MG.com advise great - but still some probs.

Hi guys, there is nothing than annoys me more if people don't do what there told and listen to who knows best BUT I have tried my best to sort this with the advise given, I’m not completely at the end of that road yet, but I would appreciate some midway advise.

BACKROUND TO MY PROBLEM - BEFORE DISOVERING MG.COM

I was on yahoo chat two days ago (I’m assuming that was the cause) and I got booted, with a full blue screen about an error. When I first booted up afterwards - taking an eternity to boot up - Norton was turned off, I eventually got to run a scan in safe mode - no viruses. When I open Norton the only issue is 'a rapidly spreading threat' and when I got to click the fix it button, nothing happens..

I am running xp home edition, on a new dell pc. my virus updates were up to date as are my windows update.

I can't see anything else out of place - in 'msconfig' all startup items seem to be ok, is there anything I should be looking out for in 'processes' when I do a ctrl alt del?? There doesn’t seem to e anything in the Add/Remove programs menu that shouldn’t be there.

Only installations I have done lately is itunes and QuickTime, it was working fine after that but I uninstalled them now just in case.

A new development I am getting a warning from SMART in the system tray that ‘a hard drive in the system reports it may fail.

SINVE I DISCOVERED MG.COM

I diligently followed the steps outlined here.
http://forums.majorgeeks.com/showthread.php?t=35407

And very helpful it was too.

Eventually I got some progress when I ran bitdefender's scan. Here are the results from my scan in html - http://homepage.eircom.net/~clonross/bitdefender.html (I will paste at bottom also).

This is my first indication that indeed I had been infected, and that it had target Norton.

Now I went on to the second recommended scan at Panda Software. Now as you can see from the log of bitdefender - the scan took about 7 hours, so I’m prepared for a wait, but the Panda scan has been stuck on netmap.inf file for at least 2 hours at this stage - its on file count number 73094 - probably a little less than quarter way done.

Now it is possible that I a being a bit premature seeking some additional advise, maybe I should see what way it looks in the morning, but 2 hours seems quite a while.

This whole virus thing in general is a real worry for me as I really need the computer to get on with work that I’m already behind with. Any advice would be very much appreciated - I am on Msn - in profile, and I will check back regularly.

Thanks very much

Martin

Inline log attached!

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Now, please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

First off, thanks bjgarrick very much for your fast reply.

I completed both things that you suggested.
The only thing ewildo picked up were a couple of tracking cookies. The only thing I have done differently from the tutorial was reboot in safe mode with network, rather than normal, like it suggested.

I suppose if I had to highlight what I think are the problems remaining then it would be this
- Really the results of the bitdefender report (above) - infected Norton files deleted, but most not replaced.

- Also I may have forgotten to mention that when I checked the bitdfender scan this morning, it said that my machine is still infected.

Thanks again, bjgarrick, any more advice is very much appreciated.

Martin

 

Now please attach a fresh HJT log from normal mode.

 

Thanking you once again.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Finally, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above, reboot and let me know what problems if any remain.

 

Bjgarrick, again sir, i very much apreaciate your help, thanks so much..


So I..

- Got rid of Ewido
- Git rid of MSConfig.exe /auto with HJT
- Ran CCleaner


- Ran updated Adaware - however it seems to be stalled on C:1386/WINNTUPG/OEM/SPX/MPS

It has been on that file for 25 minutes.

Thanks again,

Martin

 

Can't seem to find the edit button - this is not a bump!

So Ad-aware is running for an hour now, i'll just leave it on, as its not as if i'm using comp for anything else. - it still says its running in Applications tab in Task Manager. Thanks
Martin

 

Just a bit of a progress report from me - i stopped Ad-aware after about 2 hours on the same file (above). I decided that i would re-examine the advice in 'Read and Run Me first', the only thing that i could think of different - was that my Adaware was already installed, i have had it on the comp for ages - so it was in a 'Document + Settings' locatons, so i removed it and attempted to reinstall it in a new folder on C. Now it crashs when it tries to recieve any updates. I don't think i did myself any favours by doing that. I'm not sure how to proceed now.

Yours depressed

Martin

 

Ad-Aware isnt required, it's just an extra program I like to help in cleaning, if you can uninstall, reboot then reinstall. Be sure you have the current version, 1.6r1

If it still freezes skip it all together.

 

Hi bjgarrick,

I rebooted, reinstalled, but it froze again. Definitely had current version and had updated. So i will skip it?

Thanks

Martin

 

Attached is the report from Spybot S and D, i think the two errors it encouters are where Norton ordinarly takes controll of the two features, windows firewall and antivirus. But of course i think Norton is half the problem, because its their files that seem to be infected.

