SheehanHB

Volunteer Security Advisor
  • Content Count

    27
  • Joined

  • Last visited

Posts posted by SheehanHB


  1. Okay, I'll leave the deinstallation/installation issue aside for later - thanks for all the super info, Amy, you're a jewel :) . Do you know if there are any conflicts between NIS 2009 and the free version of Ad-Aware 2008?

     

     

    Re YOUR question re: 2008 Ad-Aware free and NIS 2009 I will have to defer to the LavaSoft experts. I haven't any info re 2009 products - either LavaSoft or NIS and issues :D


  2. Okay. But I have to say that it is really frustrating to not have a single established method to remove Norton products. What seems to be the number 1 deinstallation method is to run the removal tool directly, without going through the add/remove programs routine beforehand. All your other instructions are clear and straightforward, but I'm really stuck on the add/remove programs step...because everyone else insists that THEIR method also results in no-hassle new installs, and I know that that is NOT the case when NIS 2009 is installed over NIS 2007. I've put hours of reading into this and I am like soooo frustrated. So, combining your instructions with everything I've read, I've got:

     

    1) copy NIS product key to notepad and keep Norton account information ready

    2) save Norton removal tool to desktop

    3) save NIS 2009 installer to desktop

    4) create manual system restore point

    5) unplug internet cable and disable other security software (Windows Defender), close all running programs but leave NIS on

    6) run Norton removal tool and reboot

    7) double-click NIS 2009 installer

    8) do not do anything during installation. Reboot

    9) Run LiveUpdate

     

    I know it sounds redundant - I do know that 2009 install will automatically remove 2008 versions but since you have the 2007 version I would get that version completely removed before the 2009 install which should also clean up any remnants as well. I have updated both from the 2007 and the 2008 versions to the 2009 on different computers with different versions of Windows and found that doing the cleanest install I could made for absolutely not one problem in the upgrades.

     

    :)


  3. Thanks, Amy. There seem to be a lot of methods to uninstall NIS 2007. Just wondering what the difference is between uninstalling NIS 2007 directly with the Norton removal tool and uninstalling NIS 2007 first via add/remove software and then running the removal tool?

     

     

    It's been my experience that using the NRT after the routine uninstall thru ADD/Remove has resulted in no-hassle new installs.

     

    ;)


  4. Hi Amy, I've already saved my NIS 2007 product key to notepad (to copy-paste into NIS 2009 later), and I've got my Norton account info all ready. So you would advise me NOT to run the Norton removal tool directly? Or can it be done just the same? I just had a peek around the Norton community forum, and most of the users seem to opt for running the removal tool directly, without any preliminary deinstallation via the control panel.

    Disconnecting from the internet: pull out the cable?

    Before removing NIS 2007: deactivate NIS's AutoProtect feature?

    Thanks so much for helping me.

     

     

    Run the NRT after you have uninstalled via Add/Remove.

    Yes, unplug yourself from the internet.

     

    Don't disable any NIS features before the uninstall. Let the uninstall and the NRT tools do that for you.

     

     

    ;)


  5. *bounces up and down with joy* Hi Amy! Thanks a million for coming to my rescue ;)

    I haven't done anything so far to remove NIS 2007, I've only saved some of my most revelant documents to an SD card in case something goes awry, and I'll be creating a manual restore point. Vista came preinstalled, so I don't have a Vista CD to repair Windows in the case of absolute havoc...and I have downloaded and saved the Norton removal tool and the NIS 2009 installer to my desktop, but I haven't run either of them as yet.

    The laptop is a Sony-Vaio model (bought in Hong Kong) with Windows Vista Home Premium and Service Pack 1. The only other security software I've got besides Norton Internet Security 2007 is Windows Defender.

     

     

    Begin by disconnecting from the internet - You might want to copy your Symantec key to notepad before you start

    Remove 2007 VIA add/remove

    MAKE SURE that Windows Defender is disabled before you Remove via Add/Remove

    Reboot - Still offline

    Run REMOVAL tool.

    Reboot

    REMOVE Live Update via add/remove if still listed

    Reboot

    Run NRT again.

    Reboot

     

    Install NIS 2009

    Use your OLD key when requested and THEN connect to the internet before validating.

