1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Laptop Virus Issues? Norton Logs

Discussion in 'Computers, Games, Electronics etc' started by reckedracing, Jan 3, 2011.

  1. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    This happened on my old lady's laptop running norton.

    Severity = High
    Activity = An intrusion attempt by "Gf's Computer" was blocked. Application path\Device\Harddiskvolume3\program files (x86)\mozilla firefox\firefox.exe
    status = blocked
    recommended action = no recommended action

    risk name = HTTP Neosploit Toolkit Request
    severity = high
    Attacking computer = GF's Computer
    ayyacker url = googlene.info/tre/LENA.exe
    destination address 64.34.179.100,80
    source 192.168.2.3
    traffic description = TCP,PORT 52179

    and ever since then she keeps getting other errors, norton says a file is trying to attack the norton executable file or directory.

    suggestions?
    already ran malware bytes, with update and full scan
     
  2. Briansol

    Briansol Admins Admin VIP

    Messages:
    21,452
    Likes Received:
    2,116
    Joined:
    Nov 18, 2007
    Location:
    CT
    step 1) uninstall norton
    step 2) get a real virus scanner

    step 3) scan again
     
  3. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    as of right now that appears to be the only thing keeping this computer from being a complete cluster fuck

    and i did a search and most anti virus programs didn't catch this lena.exe shit
     
  4. hondafreak513

    hondafreak513 New Member

    Messages:
    2,053
    Likes Received:
    46
    Joined:
    Nov 9, 2010
    Location:
    O hi O
    Get Webroot Antivirus I have it. Its one of the best and a lot better than Norton..
     
  5. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
  6. hondafreak513

    hondafreak513 New Member

    Messages:
    2,053
    Likes Received:
    46
    Joined:
    Nov 9, 2010
    Location:
    O hi O
    well i got a copy when I bought my laptop.. I will send you the cd if you can find a way to use it free..
     
  7. Briansol

    Briansol Admins Admin VIP

    Messages:
    21,452
    Likes Received:
    2,116
    Joined:
    Nov 18, 2007
    Location:
    CT
    HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN CyberMania
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CyberMania

    kill those int he registry and anything else relating to cyber mania
     
  8. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    how did you find that?
    site with info?
     
  9. 95b16coupe

    95b16coupe New Member

    Messages:
    6,538
    Likes Received:
    224
    Joined:
    Nov 6, 2008
    Location:
    ct
    download

    rkill.exe

    from bleepingcomputer.com it will close all the programs and any trojans that are running in the background. make sure you close all current tasks, windows, etc. run rkill, then run your malwarebytes. it should clean you up.
     
  10. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    can anyone recommend a good registry scanner?
     
  11. 95b16coupe

    95b16coupe New Member

    Messages:
    6,538
    Likes Received:
    224
    Joined:
    Nov 6, 2008
    Location:
    ct
    i have AVG, and it does a decent job. i just surf around cnet.com and they have all the free stuff you can shake your stick at.
     
  12. TurboMirage

    TurboMirage YEEAAAHHH VIP

    Messages:
    24,577
    Likes Received:
    696
    Joined:
    May 20, 2003
    Location:
    Central, MA
    CCleaner is great for cleaning the registry....

    also malwarebytes.
     
  13. hondafreak513

    hondafreak513 New Member

    Messages:
    2,053
    Likes Received:
    46
    Joined:
    Nov 9, 2010
    Location:
    O hi O
    CCleaner is a good one, but not to sure about malwarebytes, I think my dad used this and had a few problems with it..

    The Rkill.exe is a great thing to help i used it last month to fixed my friends computer..
     
  14. endlesszeal

    endlesszeal Senior Member

    Messages:
    2,670
    Likes Received:
    35
    Joined:
    Nov 13, 2002
    it depends on which verison of norton's you have. anything 2009 or up and enterprirse 2010 and up are very very good. a new team took over and re-did everything.

    another surprising good and free program is microsoft security essentials. they use the same engine and heuristics as norton, kapersky, etc...

    the best scanner is Anti-Vir, but the only thing that sucks is you have to tell it what to do when it picks each virus (annoying). however, its very thorough. then i would malware-bytes and superantipyware. lastly a good run of ccleaner should set you right.



    http://www.av-comparatives.org/
    http://www.elitekiller.com/malware.htm

    good sites for info
     
    Last edited: Jan 3, 2011
  15. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    its a new laptop so i think it has the newest version of norton, probably 2010
     
  16. endlesszeal

    endlesszeal Senior Member

    Messages:
    2,670
    Likes Received:
    35
    Joined:
    Nov 13, 2002
    then i would just keep it on. i would update norton, malwarebytes and superantisypwre. then i would download and update hijackthis.

    restart and push f8. get into safe mode without networking and run all the said scanners in succession (not simulatenously) if possible from norton --> malwarebytes --> superantispyware doing reboots if requested. then i would run hijackthis and post the log on castle cops or either here.

    this should get rid of it, if not, backup and reformat because its presistant little fuck.
     
  17. corvetteguy78

    corvetteguy78 Well-Known Member VIP

    Messages:
    3,518
    Likes Received:
    290
    Joined:
    Feb 19, 2007
    Location:
    CT
    I have Malwarebyes, Norton 2009 and Prevx, all three did not pick up some shit that i had. Finally I used Hitman Pro 3.5 worked like a charm

    Try Hitman Pro 3.5
     
  18. reckedracing

    reckedracing TTIWWOP VIP

    Messages:
    21,056
    Likes Received:
    1,180
    Joined:
    Dec 5, 2002
    Location:
    NY
    ok, i did the following
    boot into safe mode, run norton, malwarebytes, superantispyware, and hijack this all in order with no reboots in between, and all in safe mode

    upon reboot norton is still throwing up a warning that c:\windows\system 32\services.exe is trying to attack the norton.exe (or whatever the name is)
    i dont understand this
    the only thing that came up on the scans were some adware cookies

    i notice in the hijack this log a lot of missing files
    particuarially associated with lsass.exe
    and this is the file that windows\system32\services.exe is "attacking" i think
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe


    here is the hijack this log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:54:29 PM, on 1/4/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Safe mode

    Running processes:
    C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\Navw32.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Lynden\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com by Dell
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com by Dell
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - SupportSoft, Inc. - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10059 bytes
     
    Last edited: Jan 5, 2011
  19. eg6sir

    eg6sir Supa Mod Moderator VIP

    Messages:
    21,703
    Likes Received:
    321
    Joined:
    Aug 17, 2005
    Location:
    661 BK CA

    get AVG 9.0... i have a serial that'll activate it until 2018
     
  20. corvetteguy78

    corvetteguy78 Well-Known Member VIP

    Messages:
    3,518
    Likes Received:
    290
    Joined:
    Feb 19, 2007
    Location:
    CT
    Run Hitman Pro and your problem will be fixed, i had the same thing
     
Verification:
Draft saved Draft deleted

Share This Page