1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

NAV viruses not showing, now have one

Discussion in 'Security and Privacy' started by twichell, 2004/05/25.

Thread Status:
Not open for further replies.
  1. 2004/05/25
    twichell

    twichell Inactive Thread Starter

    Joined:
    2003/12/11
    Messages:
    29
    Likes Received:
    0
    Use XP, NAV, Dell..6 months old

    Use Norton's AV 2003. Suddenly last Friday IE appeared to be on the verge of crashing...3-4 popups at once (use
    Google's popup blocker, which had been working fine) slowed WAY down, sites wouldn't connect, and finally froze. Only way to turn it off was to hold the big button down. Netscape, however, runs decently, but not as fast as before. Have run 4 anti-viruscans..nothing. Yet in the virus list I don't have any of the viruses for May listed..Korgo, Asmah, Gaobut, Backddoor. Can find no way to contact them without paying, and given the newest viruses aren't listed, but they say I don't have one when it is fairly obvious I do, I shouldn't have to. Do I have to take this thing into a computer store? Am ticked..can you tell! How to fix please.
    Thanks in advance.
    Laura
     
  2. 2004/05/25
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    Sorry....I'm a little lost....
    But perhaps you can start with an online (free) scan at Housecall ?
     

  3. to hide this advert.

  4. 2004/05/25
    twichell

    twichell Inactive Thread Starter

    Joined:
    2003/12/11
    Messages:
    29
    Likes Received:
    0
    Housecall found 1 malware..sandbox. Anyone kno9w h0w to contact NAV without paying for it? Have their anti-virus which says i'm up to date and have no viruses. Yet none of the current viruses are listed in the log. Given i've already paid for the updates i should not have to pay again if i think these updates are incomplete.

    Laura
     
  5. 2004/05/25
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    Have you tried here ?
     
  6. 2004/05/25
    twichell

    twichell Inactive Thread Starter

    Joined:
    2003/12/11
    Messages:
    29
    Likes Received:
    0
    This site is for repairs, refunda and registrations only.

    Laura
     
  7. 2004/05/25
    Daizy

    Daizy Inactive

    Joined:
    2002/02/19
    Messages:
    2,965
    Likes Received:
    0
    Customer Service provides you with assistance on various nontechnical topics such as general product information, rebates, registration, purchasing options, returns and replacements.

    To contact Customer Service, select the type of information that you want.
    try presales/general questions.

    Or customer service phone numbers.

    What have you got to lose? In the very least...they should be able to help direct you.
     
  8. 2004/05/25
    Johanna

    Johanna Inactive Alumni

    Joined:
    2003/03/08
    Messages:
    2,402
    Likes Received:
    2
    You may not have any viruses. You don't mention if you have a firewall[B or not, but many problems can occur from an unprotected internet connection. The firewall with XP is not sufficient protection, so if you have been relying on that, you may have a trojan or worm. That would NOT be Norton's fault, because they sold you a product designed to catch viruses, not act as a firewall.

    Have you scanned with Spybot or AdAware? The symptoms you initially described (freeze, slowing down) are also symptoms of adware or malware.

    Please tell us how you connect to the internet, what kind of firewall you use and what scans you could and could not do? Did you try to manually update your Norton AV? Run a scan from RAV, after the spyware scans, too. Post back with your results.

    Johanna
     
  9. 2004/05/25
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    You can download/install the latest virus def files for NAV Here. No charge and since Norton normally only updates your system on Wednesday, good to use this manual one in between times if you have broadband.

    Absolutely get, update, and use ad-aware and spybot. They do spyware removal well and NAV 2003 does not do it at all. 2004 does, sort of, but not as well as those two free apps.

    The online scanners mentioned earlier are a good idea too since it is possible for a virus to disable NAV while having it appear to still work. They make a good double-check.
     