     

    You'd be smart to get your Norton AC login info together just in case you need to access it after the new install.

     

    If you get stuck during this process - use another computer if possible and post back and I'll get you thru it.

    You shouldn't have any problems - the 2009 version is very user-friendly to install.

     

    :D


  6. I wanted to ask something: is SheehanHB (Amy) still around here? She is a Norton Guru, and she gave me removal instructions for Norton AntiVirus 2003 on another computer last year. Since this is NIS 2007 which I want to remove, the removal instructions might be different. She might be able to give me exact instructions, such as how many times to run the removal tool - some of the analysts at Symantec said once, others twice, and yet others said that NIS 2009 would remove NIS 2007. They didn't sound that certain, though. Would it be possible to contact SheehanHB, or notify her of this thread/my issue about removing NIS 2007? My eternal gratitude in advance ;)

     

     

    Hi there ! Sorry it took so long to get back to you !!

    Can you tell me what steps you have taken so far and what other security apps are installed besides your Symantec products?

     

    This will help me get you thru this as cleanly as possible.

     

    Thanks !

    -amy- :D


  7. I tried updating to AAW 2008 on computers at work, but Symantec Endpoint blocks the aawservice.exe from running. Haven't been able to find a work around to allow the .exe to run, so I uninstalled and went back to AAW 2007.

     

    No matter what I try, (adding to firewall rules, disabling Endpoint, etc) AAW won't run a scan, just sits there 'waiting for scanner'.

     

    If someone knows a way to work around this, it would be great, but until I can determine how to get this to run with Endpoint, I'll just use 2007 (without updating) and probably eventually stop using this product.

     

     

     

    I've asked for info from Symantec for you - hold tight ;)


  8. Amy: there's one thing which happened twice or thrice to my computer in connection with Norton AntiVirus (long ago). Maybe you know what the issue was? On booting my computer as usual, Norton couldn't load properly, and a red cross appeared over its icon in the system tray - I think it said it couldn't load its modules properly. So I booted the computer again, and it worked just fine. As I said - this has happened only twice or thrice within the space of four years. Also, about every four months, when booting my computer, the machine will not load the start-up programs properly - it won't respond, it's like it's on overdrive, and it won't respond to my attempts to shut it down via the start menu, so I brutally cut the power by pressing the switch. It happens rarely, and I've accepted it as a "quirk" of my computer, but I still wonder now and then what's behind it...I suppose computers err too from time to time, and nothing is actually wrong with them at all...? Oh, and Scandisk never pops up after these "outages". Not even an error box. The only time I got error boxes was when my HP all in one printer used to make my computer crash if I turned it off before turning off my computer...and instead of appearing on the next reboot after the crash, the error box would appear about eight boots later...Any connection there? *shrugs*

     

     

    These kind of problems have long been resolved in newer releases... :)


  9. I had just enough time today to scuttle off to the local shopping centre and buy NAV 2008 (German version). I won't have time to install it till in another two weeks (weekend after next, probably). The man who helped me locate the whereabouts of the famous yellow box looked rather startled when I told him that I still had NAV 2003...Actually, he looked like I had sprouted a second head...In other words...You win, Amy :-)

    And another thing which (newbie) NAV users need to know: one can buy an upgrade when a new version of NAV comes out, e.g. one has a version of NAV 2006 on one's system, then one can buy an upgrade of NAV 2007, there's no need of a whole new version of NAV 2007. But if you've missed out a year (e.g. you've got NAV 2006 and did not upgrade to 2007) then one has to buy a whole new version of NAV 2008. That's what the man at the shopping centre told me, at least. I don't suppose it varies from country to country in this case.

    Oh, and I bought NAV 2008 as a stand-alone version. I did consider NIS 2008, but it's currently a bit too heavy on a student's budget, especially after the Christmas shopping ;-)

    Beginning with the 2006 versions upgrades to the newer products are free as long as you still have a current subscription. When the subscription expires you only need to renew the subscription and any upgrades to the product released during that 365 days are free. For example - If you had a 2006 version today you would have been able to upgrade in the past 365 days to the 2007 release, 3 version updates of that product and then the 2008 release.