 

The entries found by Spybot are no threat, have Spybot ignore them. Yeah, I would agree Norton is part of the problem as it's part of every problem when someone has it.

Personally, I recommend AVG AntiVirus. It's free and has a smaller footprint.

What problems are you currently having?

 

Thanks bjgarrick...

Well booting is slow, and running programs at first is slow, also I can't seem to get things like adaware or ms antispyware to do a full scan.

I suppose what I really need to know is this...

On my Bitdefender report in first post... what does it mean that some of the files could not be updated after they were deleted? Should Norton be running now or no? Or what should I do?

Bitdefender deleted 21 infected files, but when I checked on it that morning, it still said my computer was infected? What do I do to check? Run bit defender again?

I would like to get all issues sorted, even Norton, before I start making decisions about alternative protection - that is obviously the answer, I feel very let down by them, which I gather from a bit of research is not uncommon.


Anyway, basically to recap,i need to know, is there anything left on the pc, what state norton is in, and then maybe is should carry out your advise on System Restore Points, but i'm unsure on how to proceed with this when i don't know if everything is ok or not yet.

Thanks again for your help

Martin

 

Continued from above post.

I just right clicked on Norton icon in system tray, and clicked 'Open Secruity Center' nothing happened. About two mins later, it opened with IE script warnings - , continue running, yes or no - i just clicked no, and have left it.

So still big problems with that, will i have to uninstall norton??

Thanks

Martin

 

I tried to use Nortons online agent to fix the problem, it had identified a problem with live update, and i 'yes' to fix it, it loaded an active x, told me to reboot etc... there was also a problem with cetain items being blocked by firewall, which may cause problems

It said:

These are the programs that are being blocked:

- PowerDVD.exe - cshars.exe


I know what powerdvd.exe is, i donn't know what cshars.exe - i googled it but didn't find any info.

Computer still very much underperforming, Norton still crashing. Maybe my problems can't be solved?

Martin

 

The only things being detected is the "Quarantine". These are disinfected infections found by Norton. These are not a thread but should be cleaned out.

Navigate to the folder below and delete everything in it.

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine

Personally, I would recommend uninstalling Norton and install AVG AntiVirus. Norton just has too many problems with it, especially NIS. It's up to you whether you uninstall it or not.

 

Thanks bjgarrick, just a couple of quick questions if i may...

So the stuff detected by bitdefender were just quaratined viruses from Norton, so did i have any real virus problem? What is MSConfig.exe /auto ? and is it just conincidence that you discovered it or could that have been the root of my problems? could it have corrupted Norton?

I'm trying to uninstall and then reinstall norton, but unfortunately - no back up cd came with dell, and i need the product key to reinstall , so will have to get on to their support (which is not free) tomorrow.

Corrupted Norton files maybe be reason for slow booting as its loaded as a service, what do you think?

And what do you think is the reason that adaware and ms antispy scans stall???


Do you think a complete pc restore would be a good idea if i can get my files stored elsewhere to transfer at a later date? the pc is only a couple of months old.


I know a lot of Qs but even a few short quick comments would be much appreacited, thanks again for your help..

Martin

 

Yes, it was only quarantined items, no real infections. That entry is just a unecessary entry, nothing serious.

Norton running fine causes slow boot and problems within windows. I would skip it all together and run AVG AntiVirus.

1) Completely Delete and then Reinstall Ad-Aware and try another Safe Mode Scan.

2) You could try a Disk Defragmentation and then run ScanDisk via START > Control Panel > Performance and Maintenance
and then try new scan.

3) Should the above fail, you can open a command prompt and try this command line: START > RUN > Copy and paste the following in bold into the box:

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke

and click OK.

You will also need to select Full Scan fo Ad-aware to run.

Note: Note that this assumes the location of Ad-aware to be here --> C:\Program Files\Lavasoft\Ad-Aware SE Personal
If it is different, you'll have to adjust the command line accordingly.

No, because all of the steps we did would be useless and waste of time.

 

Thanks bjgarrick, for all your help, I actually replied pretty much straight after your last message, but have just realised that it didn't post now.

So just wanted to thank you again for your advice and time.

What happened in the end is that I rang Norton; they agreed that it was corrupted and replaced it with the 2006 version. Now I appreciate everything that was said about using alternative providers of virus/firewalls, however I had just begun a year's subscription with Norton, so I didn't wanted to to get it fixed first, before I started deciding on the alternatives, now that that is done, I can look at AVG etc

Thanks again for all your advice.

Martin

 

Your Welcome!