pc checkup

Good evening everyone,

I was surfing the net this afternoon and came across a download.trojan, norton said it resolved the issue and said to a full scan in safe mode.

I go to do the scan and then I get all kinds of alerts that I can't remember, the one I do remember said that some of the virus files were missing and it needed to be uninstalled then reinstalled. I kept check-marking the various prompts that kept coming up and eventually norton did a full system scan.

Shadow_Puter_Dude, advised me that I should do a scan depending upon my internet habits, and I think I should do them about once a week.
Kind of funny I get a virus alert the same day I'm going to send in my logs.


MAJOR UPDATE, I try to post my logs, then figure out that I have to delete some of them in my previous threads to get them to download, but what I'm getting at is that norton again alerts me, this time it says it has prevented someone from getting my home page OH NO NOW WHAT????!!!!!. My logs are down at the bottom.

Is anyone available to give me some advice on this matter

Thanks

James

 

Ps, I ahead and do the entire readme when norton says it has prevented the download.trojan but now when I try to go back to my homepage which is my yahoo, norton keeps saying it has prevented the changing of my homepage.

I noticed that when I click on "home" myyahoo comes up(its spelled wrong) without the space in between, also after I ran cwshredder and kill2me I noticed that my home page had changed, to I think sony or something similar because at that time according to the readme I had to connect to the internet and run online-scanners.

James

 

Uninstall 411 Ferret Toolbar using the Add or Remove Programs in the Control Panel. You may not find it.

Copy the contents of the below quote box to Notepad, Save As FixReg.reg to your Desktop. DO NOT run the patch we will run that latter in Safe Mode.

Your Home page address should be www.my.yahoo.com not www.myyahoo.com.

Scan with HijackThis and fix the following lines.

REBOOT to Safe Mode.

Double-click on FixReg.reg and answer 'Yes' when asked if you want to merge with the registry.

Double-click on 'My Computer', open your C: Drive navigate to and delete the following folder if it exists:

REBOOT

Post a fresh HijackThis log.

 

Ok, will do this

 

Ok, just got finished, but I noticed something when I went to connect to the internet, it still said myyahoo.com, I looked at your previous post and was wondering if I should of tried to save the correct yahoo homepage, before scanning and fixing with HijackThis, this thing wasn't in the add/remove programs, or in the program files . Here is my log

James

 

Hey Shadow_Puter_Dude,

I think I may have saved that regedit as a text instead of all files, I noticed I still have that 09 myyahoo first line of the HijackThis log, I resaved the log as all files but haven't run it yet, didn't want to do anything that would make matters worse so I'll just sit and wait

James

 

If it is saved correctly, go ahead and follow the rest of the instructions.

 

Ok, ran the rest of the instructions but still not functioning properly, when I reboot it keeps on telling me if I restart, windows will download updates.

I noticed that first line in the HijackThis is still there also, I still don't know why I can't change my homepage, norton tells me that it has blocked numerous attempts to change my page And yeah, I saved the regedit to all files this time

James

 

You are going to have to change some settings in Norton, it is blocking all changes to your home page, which is a good thing. It isn't smart enough to understand that you want to change your home page.

If there are Windows Updates that need to be downloaded and installed, Windows will do that at system start. By default Automatic Updates checks every time you start your computer for updates.

 

Ok, when I try to change my homepage, of course norton warns me of a "homepage takeover", but it also asks me if I want to allow this blocked attempt, I know I shouldn't do that, right?

Would you know where in Norton I might start to look and what I would be changing, when I got there?

After I change norton's settings would I still have to run the programs you gave me initially to run, and finally after I change nortons settings and I go to log on to the internet would I go to my homepage automatically or have to reset it?

James

 

You change your homepage and Norton Warns you of a take over, then presents you with a dialog that asks if you want to allow or disallow. You have to allow the change or it won't happen.

Then when you open your browser the next time, it will go directly to your new homepage.

The registry patch I gave you to run, has to be run in Safe Mode, or Norton will block it.

There shouldn't be any need to change settings in Norton, unless the changes were blocked again.

 

Ok Shadow_Puter_Dude,

I'll try that, and thanks for all of your help once again , I'll let you know if there are any problems.

ps will I still have to run HijackThis, and post my log?


James

 

No need for another HijackThis log.

 

Another quick question before I ran the regedit was I was supposed to run HijackThis and Delete that R0-entry on the first line that said myyahoo?, I just thought about that, I didn't see your post fast enough.

I already ran another log and it didn't say myyahoo it said my yahoo this time, thats a good thing

James

 

I forgot to mention in my previous post that, If I want to change my homepage again, will I have to use the regedit key.

This is strange in that norton has never asked me if I wanted to allow a homepage, if I wanted to change it, I just did no problems

Thanks

James

 

That's what I wanted you to do, but it doesn't really matter; before or after accomplishes the same thing.

 

One more thing and then I'll leave you alone,

I never deleted that first line because it said my yahoo when I did the last HijackThis log, and I figured I didn't need to, was that right to think

I didn't know if you saw this one since we posted like 1 minute apart


Thanks

James

 

There are many reasons why Norton doesn't do some things that are expected. Settings inadvertantly changed; Malware changes, bypasses, or deactivates security software; the program appears to be working, but actually isn't; and teh list fgoes on.

As far as the R0 line as long as your homepage is correct then that line doesn't matter.

 

Ok, thanks and have a good one.

James