    From this point forward you will only need to keep your subscription current each year and the new releases are included. As well, the licenses now allow the install on 3 computers per key.

     

    :)


  10. Hi Amy!

    Open the computer?!! *shriek*! I'm a not a techie at all! Well, I think I'd rather have someone come over and do that for me, or transport the computer itself to the shop. Another look at the fan shows that there is dust especially near the base of the blades - the tips are quite okay, and the layer of seems to be thin - I can see the original black colour of the fan-blades underneath. How long does a fan "live"? Anyway, I think I'll just stick to updating from NAV 2003 to NAV 2008 before scrabbling among the bowels of my PC, lol!

    I'm always wiping the hull of the computer with a slightly damp cloth and following it up with a dry cloth. And the back of the computer, where all the wires and ports and techie stuff are located - that gets a dusting with a so-called feather-duster. And the keyboard...I remove all the key caps (except for the large ones) and "enjoy" the sight of the stuff which has collected underneath them before going into action with a cloth and Q-tips. And I vacuum-clean my room every second day - around the computer too - but not the computer itself. So much for computer care :-)

    I'm thinking of saving up for a Sony-Vaio laptop - I'd have to see what kind of "sales" are going in Switzerland. However, I am also rather attached to my current computer - it has been running wonderfully so far (touch wood!!!)...I suppose that is a miracle for a machine which is more than 4 years old? I've come across (school) computers which are older than mine, and I bet they're used all the time and have never had their fans cleaned or, in fact, ANYTHING cleaned...there are crumbs and sauce on the keyboards (YUCK!) and the balls in the mice are encrusted with particles...and still those machines run...and the students are like: "Jo, das isch aber so gruusig, aber die w�n halt spare!" (Swiss German for: Yeah, that is so disgusting, but they want to save on money!") :angry:

     

    Get the RAM and have it installed where you buy it, I take it you're not in the US but most 'chain stores offer in-store install. It takes about a minute.

    Trust me, I did it on my first try years ago.

    You can order the Vaios from the SOnly Store in Costa Mesa CA and have it shipped. Great prices- have purchased 5 in past 6 months.

     

    Keep the desktop for your standby but keep it current. Today you need more RAM if you want to do projects, graphics, downloads etc all at the same time.

     

    :rolleyes:


  11. :angry:

    I've got 512 MB of RAM. Eek, one has to replace the fan? Hm, never thought of that *looks ashamed*...Yes, the computer is 4 years and 3 months old - it's a Sony-Vaio tower squatting on the floor underneath my table. How do I know when the fan needs changing? Thanks for putting up with all my questions - I hope I'm not being too much of a bother. I wonder how long a hard disk lives...I use my computer almost daily, varying between 4 and 8 hours. And yes, I back up my important documents and files which I need for work and university on one external hard disk and on USB sticks.

    PS: Just checked the fan (with a torch), well, as much fan as I could see through a kind of grating which is fastened outside on the hull of the tower, at the back, where all the ports are located. It spins very quietly, but its blades look rather dusty indeed.

     

     

    SOny support should be able to verify the amount of ram that can be added to your model. I'll guess it'a another 512 module. They're dirt cheap and so easy to add to the Ram slotl. Be sure to buy the type of Ram module recommended for your version. I gto 512 ram for less than 30.00 at Fry's and 1024 sticks for close to 50 to add to 2 Sony Vaios not too long ago. Easy update.

    ABout the fan. Open up your tower and use one of those tools that blows out all the builtup dust and that should be preventive maintenance to extend the CPU fan. One tech I know told me long ago that the fans are generally cheapies that when they quit the uneducated user will just go out and buy a whole new system. Get one of those products that clean keyboards and use that to blow out the dust on the blades and any of the 'vents' that are sucking in the dust.

    You can always go and get your fan updated by a reputable computer shop or think about updating to a newer model and save the older model just to store info offline. Sony laptops with all the trimmings are going for 500.00 at the Sony store in South Coast Plaza. They allways have deals you wont find elsewhere.

