Virus question

[Bri]

Hi, I'm working on a clients system, WinXP with IE 6 all
updates are inplace. The best I can tell her Norton
Antivirus stopped running live updates two weeks ago and
I cannot get to the symantec site, the mcaffee site to
run scans online.
Installed Adaware 6x and found spyware, but the system
virus scan indicated that the spybot worm removal was not
complete, that 'Bloodhound packed' (which is Norton's
list of 'we don't know what you have')
I've ran the Klez, blaser, beagle, korgo, Sasser removal
tools, none of those listed appeared.
I uninstalled Norton 2003 and installed 2004 and ran the
prescan which removed two files, installed new dat files
from CD and ran scan and found Adware.xxx files.

Cannot run live update, nor get to Norton site.
Help?

 

[Guest]

Hi, I'm working on a clients system, WinXP with IE 6 all
updates are inplace. The best I can tell her Norton
Antivirus stopped running live updates two weeks ago and
I cannot get to the symantec site, the mcaffee site to
run scans online.
Installed Adaware 6x and found spyware, but the system
virus scan indicated that the spybot worm removal was not
complete, that 'Bloodhound packed' (which is Norton's
list of 'we don't know what you have')
I've ran the Klez, blaser, beagle, korgo, Sasser removal
tools, none of those listed appeared.
I uninstalled Norton 2003 and installed 2004 and ran the
prescan which removed two files, installed new dat files
from CD and ran scan and found Adware.xxx files.

Cannot run live update, nor get to Norton site.
Help?

Check the "Hosts" file
Windows-system32-drivers-etc-hosts open with notepad

 

[Rick \Nutcase\ Rogers]

Hi Bri,

I'd suspect a trojan of some sort. Her startup list may contain clues. Run
regedit and look under these keys in Safe mode:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

If you don't recognize an entry, google it. If it comes back "not found",
then you probably have found the problem (or at least one of them).

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Brian Gaff]

Have you run the stinger utility that is a free download. I find this very
handy as it fits on a floppy which can be write protected.

I assume you have looked for dodgy stuff in msconfig etc, as whatever is
disabling things has to be run from somewhere!

Brian

--

Brian Gaff....Note, this account does not accept Bcc: email.
graphics are great, but the blind can't hear them
Email: (e-mail address removed)
____________________________________________________________________________
__________________________________