TechSpot

Virus turned off my internet security and antivirus now i cant turn them on

By tyrant
Feb 7, 2008
  1. today i found out i had (backdoor trojan) on my computer so i followed all instuctions at symantec.com to remove the virus. and i restarted my computer afterwords. now my norton antivirus and norton internet security are both turned off,and they wont turn on! what do i do?:(
    iv also been having problems with my desktop backround being replaced with a message that says i have spyware. even tho iv ran scans on 3 different antispyware programs and and removed them all the backround wont go away.... and yes iv tried changing it >_>.. it changes back.. all this virus/spyware bullsh** it so annoying i swear to god im about ready to throw im computer off the roof of a really tal building!! o ya and my email scanning is turned off... when i open antivirus it says error under email scanning and there isent even a option to turn it back on...
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Smitfraud Fix
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Clean:

    Reboot your computer in Safe Mode
    (before the Windows icon appears, tap the F8 key continually)

    Double-click SmitfraudFix.exe

    Select 2 and hit Enter to delete infected files.

    You will be prompted: Do you want to clean the registry ? answer Y (yes)
    and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:

    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
    ----------------------------------------------------

    Additional Steps:

    (Start -Run)
    sc stop Messenger
    sc config Messenger start= disabled

    Locate and Remove in Registry (Start Run Regedit)

    [HKEY_USERS\S-1-5-21-1877239962-2024743916-928725530-1189\Software\Microsoft\Search Assistant\ACMru\5603]
    " 000"="links.exe"

    Restart
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    tyrant, in addition to doing the suggested cleaning, IF the message you're getting saying you have spyware appears to be a message from Windows or Microsoft, you need to turn off the Windows Messenger Service:

    Control Panel> Administrative Tools> Services> right click n Messenger> Properties> change dialog box to Disable and stop the Service.

    This is not the IM, but it is a source of unethical messages from rogue programs.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks Bobbye, but I already had that stated under Additional Steps.
    Doesn't look exactly the same - but it is.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology. It didn't appear to be the Messenger Service. You don't disable this Service through the msconfig utility.
     
  6. tyrant

    tyrant TS Rookie Topic Starter

    :confused: ok well i got the backround to go away 4 good^^..i think............. BUT my antivirus/internet security/email scanning are all disabled and i cant turn them on!! is this a virus??
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    No

    And not only that, I expected it !

    You will need to go to Add/Remove programs and remove Norton Internet Security
    Now there's a lot in that above sentence (most viewing will probably Know)

    So I'm going to post this message, and then edit it, with more details, in a moment, but please go ahead and un-install fully (no question)
     
  8. tyrant

    tyrant TS Rookie Topic Starter

    what do i do after removing it?.... or is that all... lol....?
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    OK firstly please make sure NIS fully un-installs
    There are 3 parts to NIS in add/remove

    Norton Internet Security
    Live Update
    Live Reg

    All 3 can be removed (as long as you don't have other Symantec programs installed (ie Live Update)

    Assuming (!) that NIS does not un-install, please download, go here:
    http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039?OpenDocument
    And select your NIS version, download the tool and run it.

    Restart once complete.

    NIS and all Norton (Symantec) products in regards to AntiVirus and Firewall (only) are very high resource hungry products, that is they tend to slow down, even the fastest computer.
    Not only that, but when your system is infected with a Virus or Trojan/Malware that Norton cannot remove (ie your case scenario) Norton tends to corrupt !!! Which has caused millions of problems everywhere.

    My recommendation would be to remove Norton fully, and install the basic free version of AVG --HERE
    No I'm not mad, just to prove it here's a graph:
    [​IMG]

    As you can plainly see NIS, does horrible things to a standard system.

    How do you feel about this ?
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    . .
     
  11. apaullo

    apaullo TS Rookie Posts: 80

    tyrant...the first mistake u did is consulting the symantec website for solution T__T

    Norton sucks and it would be better if u follow kimsland suggestion in removing it..

    :)
     
  12. tyrant

    tyrant TS Rookie Topic Starter

    got it to uninstall
     
  13. tyrant

    tyrant TS Rookie Topic Starter

    ok i completely got rid of norton crap and installed avg. its up to date and installed components are working properly. should i get the avg spyware protector?
     
  14. apaullo

    apaullo TS Rookie Posts: 80

    the avg spyware protector is also good to install...after that u update :)
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    No

    And if you have installed it already Update -Scan -Remove Anything Found
    Then remove avg spyware protector fully

    By the way, how is your system going, ie is it faster.

    To really help it along download CCleaner and filly run (you can leave that installed)

    If you want to go one step further Download Startup and remove any unwanted startup shortcuts.

    Finally after a restart, run Defrag (All Programs->Accessories->System Tools->Defrag)

    Please reply back with how it all went, and your feelings on all this.
     
  16. apaullo

    apaullo TS Rookie Posts: 80

    hi kimsland
    u saying avg anti spyware is no good? i have it on my system and it was useful too :p
     
  17. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi apaullo,

    They're all good, actually there are better ones than that one.

    But they are only required for removing Spyware/Malware and alike

    If your system is clean, why have them installed ?
    Your response may be resident protection.

    But you would need about 5 Spyware programs resident protecting all the time.

    Better to run AntiVirus software (that's covered) and Spyware software ONLY when needed.

    Otherwise you will slow your system down.

    Put it this way I'm not running it, and I'm all over the Web! If I feel there's an issue, I download/Update/Scan/Remove and uninstall again
    (they're too resource hungry, and some cause issues, even SpybotsS&D can cause issues)

    That's why.
     
  18. apaullo

    apaullo TS Rookie Posts: 80

    ahhh ok...now i learned somthin new today...

    even though they are resource hogs i just let them reside in my system..i didnt think i could actually install then remove when not needed...thanks kims!

    :p
     
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes, because they also reside inregistry and right click menu
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh I have to step in here! Advising someone NOT to have spyware/adware programs on their system is not good thing! IF indeed they are of only the find and fix type, they are NOT going to slow your system down because they are NOT running- or in some cases, only th shields are running, not the entire program!

    IF you choose Tea Timer in Spybot S&D, that changes, because TT runs in Real Time. I will stick by what I recommend: 1 AV program, 1 firewall, 2 or more spyware/adware programs.

    IF the user has these programs and develops regular habits to scan their systems, they are more likely to do it if the program is already on their system, rather than having to download and install it every time they want to run a scan.

    And most AV programs will NOT remove spyware or adware- they may tell you there is malware, but they do nothing with it.
     
  21. apaullo

    apaullo TS Rookie Posts: 80

    hmmm..im confused now...heheh...
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    We need to see some logs.

    Don't be confused. They are both saying the same things.

    Until you are clean don't remove any of the anti malware programs.

    After you are clean, they can make a recommendation on what to keep and what to get rid of.

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
      ***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***


    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt


    **Your next reply should include a Hijackthis log as well as a Combofix log
     
  23. apaullo

    apaullo TS Rookie Posts: 80

    hi...wat im confused now is who to believe..kimsland or bobby..they have different opinion about how to protect ur pc against viruses....
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    They are both basically saying the same thing just not clearly. AVG Anti Spyware is not free and you can download the 30day trial as many times as needed. So usually I uninstall, then reinstall only when needed.

    After we get your computer cleaned up it is a good idea to keep:
    *AVG anti virus
    *Spybot S&D
    *Adaware 2007
    *Zone Alarm, Kerio, or Comodo Firewall

    Keep them uptodate and you should be fine.

    I think you should run through Viruses/Spyware/Malware, preliminary removal instructions It has links to all the discussed programs and is basically an overview of the instructions you have received so far
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry, but I do not think we are saying the same thing. As I read it, kim advocates that once malware is cleaned up up, the user doesn't need to have spyware/adware programs on board. On the other hand, In my opinion, most users aren't going to go to the trouble of downloading and installing spyware/adware programs every time they want to scan.

    As for AVG AntiSpyware, as good as the AVG AV program is, I have read that their anti-spyware program is not as good. There are others that are free and good.

    apaullo , it is not unusual for users to have a difference of opinion- it doesn't make one right and the other wrong. In most cases, there are almost always more than one way to accomplish the same thing. When it comes to security programs, I think it's better to have them installed, update and scan regularly.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...