     

    My computers are all on 24/7 most of them since 1994 and the worst that has happened is the fan replacement which BTW gave me a fan in there that was more like a jet engine than a CPU fan. It's still workin :rolleyes:

     

     

    Upgrading your RAM and cleaning out the cobwebs should do wonders.

     

    -amy- :lol:


  12. Erm, I've always been terrible where maths is concerned...but how do you convert bytes directly into gigabytes? In other words: my computer has enough requirements for NAV 2008, hasn't it?

     

    First: The amount of disc space available according to disk defragmenter tells you that you have more than 1/2 the space left on your hard drive for use.

     

    NAV2008 uses significantly less resources than previous versions [especially 2003 - IMO it was the worst at using memory]

     

    Go to Control Panel

    Click System Icon

    There you should see the Processor info and the amount of RAM [memory] installed.

     

    You stated that your computer was about 4 years old I believe.

    I have a 2000 model Compaq desktop that once included NAV2003 and WinXP Pro with 512 of ram.

    It had no problems updating to newer NIS and NAV versions.

    I did however update the RAM to the max for that model to 1024 of RAM 2 years ago.

     

     

    The most reported problem with older computers occurs it seems due to CPU temps and cooling fans needing replacement or disk drive failure.

    This is why I suggested backing up your most important info to CD just in case one of those events occur.

     

    My Dec 1999 Compaq still does the job - although I have upgraded the fan twice in almost 8 years.

     

    -amy-

     

    :angry:


  13. Okay, I'll nip back sometime in January once I manage to get the box version of NAV 2008 (as a stand-alone product). I just ran a scan with Ad-Aware 2007, and since it displays system information, I wanted to ask if the below is enough to install NAV 2008 - 33% of available memory sounds really small to me! Is that normal? What can I do to free up memory?

     

    System information

    ===========================

    Number of processors: 2

    Processor type: Intel® Pentium® 4 CPU 2.60GHz

    Memory Available: 33%

    Total Physical Memory: 536195072 Bytes

    Available Physical Memory: 175689728 Bytes

    Total Page File Size: 1310793728 Bytes

    Available On Page File: 995835904 Bytes

    Total Virtual Memory: 2147352576 Bytes

    Available Virtual Memory: 1994006528 Bytes

    OS: Microsoft Windows XP Service Pack 2 (Build 2600)

     

     

    System requirements NAV 2008

    Windows® XP with Service Pack 2 Home/XP Pro/XP Media Center Edition

     

    Windows Vistaâ„¢** Home/Home Premium/Ultimate/Business/Starter Edition

    300MHz or faster processor

    256MB of RAM

    300 MB of available hard disk space

    Standard Web browser

     

    **Must meet minimum Windows Vista operating system requirements

    Platforms: Windows® XP Home/XP Pro/VISTA (Click here if you have an older version of Windows).

     

     

    Required for all installations

    CD-ROM or DVD drive

     

    Email scanning supported for POP3 and SMTP compatible email clients.

    Supported instant messenger clients

    AOL® – 4.7 to 5.9

    Yahoo!® – 5.x and 6.x

    Microsoft® – 6.0 or higher

    Trillian™ – 3.1 or higher

     

    MORE: http://shop.symantecstore.com/store/symnah...00/pgm.12821000

     

    -amy- :angry:


  14. Thanks - you have convinced me. I'll see if I can get the box version next month. Just three more questions: do I have to reboot my computer after uninstalling NAV 2003, or can I start installing NAV 2008 as soon as the old version has been kicked out? I guess I have to uninstall EVERY trace of Norton - Live Upate and all. Second question: what will happen to my Norton account? Will I have to create a new one with NAV 2008? And finally: how do I create a Restore point in case the deinstallation of NAV 2003/installation of NAV 2008 should go awry? Thanks for your patience :) I just hope that this major NAV change won't be too hard on a computer which is more than 4 years old.

    When you're ready to upgrade next month we can go thru it step by step.

    My advice for now is to back up any important files on CD in the meantime - such as school related or email, not because I think you'll have a problem with the change, just for your piece of mind.

