viruses preventing scans

to dyamond
Looks like we use some of the same.
You have Comodos Verifier and their BOClean.
I have SpywareGuard and Rogue Remover.
I do also have Comodo firewall.

 

I think you should uninstall Symantec and follow this guide. I believe some of it hasn't been done yet? Symantec should of cause be reinstalled afterwards. There's a small chance that a faulty Symantec install could play a role here. Link:

http://vistasupport.mvps.org/windows_vista_repair_options.htm

I'll post again if I come up with any better ideas...

 

Is there any way you could get us the rest of this file name? c:windows\winx\x86_microsoft-...\perfc.dat

I googled this bit. Only found 12 hits. This could be malware related after all. Or you didn't copy it correctly?

windows\winx\x86_microsoft

 

Are you sure you've actually done SAS & MBAM scannings? You did download them but did you run them? You didn't post any logs from them. Here you have the links again - remember to update them:

SAS: http://majorgeeks.com/SUPERAntiSpyware_d5116.html
MBAM: http://majorgeeks.com/download.php?det=5756

 

ok i will do that, but i wont have time untill tomorrow(unless you post a different option before then), i will let you know how it goes, and as usual thanks again

 

no originally i posted that i could not get either of those to finish a scan without freezing or crashing windows, thats why i didnt post those 2 logs. and as i said earlier(i think) i can get symantec to finish a scan in these 3 ways: quick scan with and without hidden files,ext"s, and system files hidden and a full scan ONLY when files, ext's and system files are hidden but it never finds anything, when i try full scan with files unhidden it always finds 1 problem and never finishes due to freezing or crashing windows, sometimes it is the same trojan and lately it has been a(crap now i forget the name of it) ill get back to you on it, something about a tracking cookie, and it is the same way with my other pc. i still have the 2 programs you refered to installed and i can keep trying to run scans but it always freezes.

 

Did you try to run them in safe mode? This special reboot method?

 

yes i tried both of them in safe, admin and user modes numerous times and they both always failed.

 

Well, I don't really expect Norman's malware cleaner to be able to do anything after Combofix but here's the link. Give it a try anyway. Let it run in safe mode: http://www.norman.com/Virus/Virus_removal_tools/24789/

 

ok i will do that, do you want me to uninstall and reinstall symantec first or does it matter?

 

Take Symantec out first. As long as you don't surf without protection it'll be fine. You need to reinstall Symantec anyway just to make sure that all this wasn't just an error in the first install. Symentac provides a tool for the process and it works fine. Here: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

So uninstall Symantec. Then run Norman, SAS and MBAM. If you still have problems you could look at this: http://forums.majorgeeks.com/showpost.php?p=1317446&postcount=53

Then reinstall Symantec.

 

ok i will download norman then uninstall sep, then run norman, sas, and mbam, then report back while reinstalling sep, thanks alot.

 

I just made an edit to my post above. :-D

 

i do not know which version i need to get from the first link they all say norton: something or another and i own symantec endpoint protection i know its the same co. but im unsure what the name translates to in these norton links, if this is a horrible nooby question i apologize

 

is this auto generated for me editing MY post? if not i can not see what you may have edited it all looks the same.

 

Ok. I did not know that you've already seen it. :-D

 

ok, yeah i just edited my post at the same time you did and i was unsure if it was you or me, but anyway i will do those steps and report back, thanks.

 

If you look inside your Symantec you can check what version you have. Usually under Help or About. These tools should be able to take down all Norton/Symantec products.

 

gotcha, thanks again and btw dont let me forget to ask you about how to donate after this is all done, i dont have much but i think me and her can put our funds together and give you guys a little, you def deserve it.

 

Oh, I'm just volunteering here so don't mention it. :cool But Majorgeeks could probably do with a little money. :major

 

oh wow you are just a great guy, aren't you? just volunteering well u can call it that but i call it being the man! and yes i meant i wanted to donate to all of you great guys at majorgeeks. thanks again you guys rock:cool

 

There should be no need to run new scans. Chas has looked them over (and he is the best when it comes to malware removal). Have you tried looking in Event Viewer for errors?

This I would not suggest.

 

I'm not a fan of Norton/Symantec. But freeware can't beet the best of the full suites. Not even this one.

