Something's Hacking Norton

[connie lingus 0]

Greetings!

Has anyone heard of a virus that blocks Norton?

Everytime I open Norton Internet Security it shuts down, It even came of my toolbar. The subscription is not yet expired, but I cannot run live update either.

I tried contacting Symantec through the website but the online support is down. I don't want to call because it's a charge to get phone support.

If anyone has the email address it would be much appreciated.

[snakebite1967 0]

i just reinstalled mine and it worked fine

[Avey 0]

Mines working fine

[connie lingus 0]

Greetings!

I'm really glad you guys are doing OK, but can anyone offer some helpful advice?

[SOTOMac 0]

You have the Norton CD right ?

Uninstall the Software and then Reinstall It as this seems to have solved similar Issues for the previous 2 Posters.

- Or -

If You have System Restore w/ Your OS ( XP and ME that I know of ) go back to a Time when You weren't having trouble with Norton.

Sorry - I wish I had more for You.

Sincerely,

[Specter 0]

Im with Mac on this one bro. Try a System restore first, and failing that, an uninstall/reinstall. I havent heard of a Norton Specific virus. It sounds to me like a Norton System file(s) has been corrupted. That does happen with no explanation from time to time without being virus related. Windows just isnt very efficient. Hasnt been since DOS/Win3.11.

[connie lingus 0]

Greetings!

Thanks! I will try the system restore first, because I have a year's worth of updates downloaded.

[snakebite1967 0]

sorry i wasnt gloating i was jsut explaining what i did when mine started acting up

[connie lingus 0]

Greetings!

I definately think I have a trojan horse.

I tried System Restore as far back as I can go, and it stops the process saying I had no new changes to go back to.

So, then I tried uninstalling, but in order to do this I must be logged on as administrator---which NIS unlogs me and shuts down 3 seconds later!

I tried to install over it using the cd, but it wont install unless I'm logged on as administrator again.

[Specter 0]

Reboot, hit F8, and go into safe mode and do the uninstall. do a google for trojan removers.

[Urban_Tiger 0]

It sounds like you may have MSBlast, Klez (as examples), or another of the Win32 Trojans.....

...They can infact affect Norton from Running at all, Live Updating and even Re-installing *GULP*!!!

Do not Sys Restore or you'll just back up any possible infection and make it worse. Log onto the Norton or Mcafee Sites and download the MSBlast Cleaner and follow the instructions for use, and if that fails, then get some of the other Standalone Cleaners and try them too until you hopefully find it!!

Check out these 2 recent posts with similar problems too for further reading on your potential problem, others have had recent issues the same as you too....

http://www.ghostrecon.net/forums/index.php...ST&f=24&t=12072

http://www.ghostrecon.net/forums/index.php...ST&f=24&t=11045

Also check your Taskmanager for running processes and see if there is anything running in there that you may not have noticed in the past, if required and ya completely stuck then kist every process in here and can point out a possible running Trojan to you if you have one too!!

Otherwise good luck with finding it as it does sound like you have one !!

Once you have caught it and if you haven't alkready done so, be sure to log onto the Windows Update Site too and Download the update that stops MSBlast from infecting your system too !!

Edited November 20, 2003 by Urban_Tiger

[connie lingus 0]

Greetings!

Thanks to everyone for posting advice, this is the greatest online community in the world!

With your advice I have located TWO trojan horse viruses!

BKDR OPTIX PRO.13 MSIEXEC16.EXE.

TROJ OPTIX04.A

@URBAN

I am out of my depth to remove these manually, I would like to ask your personal help via ICQ.

[Urban_Tiger 0]

Hiya CL,

Yup, the former isn't a nice one at all, it hogs Sys Resources and also has the capability to log Keystrokes to pick up your Passwords on your System as well as distributing other Confidential Info to those that control them via Backdoor !!

Your best bet will be to visit the following link for the removal of that one, scroll down the page when you get there for full removal instructions, and also refer again to the other 2 threads linked in the last post too.....IF you are still struggling to remove it after that, then sure, we can hook up via ICQ if we are online at the same time no probs (bear in mind that I'm UK tho (not a problem if you are too lol??), but if I can't help then there are also others here who may be able to advise you step by step too, but hopefully you'll get it with the info from the link here anyway......

http://securityresponse.symantec.com/avcen...ptixpro.14.html

......Are you sure the latter is spelt right too, there's nothing anywhere on that that I could find, but maybe someone else again could also help you out here and find summat too??? If it includes other .'s -'s or _'s too then obviously include them here and also use some Search Engines to see if you can find any onfo too, if you then direct us to any info you can find and it seems like Dutch to you then maybe can help you decipher it to lol !!!

Let us know how you go and if you need more help then shout and will hopefully get you sorted m8 !!

[connie lingus 0]

Greetings!

I was up until 05:30 ripping these values out of the registry.

It took three attempts, but now I think I've got it all deleted.

I will run one more MicroTrend scan to make sure

BTW after Norton was freed-up, I ran a live update and a bloodhound scan and Norton said I was clean, but the firewall blocked two outbound attemps to connect to outside puters. I ran the MicroTrend Housecall and it found both filthy viruses again! Since Symantec has an advisory dated 6 OCT, I'm very upset they haven't live updated my definitions.