     

    -amy- :wub:


  15. Thanks a lot for your time and trouble, Amy, it is much appreciated, especially during the holiday season; and I know that I'm a terrible worrywart about my computer, but since 2008 is a major exam year for me, I am particularly anxious to keep it in good shape. I was wondering whether this Norton issue can be turned into a separate thread since it no longer corresponds to the original topic on installing Ad-Aware 2007 and uninstalling Ad-Aware SE Personal, i.e. split the Norton section away from the actual question of Ad-Aware?

    I'll read up on NAV 2008 in the meantime. What is sure is that I won't be switching to another antivirus software brand. I had big problems with McAfee on my old computer, so it's not ending up on my current computer. Ever.

    Another question: NAV 2003 already has its uninstaller. Is this uninstaller to be ignored and the tool from Symantec to be downloaded and run in its stead? Am going to bed now, it's soon going to be 1 A.M. in Switzerland here. Good night and thanks again!

     

    Run the untinstaller in Add/Remove first.

    THEN go thru the steps in the NRT tool remover. That's the cleanup utility to remove all remnants and registry entries.

     

    -amy-


  16. Complete instructions for NAV2003 removal will be posted soon for you.

    Sorry - first post got lost and I will have to pull the links again for you.

    Keep in mind that XP and NAV and Ad-Aware have vastly changed in the past 5 years and you'd be best to be up to date with all 3.

    IMO 2003 NAV was the worst to work with and had more problems than any other version I have ever used.

     

    Hold on and I'll get the links and hints all together for you.

     

    -amy-

     

     

    Uninstalling Norton products on XP

    http://service1.symantec.com/Support/tsgen...;pkb=sharedtech

    Choose Norton 2003 product http://service1.symantec.com/SUPPORT/tsgen...;pkb=sharedtech

     

    Go to step 3 and choose XP OS - download NRT tool to desktop.

     

    HINT: Turn off AutoUpdating before you run the tool - It will be a lifesaver.

     

    We'll go to the best way to install the new NAV product after you follow all the instructions for removal and finish all the restarts.

     

    :)

     

     

    :wub:


  17. Hi Amy! Hope you had a nice Christmas! Thank you for looking into my Norton problem. Just installed Ad-Aware 2007. Is it really imperative that I deinstall NAV 2003? It has behaved very well all this time, or are virus definition updates insufficient? I would in any case prefer getting a boxed version of NAV 2008 (as a stand-alone product); if something went awry during the installation, I would at least still have the disc - something outside the computer, so to speak.

    Now, if I want to deinstall NAV 2003 (and I'm still reluctant), what would I have to do? It obviously does not belong to the "lite" and easier versions of NAV.

     

    Complete instructions for NAV2003 removal will be posted soon for you.

    Sorry - first post got lost and I will have to pull the links again for you.

     

     

    Keep in mind that XP and NAV and Ad-Aware have vastly changed in the past 5 years and you'd be best to be up to date with all 3.

    IMO 2003 NAV was the worst to work with and had more problems than any other version I have ever used.

     

    Hold on and I'll get the links and hints all together for you.

     

    -amy-


  18. It was my father who paid for the renewal subscription, which was why I was thinking of updating to a higher version of Norton only towards the end of next year (-> NAV 2009) since he has already paid for it; and I thought that as long as the virus definition updates are up to scratch it's still safe with NAV 2003...and I think you can still renew even the 2002 NAV version (virus definitions). Another solution would be to buy a boxed version of NAV 2008 and...well, let the subscription for 2003 go to waste, lol :-)

     

     

    I forgot to add some important info about Norton 2008 editions that you may not be aware of.

    Norton 2008 products update Virus Definitions via Live Update a minimum of 3 times/day versus the once a week of 2003

    Your 2008 product is licensed for use on THREE computers, not one.

    Your 2008 product [ as long as the sub is current] will be eligible for a free upgrade to the next releases such as 2009's that generally are released late summer early fall and your sub will be good for that product thru the remainder of the term of the old release [ie Dec 2008- 2009]

    Also the Symantec removal tool has been vastly improved and should you decide you do the upgrade I'll walk you thru it all to avoid any mishaps

     

    Keep in touch !