    Newt,
    #8
  10. 2004/05/25
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
  11. 2004/05/29
    twichell

    twichell Inactive Thread Starter

    Joined:
    2003/12/11
    Messages:
    29
    Likes Received:
    0
    Here's the result from HikackThis!
    Logfile of HijackThis v1.97.7
    Scan saved at 10:10:04 AM, on 5/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\OPfv.exe
    C:\WINDOWS\System32\yppmhoe.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\WINDOWS\System32\ieptopen.exe
    C:\WINDOWS\System32\Akr61H.exe
    C:\WINDOWS\System32\DluL.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.scoresandodds.com./ "); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\k9zn1qw3.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\k9zn1qw3.slt\prefs.js)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Atomica BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\Atomica Shared\agtbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\SCAN&F~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [OPfv.exe] C:\Documents and Settings\Owner\Local Settings\Temp\OPfv.exe
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\MipL9X4.exe
    O4 - HKLM\..\Run: [fnpdyyuewekwx] C:\WINDOWS\System32\yppmhoe.exe
    O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
    O4 - HKLM\..\Run: [wsmR3EX] ieptopen.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Documents and Settings\All Users\Start Menu\Programs\Scan & Fix\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41433
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab


    Laura
     
  12. 2004/05/29
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hello twichell

    First thing Please wait for our other forum members to also suggest a fix

    This line indicates a peper/trojan infection
    O4 - HKLM\..\Run: [2LRX2W83X2T3MQ]
    Dont get overly excited we can handle it :)

    this is what I propose for now.
    Download both these uninstall tool's for peper infections
    http://www.downloads.subratam.org/uninst.exe

    Double click on uninst.exe, Make sure you let it have internet access through any firewalls and such.
    Let it run and terminate.

    Then run it again.
    then run this one also But while disconnected from the internet this time.
    http://members.shaw.ca/techcd/VB_Projects/PeperFix.exe
    And then Reboot and Post another new log
     
  13. 2004/05/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Yep. What Lonny said. :)
     
  14. 2004/05/29
    Johanna

    Johanna Inactive Alumni

    Joined:
    2003/03/08
    Messages:
    2,402
    Likes Received:
    2
    Lonny and Dave,
    You guys could at least tell her what she's supposed to be downloading, and WHY. You could at least tell her what she's been "infected" with. With the exception of some of you fine BBS folks, there is no way I would download anything executable w/o having an explanation and a reason. Plus, by using no "keywords" in your reply, this thread becomes of little use in the "Search" function.

    Tsk tsk

    Johanna :D
    grouchy because school is OUT for the summer, and all of the kids are bored already! :eek:
     
  15. 2004/05/29
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Good point Johanna

    I have edited it. though a kyword search probaly wont help in this case
    I do try when possible to post non direct links but I cannot just now in this case
     
  16. 2004/05/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hey Grouchy! :D

    I believe this was in Lonny's original post.
    Could be wrong though, and if so, "Yes Ma'am, please accept my apology." :eek: LOL!
     
  17. 2004/05/30
    twichell

    twichell Inactive Thread Starter

    Joined:
    2003/12/11
    Messages:
    29
    Likes Received:
    0
    NAV viruses not showing

    Loony Jones: I downloaded the unist.exe to remove the peper trojan..
    But when I clicked on it to install, only went 3rd of the way and quit. Was on the internet. Have no firewall. Saved the .exe to an Applications folder like I always do. What now? (Did this 3 times)
    Also, is this trojan the reason I suddenly have so many darn popups..altho they don't show up in Netscape. Have goggle's blocker working. what's up? Finally, didn't download adaware because I've heard a number of negative things. Yet all of you say to use it. Have I been mislead??
    Spybot found this trojan and claims to have eradicated it, so your finding came as somewhat of a surprise.
    Appreciate all your help. If you'd rather wait on the popup issue that's fine.
    Altho I'm hoping the trojan is the problem and its removal wilo also take care of the popup issue.


    Laura
     
  18. 2004/05/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    YES!! You have DEFINATELY been misled. That or you are confusing Ad-aware with adware. Ad-aware is a spyware detection/removal program. One of the best. And free. Click the link in my signature, download and install it. Open and click the update button, then configure it for a full scan. Run and delete everything it finds. :) Then post another log.
     
  19. 2004/05/30
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    After Doing as Dave suggests run that other file or have you ? "PeperFix.exe "

    Then reboot and come back and post a new log please

    (Mornin Dave)
     
  20. 2004/06/01
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    twichell we are wondering what happend with you ?

    There are some other Minor nasties to take out also, so please do continue here
     
  21. 2004/06/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Also, if you're still unable to run the peper fix all the way through, try this one. Save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot if prompted. No need to stay connected to the internet. Then post a new log.
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.