
norton updates fine.
C
#18
Posted 23 August 2005 - 12:35 PM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Norton Firewall should created a rule if you put a check to 'always allow this action'.
You can created a rule for any program.
Let's create one for AdAware SE 1.06
Open your Norton Internet Security Option window and click on "Personal Firewall" and then on the right side "Configure"
Switch to the register card "Program Control" and click on the bottom of the card "Add"
Browse to the folder that contains AdAware:
By default:
C:\Program Files\Lavasoft\Ad-Aware SE Personal
find the programfile (it's icon is a red circle with a red stripe through it).
mark the file, confirm with OK!
See if you can update if now.
You can created a rule for any program.
Let's create one for AdAware SE 1.06
Open your Norton Internet Security Option window and click on "Personal Firewall" and then on the right side "Configure"
Switch to the register card "Program Control" and click on the bottom of the card "Add"
Browse to the folder that contains AdAware:
By default:
C:\Program Files\Lavasoft\Ad-Aware SE Personal
find the programfile (it's icon is a red circle with a red stripe through it).
mark the file, confirm with OK!
See if you can update if now.
#19
Posted 23 August 2005 - 11:22 PM
Crackers
- Topic Starter
-
- Member
-
- 11 posts
Member
No, still gives message "error in retrieving update".
And i don't think that will work in this case because it still won't update even when the firewall is turned off.
And i don't think that will work in this case because it still won't update even when the firewall is turned off.
#20
Posted 24 August 2005 - 03:15 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Let dig a bit deeper then.
To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
1. Please download and unzip Rootkit Revealer to your desktop.[/b]
2. Please leave the defaults set as they are to:
* Hide NTFS Metadata Files: this option is on by default
* Scan Registry: this option is on by default.
3. launch rootkit revealer on the system and press the Scan button.
RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
4. The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
5. Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)
To use RootKit Revealer please make sure you are logged in as an Administrator to the computer.
1. Please download and unzip Rootkit Revealer to your desktop.[/b]
2. Please leave the defaults set as they are to:
* Hide NTFS Metadata Files: this option is on by default
* Scan Registry: this option is on by default.
3. launch rootkit revealer on the system and press the Scan button.
RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
4. The log can be very large please edit out the items in the following folders in the log : C:\RECYCLER\NPROTECT and C:\System Volume Information, if in the log, before posting it.
5. Please post the balance of the log here in this thread using Add Reply (please double check that it has all been posted as it may be too long for one post)
#21
Posted 24 August 2005 - 11:21 AM
Crackers
- Topic Starter
-
- Member
-
- 11 posts
Member
here is the result:
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 8/24/2005 8:10 AM 80 bytes Data mismatch between Windows API and raw hive data.
Everything else was a "C:\RECYCLER\NPROTECT\" file
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 8/24/2005 8:10 AM 80 bytes Data mismatch between Windows API and raw hive data.
Everything else was a "C:\RECYCLER\NPROTECT\" file
#22
Posted 25 August 2005 - 08:52 AM
g2i2r4
-
- Retired Staff
-
- 5,080 posts
retired HiJack Helper
Sorry for the late reply, I had to look into this.
As far as I could assess it is just a seed for a random number generator used by an MS encryption process. The seed must have been updated in the background during the RR scan. We can ignore it.
It still looks like Norton Firewall is the cause.
Run the application scan under internet, deleted everything in the list (You can delete all of the apps that you gave permission, if you use it again, it will ask for you permission again), then enabled automatic Internet access control.
Seems like some rule in there is keeping these programs from updating.
Let me know if this worked.
EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.
If you are the original poster and still need assistance, please send me a PM.
As far as I could assess it is just a seed for a random number generator used by an MS encryption process. The seed must have been updated in the background during the RR scan. We can ignore it.
It still looks like Norton Firewall is the cause.
Run the application scan under internet, deleted everything in the list (You can delete all of the apps that you gave permission, if you use it again, it will ask for you permission again), then enabled automatic Internet access control.
Seems like some rule in there is keeping these programs from updating.
Let me know if this worked.
EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.
If you are the original poster and still need assistance, please send me a PM.
Edited by g2i2r4, 10 September 2005 - 11:27 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
