Please could anyone help with Outlook/NortonAV problem?

[Tianne]

:hotbounce Hello! This site is very useful and everyone seems friendly. Could anyone please help me shed light on my problem with Norton Personal Firewall? I have to turn it off to run Outlook and retrieve/send my emails. With the firewall on I sent a test email to myself and this came back:

Your message did not reach some or all of the intended recipients.

Subject: test
Sent: 17/03/2005 18:23

The following recipient(s) could not be reached:

'my@address.co.uk' on 17/03/2005 18:26
No transport provider was available for delivery to this recipient.

I have set the firewall up to include outlook in the list of all applications allowed access to the internet and I have tried turning the anti-spam off in case there's a conflict. I have the windows firewall currently disabled for the same reason. The Symantec site does not mention anything other than Norton's fine compatibility with outlook. So now I'm out of ideas!

I also have an issue with the about:blank thing recurring on my internet home page. I have no hijacker but may have done at one time and got rid of it but there's a residue? I have got hijack this and a whole raft of spyware stingers/killers/hunters and destroyers. Perhaps this is related to the outlook thing? Probably not related to outlook but related to the about:blank is that my RAM is limping along at 175mb/mo because it has an error. I am waiting for the replacement to arrive any time!

Hope that someone might have an idea on this and that it could help others with similar troubles too?
Tianne :wave:

 

[isatippy]

Hello and welcome. :wave: :wave:

 

[Mictlantecuhtli]

Welcome to TechSpot

I have to turn it off to run Outlook and retrieve/send my emails. I have the windows firewall currently disabled for the same reason.

I hope you turn the firewall back on after you've done with your e-mails. Actually, it wouldn't surprise me if you'd get unwanted things to your computer during e-mail checks when the firewall is disabled.

How secure is your computer?
Windows Service Pack 1, or SP 1, however, was another story. It's an older version of Windows that was sold in computer stores until a few months ago.

SP 1 was attacked 4,857 times. It was infested within 18 minutes by the Blaster and Sasser worms. Within an hour it became a "bot," or a machine controlled by a remote computer, and began attacking other Windows computers.

That was about a month ago. I've already seen some threads in this forum about that "about:blank" problem. I guess it's relatively new thing, probably less than a month old.

I have no hijacker but may have done at one time and got rid of it but there's a residue?

That's the 'fun' part with Windows, you get a lot of freeware with it - only that it tends to be ad/spyware or submicroscopic infective agents.

Perhaps this is related to the outlook thing?

Perhaps.

Probably not related to outlook but related to the about:blank is that my RAM is limping along at 175mb/mo because it has an error. I am waiting for the replacement to arrive any time!

You bought a new memory module because of this? Well, it's an excuse...

 

[TylerBello]

About:Blank

is the default homepage that comes up when you run a spyware scan or the like and the following occur:Cookies Deleted,Cache Deleted,History Deleted....ETC.....

 

[Tianne]

Thank you for your replies! The About:Blank issue is reported to be caused by spyware and has been around since hijackers first emerged apparently so it's always something to be suspicious about. If I find out any more I'll post info about it but there is a lot of conflicting information on the internet about this so I guess there are various causes for it. Tylerbello - I take your point, thank you. But it makes no difference whether I've run scans or not. My machine boots up with spyware nuker and always reports the registry change for the IE default home page and gives me a chance to restore it to my chosen one. Do you think it is the nuker itself that is doing this perhaps?

I do always turn the firewall back on and run scans etc. straight afterwards which is why it is such a nuisance that I have to turn it off every time I just want to collect my emails.

I had my laptop checked by the engineers where I work and the diagnostics they performed showed up a glitch in my RAM. The CPU was working flat out all the time trying to page constantly to one bad sector and the machine was overheating as a result. So they put a limiter on it and now it can't hit the bad place. This is bad news as I am a web designer and use a lot of graphics. Hence the new RAM replacement (should arrive in the next couple of days). Once that's fitted I can then look at the Norton/Outlook/About:blank problems afresh. If I find out anything useful from that I'll mention it here

 

[TylerBello]

Sounds good,
Spyware nuker...and there is your problem Tianne...Spyware Nuker IS spyware itself...before downloading spyware killers make sure you do your research...alot of spyware removal programs are spyware themselves...Ive seen many...and been infected with many...for reference sake:

http://securityresponse.symantec.com/avcenter/venc/data/adware.spywarenuker.html

yep



Yes about:blank can be caused by many different things...one of them is a virus or spyware (but if I remember correctly it is not much of a threat...I dont know i dont keep up on things like this) but the cause I have come across most is deletion of internet files.

The outlook,you may have entered the wrong SMTP server when setting up that mail account (SMTP is outgoing right? I dont keep up on this either...)Incoming mail will work fine but outgoing...nada...check both the Pop server and the SMTP you entered in preferences...and check the username for outlook if I remember correctly it will be like this

thisismyusername%Tianne.net

instead of @ or just a username...you use a % sign and put the domain that the mail server resides on at the end.

And im glad to help if you have any further problems

 

[Tianne]

You can just call me 'muppet'

Thank you Tylerbello! All my outlook settings were correct which is why I just couldn't understand it - except that I used to use Mozilla Thunderbird and it was still set to my default, although I thought I'd changed that. When I realised, I changed it back to outlook and voila it all works with the firewall on and everything! So I feel a bit of an *****. Sometimes it pays to look at the simplest things first and work your way from there!

That's a good tip about the 'thisIsMyUserName%Tianne.net', ta!

I agree with you about the about:blank. I reckon I should transfer all my spyware killers to CD and get them off the hard drive. I've read the stuff on the link you gave me, makes sense.

Thanks again for your help. For my next trick I'm going to perform surgery on my son's PC to install his wireless network card and hopefully get him networked to my laptop... erk!

 

[Tianne]

about:blank was Tannick B trojan!

The about:blank problem I had? looked in the event viewer and found a program fault on a kwuiex.dll Looked up on Symantec security response and the cause is this new Tannick B Trojan which recently appeared in January 2005. It stops all the relevant AV software from finding it or from updating any files about it by loading eg LUALL.exe (stops Norton's liveupdate) or zonealarm.exe among many others. It creates copies of itself in various places as a service (svchost) and most particularly folder %system%\zztp. It's executed every time windows boots up, monitors web sites visited and saves that information as a log. It also resets the internet explorer home page to about:blank!

The most scary thing is: In registering itself as a service it sends the stolen information to a remote attacker via FTP. In the registry I found stuff about Barclays bank and all sorts related to these files! Good job I've nothing in the bank!

There are removal instructions. Go to Symantec Security Response - Trojan.Tannick.B but they are complicated and entail deleting loads of stuff from the registry.

The IP address, port number, password and username of the associated source of the ftp can also be found among the files in the registry.

So that's it - I have a nice clean machine now! Hope this is of use to someone! :giddy: