norton 2006

Status
Not open for further replies.

focus_water

Posts: 160   +0
i have just got norton and i instaled it and updated everything and it was fine for a while. i turned on my computer and a message came up saying that there was a virus i clicked ok and then like a second later another message came up saying that there was a virus. it just wont go away. i have gone to the source but the file isnt there. everytime i click ok and the messege pops up the and file is always diffrent but same location.
it says the virus is in C:\windows\TEMP\X.tmp

im not even sure if that will make sence to you but any way.

if there is anymore information you need please just tell me what you need to know.
 
Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log as an attachment into this thread, only after doing the above.

Regards Howard :)
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

msnappm.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe

O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.overture.com/d/search/p/befree/?Promo=befree0008898190 6563281284&Keywords=Home+Page&Go=Go&Promo=befree

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC54A9D-C301-4D15-835D-371F652F5882}: NameServer = 203.134.24.70 203.134.26.70 <only fix this, if it doesn`t belong to your ISP.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\msnappm.exe

Reboot into normal mode and turn system restore back on.


Regards Howard :)
 
thanks for the help Howard but it didnt work. i guess i will have to format the HDD, but someone stole my windows XP cd so i guess i will have to keep it like this for a while till i get a new one.
X_X
 
Download and run the ccleaner programme from HERE. It should get rid of your temp files.

You can also try and get HJT to get rid of that file on reboot.

If you run HJT and click on the config button, followed by the Misc Tools button. You will see amongst other things a button that says Delete file on reboot. If you click on this, a windows appears, where you can browse to the file you wish to delete. Open the file and HJT will ask you if you want to restart your computer. Click yes. The file should now be gone.

Regards Howard :)
 
Let us know how you like it. A lot of people here have been disapponted with Norton after 2003. I use systemworks 2003 with no issues - actually it's pretty good. Norton is known to e a system resource hog, but you have some control over it.

I don't know anyone with 2006 edition.
 
A new AV would be better but u would have to pay again for it(I'm assuming u paid for ur Norton AV). NOD32 is a good choice. I have been using it for over 3 years and its rock solid. It doesn't eat too many resources, updates in a flash and it doesn't allow anything to get in. Norton is good, but not the best, as they like to proclaim.
 
Status
Not open for further replies.
Back