 

LOL

Anyway.. I beg to differ. In my previous post I indicated that myself (and several other people I know) do just perfectly fine with all freeware items. Since Norton/Symantec is such a popular name out there people think that its got to be better than the free stuff.

I don’t know how much you know about software and/or virus removal but during (and even before) my schooling (still learning LOL) you would not believe how many computers I’ve seen that have Norton (the security suite) installed that are badly infected.

Its my personal opinion, based on experience, that Norton is not good at detection, hogs the users resources/RAM and is all around crappy.

 

Their latest products don't have those old disadvantages. 360 is a mess but the other ones are better. NIS 2009 for example. Sorry about the spelling there. :-D

 

And I'm still not a fan of Norton. :heli

 

i am def thinking about keeping this uninstalled on my 2 pc's, and just use the freeware from this site, and see how it goes and if it doesnt work i can always go back to sep later.

so if my next step is checking event viewer, can you please tell me how? thanks again everyone

 

I know you're on a Vista. Nevertheless there's a link about for XP here: http://support.microsoft.com/kb/308427/en-us

 

Vista: http://windowshelp.microsoft.com/Windows/en-US/help/a99f69c1-935f-4116-ba5f-33d8800ef9da1033.mspx

 

ok, thanks.

 

Here is a good little tutorial on how to use the event viewer.

 

ok cool thanks i have to dl some of those freeware's first before i keep surfing ill let u know after i look at the event viewer.

 

to cordialis: i used your guide to open event viewer
to diamond: your guide is for xp and there are significant differences between the two event viewers and so i will need more instructions on exactly what im looking for and what you guys want to see, i can tell u that when i first open it up it shows in the last 24 hours catagory
error:66
warning:12
information:1,254
audit success:270
audit failure:9
in critical under total it has one and here are the name and details(xml view)

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
<EventID>41</EventID>
<Version>0</Version>
<Level>1</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2008-11-12T10:08:36.184Z" />
<EventRecordID>50064</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>xtina4yu-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData />
</Event>

 

ok i uninstalled sep and installed freeware from here, and tried to do a scan with avira antivir, and i got a bsod (blue screen crash, i think thats the abreviation?) and now i am going to event viewer and report the errors

 

ok in the last hour i have
error-46
warning-8
information-314
audit success-115
audit failure-11
event id instances
3011 3
3012 3
4609 1
6008 1
7000 9
7001 19
7026 1
10005 7
15016 2
whiich of these if any should i be looking into? i still cant get any scan to complete

 

I rekon you should try to repair yur system first to give it a fighting chance, then purchase and install NIS09 ....
insert yur installation disk and ... select the repair option and type chkdsk /r
after thats finished load windows, open CMD and type sfc /SCANNOW
once thats done run the Norton Removal Tool, install NIS09 and first run a quick scan then a full one.

 

to Drizzles
Use NRT just so you can install some more Norton???

 

Definitely, it removes almost all traces of it, whenever I'm having troubles with a computer and need to install a Symantec product I always do, i find you have more troubles if there is a previous corrupt installation it will just corrupt the installation your trying to complete.

 

Unless they have greatly improved to my satisfaction, no Norton/Symantec product will go on my machines.
They have always(the versions I have seen) been resource hogs, using all the CPU cycles and RAM that they could and building massive file logs.
For me, no thanks.

 

Up until this year I would absolutely agree with you, but I was given a copy of NIS09 by free by a Symantec rep to try, and I was amazed at the difference between 08 and 09, honestly you barely even notice 09 is there now. I am extremely satisfied with my NIS09 , however I wouldn't recommend it as a parental control filter for a IT advanced teen! All you have to do is disable the services for the program as an Administrator and its gone until you reboot.

 

lol, its something thats slowly progressing into action ... not that I get much time to work on the site, I'm always busy fixing clients computers to have time to work on the website ...

 

thanks ay ... dont think itll ever match up to this site but ...

 

well i am absolutely not going to purchase a norton product when i already have one that does not work, and i have installed avira and i actually got it to complete a scan, and the pc is still a bit finicky, but atleast i know there are no viruses, and i can complete a scan, and if it starts to act up again i will have to give you guys a holler for help with a reinstall of my os i guess. and btw please tell me how to donate?