Unable to accomplish Symantec Security Check

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Jim sunderlin, Jul 5, 2005.

  1. Jim sunderlin

    Jim sunderlin Private E-2

    I am loosing control of my computer every few minutes for a minute or two. Everything just seems to freeze up when this happens. And, it sounds like my computer is doing something. I've tried to follow your steps recommended for spyware, trojan, and virus removal. I have windows 2000. Whenever I try to do an online scan, as recommended, at Symantec Security Check, and hit "go", I get a pop-up screen that is just blank with the hour glass indication on my curser that something is happening. However, I never get any results.

    Please help.

    Thank you.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you complete all the other steps in the READ ME FIRST? If not then continue with all the other steps.
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    To help keep you moving along, if you complete all the steps in the READ ME FIRST and still have problems, follow the steps below exactly:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
  4. Jim sunderlin

    Jim sunderlin Private E-2

    I did do all the other steps in the Read Me First last week, as best I could. I was unable to run the Trend Micro or other on-line scans in safe mode, as I was unable to log onto AOL from safe mode due to my display settings being wrong. When I ran Bitdefender, my computer crashed. Attached is my HJT file.

    Thanks for your help!
    Jim
     

    Attached Files:

  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    SpywareBlaster should not be running when using HJT. There is no reason to have this running unless you are updating it or tweaking settings.

    Do you know what the below is:

    O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"

    Other than that do you still have Norman Antivirus installed. I see the below:

    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

    You should only use one antivirus application.
     
  6. Jim sunderlin

    Jim sunderlin Private E-2

    I turned Spywareblaster off and ran HJT again (see updated log attached). Crystal Ball is a simulation software package that runs with Excel that I loaded from my work. I previously uninstalled Norman Anitvirus. I'm now using Avast instead because Norman kept locking up when I was scanning my computer.

    Thanks,
    Jim
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There really are no problems in your log. The below can be fixed but they are not malware issues:

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    Are you having any problems?
     
  8. Jim sunderlin

    Jim sunderlin Private E-2

    Yes, my computer is still freezing up on me for a minute or so every few minutes. I can hear it chugging like it's doing something. When this happens, I can't do anything in Windows Explorer or Internet Explorer. I can, however, use some other applications. Any idea what my problem may be?
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In message # 4 you used the proper version of HJT and in message # 6 you used a very old version of HJT. Please delete the old version and only use the new version. Post a new log.

    Have you run a memory tests on your PC?
    Do you have proper cooling fans?
    Does it hang when not connected to the internet?
    Does it hang even in safe mode?
     
  10. Jim sunderlin

    Jim sunderlin Private E-2

    Attached is my corrected HJT log file.

    How would I run a memory test?
    How do I know if I have proper cooling fans?
    Yes, it does hang in Windows Explorere when I'm not connected to the internet. But, it appears to do this only after I have been connected to the internet. If I reboot, and don't connect, I don't seem to have the problem.
    It doesn't seem to hang in safe mode, but maybe because I haven't been able to connect to the internet in safe mode.
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Memory testing and cooling are not topics for this forum. I just mentioned them to give you some additional ideas. They belong in the hardware forum, however, see this file directory:

    http://www.majorgeeks.com/downloads26.html

    and check out: Memtest86+

    Please download, install, and run Mozilla Firefox instead of Internet Explorer. Try this for awhile and tell me if you still have a problem. Do not open IE at all.
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have Norman AV. Let's try to fix that.

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Norman API-hooking helper ( if you cannot find that try NipSvc ) Then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    Norman API-hooking helper

    If you that does not work, try: NipSvc

    Now reboot and check your HJT log to see if the below line is gone:

    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)

    Also delete this folder if it exists: C:\Norman
     
  13. Jim sunderlin

    Jim sunderlin Private E-2

    I got rid of Norman Hooking Helper.

    I did the Bitdefender online scan again. Here's what happened. It detected 3 viruses, and said at least one could not be deleted. Here is an example of one of the detected problems: C:\MyDocuments\allfiles.exe=>(NSISo)=>zlb_nsis0006. It said update failed, disinfection failed, and it said it deleted it. 3 other similar problems were found with the same path except with "nsis0003" and "nsis0007" at the end of the path instead of "nsis0006". It also detected C:\MyDocuments\popinsHile.exe.

    Then, MSExplorer says it encountered a problem and needs to close. Bitdefender locks up and stops scanning files. Under "scan info.", it stopped on the following path: c\Programfiles\Microsoft Office\Office\1033.

    I ran the scan again and it did the same thing, so it doesn't appear to have deleted any of the problems.

    Does this shed any light?
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Boot into safe mode and delete the files it found manually.

    I'm not sure why it is locking up. What made you want to run it anyway? Was it the Alternative Scans section of the READ ME FIRST that gave you the idea?
     
  15. Jim sunderlin

    Jim sunderlin Private E-2

    I booted into safe mode and deleted the files it found successfully. However, Bitdefender still locks up when scanning. But, it doesn't find any more problems before locking up. And, my computer is still freezing up. Yes, I got the idea to run Bitdefender from the READ ME FIRST section.

    Now, when I scan my computer with the latest version of Avast, it locks up when scanning a zip file.

    I downloaded the Memtest86+ file. It is a bootable .iso file. However, I don't know how to boot with it or start it. How do I go about this?

    Thanks,
    Jim
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may have a corrupted registry:


    Download RegSupreme Pro

    Install this program, after you install you will be prompted to "defrag" you registry for best performance. Click YES, should take but a minute or so.

    After this completes at the top, click the REGISTRY CLEANER tab. Then click on "Aggressive" and let it scan. Afterwards you will see the total of invalid entries found. Once its complete, select ALL entries and select FIX. The program will then fix the ones that are fixable, the ones that are not will be removed. Type in a backup filename and save to an location where you will be able to find it if needed.

    After you fix the invalid entries, reboot and run your scans again and see if they still freeze.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds