Norton disabled, vbsfile/shell/open/command

History:

Yesterday I deleted an emtpy "c:\program" file that always autostarted. Did that trigger this nightmare? I can't imagine...

This morning, RegProtect and SpyBot alerted me to changes to my registry. I didn't understand them all, but I came to the conclusion that malware was trying to disable my anti-malware function/alerts.

Norton wouldn't start by itself, it kept asking if I wanted to check for updates, and after I rebooted, it would ask again. I could not then and cannot now start Norton Internet Security, even by going to the Start...Programs menu -- nothing happens. (Windows XP)

** I've run through your 7 step "do this first" post. It took 14 hours...

Initially I couldn't update definitions in Ad-Aware or Spybot, so I skipped them (had no choice) and came back to them. I used minimal safe mode where possible and safe w/networking where needed.

The software found:

Ran CCCleaner

Couldn't run Adaware definitions update

Couldn't run Spybot definitions update

Windows Defender: "possible hosts file hijack" (removed) and CoolWeb Search (removed).

CWSShredder removed CWS.msconfig but didn't find anything else

Bit Defender couldn't update its virus definitions

Now I was able to update Ad Aware's definitions

Adaware found
- Tracking cookies
- Rads01.quadrogram
- f:/... prefetch/...uninst.exe-29c31790.pf and -21b3fa6e.pf

Now I was able to download Spybots definitions

Spybot found and removed
Antivirus Disable Notify
Antivirus Override
Firewall Disable Notify

Since I'd done stuff out of order, I again ran CCCleaner (didn't find much), MS Malicious (nothing found) and Windows Defender (nothing found).

Next I ran Bit Defender, * but I could not save its output file * After running the scan for six hours, the computer ignored by keyboard input, though it would take mouse input. Here's what I noted visually:

Bit Defender found several files in Antivirus Quarantine and deleted them
And it found stuff on my secondary hard drive:
F:\recyclers\n_spaceinvasion.right.html Trojan.JS.iframe.ABM
f:\system volume info\generic.malware.folld Trojan.moemoneyad.A

I then ran Panda Active Scan (attached)

And in normal mode Hijack This (attached)

I continue to have Norton not self-launching and not launching from start...programs. It no longer asks to update itself -- it's silent.

I get a Reg Protect message that I keep declining -- SHOULD I ACCEPT IT?
HKEY Classes Root
Path=vbsfile/shell/open/command
Name=
Data=

<those last two fields are blank>

Am I still infected?
What do I do with this Reg Protect message?
How do I get Norton Internet Security functional again?

FYI, I've used your service two other times in the past several years; I am hugely appreciative. THANKS!

Thanks,
Bertygee

 

And my computer won't shut down (this morning and now).

I choose Start...Turn off...Shutdown and nothing happens.

I have to push the on/off button the computer box itself.

 

This morning RegistryProt www.diamondcs.com.au says stuff (so far good stuff) has been added to my registry.

I accepted the addition of:
>> Norton scheduling
>> Java update scheduling
>> my mouse driver
>> SpyBot auto update (I had Spybot from before)
>> Windows Defender

I declined the addition of
>> Quick Time (I can reinstall)
>> Roxio CD creator (I can reinstall)
>> That strange vbsfile\shell\open\command; Name= <blank>; Data=<blank>

 

They weren't in add/remove. I deleted them.

Done, though FYI, Toontown is from Disney Corp. and Bambi is mighty trustworthy. But no problem, Toontown will put them back when I go to run it again.

I decided to allow the addition of vbsfile/shell/open/command. I think with default (blank) values it might be a good thing. However, after accepting it, my Compaq wireless mouse immediately then stopped working, but Windows started shut down properly with Start...Turn Off. You win some, you lose some.

I then uninstalled and reinstalled Norton Internet Security following Symantec's multi-step directions.

My computer is now running fine. I disabled and re-enabled system restore.

Suggestion: I wish the READ AND RUN FIRST had told me to:

1) empty my recycle bin before starting the scanning (especially Bit Defender, which took 6 hours) -- because it would have cut those long scan times down by about 20%, I estimate, and not found some deleted viruses.

2) empty Norton's quarantine file (which wouldn't have helped me early on, because Norton wasn't working, but would be a good idea because the later scans will find fewer viruses.

Thanks! I'm set! I appreciate your help.

Bertygee

 

I ran CCCleaner, and it didn't clean out my recycle bin -- at least it was pretty full by the end of the READ AND RUN THIS FIRST set of tasks when I checked.

But my recycle bin spans two hard drives (I didn't know that before) -- maybe CCleaner cleaned one and not the other. Because after I got my computer working again, it took something like 45 minutes to empty the recycle bin. It was set to fill 10% of 160 Gb -- I've dropped that down to 1% now.

This is just an FYI. No complaints here! Thank you very much.

Bertygee