     

    -amy-

    :)


  19. It was my father who paid for the renewal subscription, which was why I was thinking of updating to a higher version of Norton only towards the end of next year (-> NAV 2009) since he has already paid for it; and I thought that as long as the virus definition updates are up to scratch it's still safe with NAV 2003...and I think you can still renew even the 2002 NAV version (virus definitions). Another solution would be to buy a boxed version of NAV 2008 and...well, let the subscription for 2003 go to waste, lol :-)

     

    Best way to handle YOUR particular situation:

    Go to:

    https://www.suth.com/symantec/CreateOnlineCSTicket.asp

    Create a ticket with all the info requested

    You can either wait for them to call you OR schedule a time for them to call you if that's more convenient.

    Explain that you renewed the subscription when you meant to upgrade to the 2008 product.

    They should be able to transfer the renewal code for the upgraded product. It may cost 10.00 but I was ablet to avoid that charge when I explained the mistake. [i had this happen on an old desktop wtih NIS2003].

     

    If you get no-where using this method, let me know and we can push it up a few notches.

     

    -amy-

    :)


  20. Yes, it was renewed online at the Symantec online shop for customers from Austria, Germany and Switzerland, and paid for via credit card. I also received the auto-confirmation from Symantec via e-mail after finishing the subscription renewal process.

     

     

    It may take more than a day to get the info together from my Symantec contacts on how best to get you upgraded to the 2008 product - in essence trading in the renewal for the 2003 product which only provides for virus definition updates.

     

    The 2003 PRODUCT is no longer updated - just the ability to update the definitions.

     

    I can promise you that removing the older version is not the hassle it was in the past and that the newer releases are remarkably 'lite' compared to the NAV of old and I am surprised that you were given the option to renew.

     

    I have used just about every Norton/Symantec product available since 1993 and I want to reassure you that you won't regret getting rid of 2003 .

     

    I would just like to get official advice on how we can make this transistion as uncomplicated as possible for you. The uninstall and the new install are painless- Let me see what we can do about getting the subscription transferred with the least amount of hassle.

     

    I'll get back to you asap

     

    -amy- :(


  21. Ohhh a Norton Guru sounds great. I don't have the Norton CD-ROM with me - it came preinstalled on my computer, i.e. the installation wizard/installer was already on the computer, and all I had to do was click on it and let the program install itself. I've got NAV 2003 as a stand-alone product, and whenever I've thought of shifting to the next version (2004, 2005 etc.), I've come across complaints about the difficulties of deinstalling Norton.

    Thanks for all your time and trouble, and merry Christmas to you and your family!

     

    Sorry it took so long to get back to you -

    Best way to me to give you the best answer to the NAV2003 version starts with a simple question -

     

    ??? When does your NAV2003 subscription expire???

     

    -amy- :(


  22. ;) Have installed Ad-Aware 2007 (free) v7.0.2.5 on Windows XP Pro SP-2. Platform is Sony VAIO (VGC-RB43) with 2 MB of memory and 100+GB storage.

     

    Why isn't the Ad-Aware software listed in the software inventory under 'Add or Remove Programs'? The are no entries for Ad-Aware, Lavasoft or any combination thereof.

     

    Product installed without issue and performs as advertised except for the fact that I had to manually configure Norton Firewall to allow updates. Interesting note...Norton scan did not find Ad-Aware when I was troubleshooting update problem - I'm pretty sure that Norton starts with the installed programs table when it searches for internet capable programs. This might explain some of the other problems associated with Ad-Aware updates I see posted here!

     

     

    Just to be sure on the Norton side of things - what Norton product and version is installed on this computer?

    From that info we can make sure all's right with your Norton install as well.

     

    -amy-

    :)


  23. Hi, I've done all you've asked for. Norton is running correctly. Computer is still slow, but isn't showing signs of virus infection. I probably need to defrag, etc. Thanks for all the help so far. Here are the logs you asked for, starting with the ESET scan (it found one threat) and followed by the HijackThis scan:

     

