Virus on computer-Darksma

[niczac]

Hi all,

Ok, I've been having trouble with my computer for a while, running very slow. My ISP security tools found a Darksma virus, but could not delete it. I have run several scans, includng House Call, which found TROJ_CONHOOK.ad as well. Also, every website shows the little caution icon on the bottom left (where it ususlly shows done, it shows done, but with errors).

Anyway, I have done all of the steps in the sticky post above & will attach my logs. Thanks in advance for any help you can give me.

Panda Antirootkit did not find anything.

 

[Bobbye]

I do not do the hijack logs. This will be handled separately. But I want to bring your attention to something. You are running a security suite from Comcast called Curtains. It shows as CURTAINSSYSSVCNT.EXE. You are also running the Norton Anti-virus. I''m sure the Comcast suite has an AV program in it and you should not be running 2 AV programs!

You also show some Symantec Shares processes- what is that for? Do you have another suite? When you have more than 1 AV program running, it can cause a conflict where a malware entry may be missed.

Summary : Comcast Security Manager
Description : A security suite provided by the Comcast ISP
Category : APPLICATION
Processes : CURTAINSSYSSVCNT.EXE
PRISM.EXE

You also have way to much on auto update! This means that each of those programs or apps will be accessing the internet frequently throughout the day. This can be a security risk for you!

 

[niczac]

Wow, I had no idea I had 2 running. What is your suggestion. I assume the Comcast is from my ISP. I do have some security measures on there so my kids cannot access inappropriate websites, so I would like to keep that. Should I just uninstall Norton?

As far a the Symantec share processes I'm sorry, I'm not sure what you mean. I don't know too much about this stuff, so it would be great if you can walk me through it.

Auto-update - I know I have windows on auto update, can you tell me what else?

Again, I apologize for needing so much help

Joanne

 

[niczac]

Jut an FYI, I removed Norton & should now only have one AV running.

 

[Bobbye]

Joane, look through your hijack log- everything that has the designation of update followed by .exe is an update file. These are what you need to stop.

Glad to hear you removed Norton. Did you use the Removal Tool? It's a hard one to get rid of! You will find the description of the Comcast Security Suite here- basically it's from McAfee: http://tinyurl.com/3xy6wk

The main thing you need to know is that it contains McAfee #SecurityCenter:
#Virus Protection
#Firewall Protection
You will find details on the site.

Symantec Shared Processes are the processes shared by multiple Symantec products installed in your system. If the uninstall of the Norton was complete, these processes shouldn't come up. But you may have to disable a couple of Services:
Control Panel> Administrative Tools> Services. Look for any Symantec or Norton Services> right click> Properties> change start up to Disable> Stop the Service.

1. SPBBCSvc.exe- Service installed on Windows 2000/XP PCs by Norton AntiVirus 2005 and Norton Internet Security 2005.
2. ccSetMgr.exe- Symantec Settings Manager. Task first introduced in the 2004 edition of Norton’s security products (AntiVirus, Personal Firewall, Internet Security, Ghost).
3. ccEvtMgr.exe- Common Client Event Manager Service for Norton AntiVirus, Norton Personal Firewall and Norton Internet Security.
4. ccApp.exe- Symantec’s Common Client Application for Norton AntiVirus 2003/4/5, Norton Personal Firewall 2003/4/5, and Norton Internet Security 2003/4/5.
5. ALUSchedulerSvc.exe- process belonging to the Symantec LiveUpdate service which updates your Symantec products periodically.

Netropa\OSD.exe- part of an On-Screen Display software. May be for multi-media wireless keyboard if using- pr a wireless desktop.

Tasks description form answersthatwork Task List.

Let me know if you need more help when finished.

 

[niczac]

Thanks so much for your help. I did use the Norton uninstall tool because it wouldn't go otherwise.

I also looked for the Symantec shared process & only found one item.

As far as the updates on hijack this, I only saw two, but it's pretty hard to read.

You've been very helpful.

Thanks again.