[connie lingus 0]

Greetings!

Still having the second virus TROJ OPTIX04.A show up after repeated deletions of;

C:\WINDOWS\H32sysr.exe

[connie lingus 0]

Greetings!

Last scan was clean! This after about 16 hours of what has been an educational experience.

I'd like to give special thanks to ASROCK, formerly of Alpha Squad for his time and expertise. You really helped me with those start-up and file search tools downloads, and by teaching me so many XP tricks. Salute!

[Urban_Tiger 0]

The reason they keep returning is because they are in your System Restore m8.

Run Norton Liveupdate again too, if it hasn't been updated for a while then sometimes it can take 2 or 3 times to fully update (even if it does a Download, then run it again straight afterwards anyway until you get a message saying that no more updates are available (if of course you didn't already do that, I understand lol)), and then hopefully you'll have the latest definitions to find the remaining problem too!!

Otherwise....Unless you were guided through removing them from your Sys Restore Directory also, then they will return unfortunately if you ever have to use the Restore Function....DOH!!

Essentially, if you have managed to clear the relevant INI's and Registry enough to allow your Norton to work properly again. Then disable your System Restore and the run Norton AV again, it will be authorised then to get to any problem files still remaining in your Sys Restore Directory that are also still giving you trouble to either Quarantine or Delete them completely as Norton sees fit.

FYFI, If the Sys Restore is enabled, then Windows won't allow any application to alter or remove files from the Sys Restore Directory until it is disabled, (for obvious reasons lol, but it can present a problem when a bloody Trojan or Virus etc is backed up in there as you are finding out). It only needs disabling temporarily whilst you remove the crap, and then obviously you can re-enable it again.

That might sort out the 2nd problem file that keeps showing up for you, now that you can run your Norton again, and hopefully deal with it once and for all for you, hope that's of continuing use !!

Edited November 21, 2003 by Urban_Tiger

[Specter 0]

Now, once you disable the System Restore, and Norton does it's thing and removes those pesky ###### from the registry and the sys restore files, you wont be able to go back with System Restore. So you will need to create a new Restore point. Do that as soon as things are clean and working.

Once those files and the registry have been altered, they cant be restored.

[connie lingus 0]

Greetings!

Actually, the very first thing I did originally was to shut down System Restore.

My understanding is that when this shuts down it deletes all those files, is this not so?

[Urban_Tiger 0]

I've never quite worked out exactly the way that the Sys Restore "Should" fully "behave" in "Win XP" lol.

The System Restore Dir is Purged of all Data as it should be yes, but seemingly ONLY if you Reboot....

Furthermore, XP doesn't "seem" (that word again lol) to need a Reboot like Win's 95, 98 or ME etc etc had to, so you could kinda get round that and disable it, remove any problem files and enable it again before rebooting and all other files then stay.

But, I can't help thinking that it shouldn't be that way and I'm not Stating that is is with the above either, as said, it's merely how I seem to be understanding it after reading a little on it, and also from what I have experienced with it too after having to go through the process myself on a couple of occasions and how it operated for me lol. Would like to know if others have the same or otherwise whilst the subject is raised lol???

Unfortunately I've also had to remove a couple of Trojans since using XP (the downside to leaving unexperienced freinds unattended when they come round to borrow ya system to surf the net for some stuff they required LMAO, 1 infection of MSBlast, and another of Klez...Oh, and several on my Laptop that were done deliberately to of course hehe, just to see how the damn things tick, forewarned is forearmed and all that hehe)........

.....For me at least, when I disabled it no Reboot was required, and on checking the Sys Restore Dir after I had enabled it again and then Rebooted, then with the exception of the problem files themselves that were intentionally removed, ALL of the other original files were still there .......Has anyone else seen this too????.....Whatsmore, this was with 2 copies of XP Home too.....The first was an OEM version I have, and the second my other Full Retail Version, so it didn't seem to be some sort of anomoly either?????

Clearly though the best course of action, (of which I always do anyway when making any significant System changes), is to also do exactly as SOTOPhantom importantly points out to and be sure to do a Full Restore Point to be on the safe side when you have finished altering etc !!

[Specter 0]

@Urban Tiger

Furthermore, XP doesn't "seem" (that word again lol) to need a Reboot like Win's 95, 98 or ME etc etc had to, so you could kinda get round that and disable it, remove any problem files and enable it again before rebooting and all other files then stay.

Even without the reboot, once the sys restore files and the registry files have been altered, sys restore will fail to run.

It looks at a DB of what files should be in both the sys restore directory and the registry and compares them. Once they dont match, the utility wont run, assuming file corruption has taken place.

So once you clean everything, and reboot, just create a brand new restore point.

[Urban_Tiger 0]

AHA......

Thankyou very much Phantom......

....You've just answered a whole big question for me.....I always did a manual Restore Point anyway as previously said when maing such alterations as a matter of course and common sense too ultimately lol. But, that now explains properly why even when a Reboot wasn't initiated when disabling the Sys Restore, that despite the files remaining that you couldn't then Restore to an earlier point.

Seems simple now when thought of like that LMAO, and that'll teach me again for not reading into it more, but all is answered now hehehe...

Cheers m8 )!!!!

[Specter 0]

Glad to help guys.