    # version=4

    # OnlineScanner.ocx=1.0.0.56

    # OnlineScannerDLLA.dll=1, 0, 0, 51

    # OnlineScannerDLLW.dll=1, 0, 0, 51

    # OnlineScannerUninstaller.exe=1, 0, 0, 49

    # vers_standard_module=2665 (20071117)

    # vers_arch_module=1.059 (20071108)

    # vers_adv_heur_module=1.060 (20070601)

    # EOSSerial=bfeaf1aa68734f40ad7f62a21d2bff14

    # end=finished

    # remove_checked=false

    # unwanted_checked=true

    # utc_time=2007-11-17 10:36:07

    # local_time=2007-11-17 03:36:07 (-0700, US Mountain Standard Time)

    # country="United States"

    # osver=5.1.2600 NT Service Pack 2

    # scanned=678959

    # found=1

    # scan_time=17815

    C:\RECYCLER\S-1-5-21-2502462651-1460304000-1292286586-1005\Dc3.exe Win32/TrojanDownloader.Nurech.NBU trojan A36EBCE2BDA60AD5D8378EFFCC721AC7

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 5:41:07 PM, on 11/17/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Viewpoint\Common\ViewpointService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\HijackThis\Hijac.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;comments.myspace.com;www.msnusers.com

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://azexpress3.orbital.com/dwa7W.cab

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

     

    --

    End of file - 10563 bytes

     

     

    Just to follow up - were you able to update your Norton subscription status ok?

     

    Please let me know if there are any lingering NAV problems.

    I'll be glad to assist.

    -amy-

     

     

    ;)


  24. Symantec has now included detections for the following 4 files in the CERTIFIED definitions beginning Monday the 19th

    More info:

    Symantec detections now id ALL

     

    -----Original Message-----

    From: [email protected] [mailto:[email protected]]

    Sent: Monday, November 19, 2007 10:39 AM

    To: amysheehan AT dslr.net

    Subject: [CLOSING]: Symantec Security Response Automation: Tracking #9283020

     

    This message is an automatically generated reply. This system is designed to analyze and process virus submissions into the Symantec Security Response and cannot accept correspondence or inquiries.

    Please contact your Technical Support representative if more detailed information about your submission is required. Do not reply to this message.

     

    Below is a status update on your virus submission:

     

    Date: November 19, 2007

     

    Dear Amy,

     

    We have analyzed your submission. The following is a report of our findings for each file you have submitted:

     

    filename: Crack.exe.zip

    machine: AVCAutomation:

    result: See the developer notes

     

    filename: Crack.exe

    machine: AVCAutomation:

    result: This file is detected as Backdoor.IRC.Bot. »www.symantec.com/avcenter/venc/d···bot.html

     

    filename: Setup.exe.zip

    machine: AVCAutomation:

    result: See the developer notes

     

    filename: Setup.exe

    machine: AVCAutomation:

    result: This file is detected as Backdoor.IRC.Bot. »www.symantec.com/avcenter/venc/d···bot.html

     

    filename: svchost.exe.zip

    machine: AVCAutomation:

    result: See the developer notes

     

    filename: svchost.exe

    machine: AVCAutomation:

    result: This file is detected as Downloader. »www.symantec.com/avcenter/venc/d···der.html

     

    filename: winlogon.exe.zip

    machine: AVCAutomation:

    result: See the developer notes

     

    filename: winlogon.exe

    machine: AVCAutomation:

    result: This file is detected as Infostealer. »www.symantec.com/avcenter/venc/d···ler.html

     

    Developer notes:

    Crack.exe.zip is an infected container file of type ZIP Crack.exe is non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions. This file is contained by Crack.exe.zip Setup.exe.zip is an infected container file of type ZIP Setup.exe is non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions. This file is contained by Setup.exe.zip svchost.exe.zip is an infected container file of type ZIP svchost.exe is non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions. This file is contained by svchost.exe.zip winlogon.exe.zip is an infected container file of type ZIP winlogon.exe is non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions. This file is contained by winlogon.exe.zip

     

    The current definitions are capable of detecting this virus. Please update your definitions by clicking the "LiveUpdate" button in your NAV program.

     

    Should you have any questions about your submission, please contact your regional technical support from the Symantec website and give them the tracking number in the subject of this message.

     

    -----------------------------------------------------------------------

    This message was generated by Symantec Security Response automation.

     

     

     

    >>>>>>>>>>>

    Please contact me if you find another file for submission or any additional help/ advice with this issue.

    Amy Sheehan