Symantec Norton Security Suite virus infected?

First posted
Friday October 18, 2013 08:19
Updated
Monday October 28, 2013 11:59

Security alert escalated to RED level.

Destop XP installation is where malware lesson started.

Malware attacks so serious we are documenting.

http://www.prosefights.org/malwaretips/malwaretips.htm#g580102713 


http://www.prosefights.org/lcdosc/norton.htm#malwarebytes

Thursday October 24, 2013 10:10

Hello Comcast,

Symantec Norton Security Suite software crashes on an AMD Phenom 9950 desktop and Toshiba L505D laptop prompted me to try to discover causes.

Lenovo G580 laptop popped up adware so frequently that Sycamore education software became unusable.

iPad mini used to access Sycamore lesson plan software instead.

Initial investigation to determine why driverupdate popped-up by Windows Explorer searches and Microsoft Autoruns did not result in an answer.

Malwarebyes was downloaded after google search which resulted in link to MalwareTips which warns of commercial virus attacks for business reasons.

Malwarebytes processing of five laptops all running XP took all day and into the evening Tuesday October 23, 2013 proved shocking.

Results seen in table below were shocking, especially since only the G580 and destop exhibited showed any adware symptoms.
PC Malwarebyte log Original OS Antivirus
       
Lenovo G580 laptop G580log.txt Windows 8  AVG
Lenovo G560 laptop G560log.txt Windows 7 Comcast/Symantec/Norton 
Lenovo N500 laptop  N500log.txt XP professional Comcast/Symantec/Norton
Toshiba L505D laptop L505log.txt Windows 7 home
Windows 7 professional 
Comcast/Symantec/Norton
Toshiba A105 laptop A105log.txt  XP Comcast/Symantec/Norton
AMD desktop  px4log.txt XP reinstalled.  Comcast/Symantec/Norton

Antivirus protection from Comcast/Symantec/Norton Security Suite and AVG and apparently insufficient to protect Comcast customers from malware.

Please advise us of Comcast's solution to remedy the malware problem.

Regards,
bill
BA [mathematics] 1959 Whitman College
MS, PhD 1964 Purdue University
Computer Science faculty Washington State University 1966-79
University of Illinois at Urbana-Champaign 1972-3
Sandia National laboratories microcontroller hardware/software designer 1980-92
Windows C/C++/assembler vxd/wdm ISO-certified device driver writer 1992-02
Retired
Author: Embedded Controller Forth for the 8051 Family


Virus attacks responsibility may be in retaliation for tutorial on how to replace Windows 7 and 8 with XP?

Microsoft virused Office 2000 Word on the Lenovo N500 by demanding upgrade to Office/Word 2007.

Office 2000 removed and reinstalled by Office Depot employe Ms Joey Diaz.

No reinfection occured.

 





Wednesday October 23, 2013 11:48

showmypc scams.

Conversation part 1.
Disconnect.
Conversation part 2.
Disconnect.
Two subsequent rings not answered.

 











Microsoft Phone Support Scam?







Wednesday October 23, 2013 08:11

Parsing error caused download of Adobe Flash player which was advised by Yahoo! Finance.

Link to parsing error was added to favorites! See bottom entry.



No errors in page on Lenovo G560.

Desktop appears to continue to have problems.

Tuesday October 22, 2013. 






Autoruns and file searches yielded no information on driverupdate.

Hacker increased expertise is scary.

No driverupdate message ... yet.



Whilokii likely accompanied Adobe Flash download.

Whilokii seen in Control Panel Add/Remove Programs.

Unistall did not remove registry keys.

Browsefox.

Optional.InstallCore.A. PUP.Optional.InstallCore.A.

optional.digitalsite.a.





Suddenly It’s Microsoft, Not Google, That Apple Hates


Monday October 21, 2013 10:01

Norton antivirus crashes on XP.

Symantek solution is to run Norton Power Eraser followed by Norton Removal Tool.

Microsoft security balloon warns that computer is now unprotected video.

http://www.prosefights.org/lcdosc/norton.htm#red

Symantec Norton Security Suite virus penetration continues.


Scheduled by Power Options hibernation did not occur night of Sunday October 20, 2103.

Instead









Remove static.salesresourcepartners.com virus (Removal Guide)

Attention Comcast.
If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.









Fix 2 apparently works.

Desktop came out of hibernation Tuesday October 22, 2013.









Advice taken.

Whoops. :(











http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx



DRIVERUPDATE not found, so far Tuesday October 22, 2013 12:39.



Pink and 'Not Verified' does not necessarily mean the fils(s) are malicious - it just means that Autoruns can't understand the software signature on the file(s), or the authors may not have a software signature at all (more sloppiness). Those will usually be third party executable or third party DLLs. Look at the publisher column.

The file DRIVERUPDATE.EXE is identified as a virus dropper.

DriverUpdate.exe This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/

Above link sometimes doesn't load so ...
How to remove these infections manually

We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.

If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.

1.Download and extract the Autoruns program by Sysinternals to C:\Autoruns

2.Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.

3.Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.

4.When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.

1.Include empty locations

2.Verify Code Signatures

3.Hide Signed Microsoft Entries

5.Then press the F5 key on your keyboard to refresh the startups list using these new settings.

6.The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.

7.Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.

8.Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

How to see hidden files in Windows

9.When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.


Our temporary solution is to reinstall Norton with Comcast download, then run a full system scan.

Norton reinstall on destop appears to have NAV working properly again.

NAV hit so bad with virus that best solution was in unstall, then reinstall?

Symantec recently highlighted Flash for having one of the worst security records in 2009.

[Problems with NAV started directly after downloading Adobe Flash player.]

Comcast we hope finds out.

Same error occurred on Toshiba L505D laptop Saturday October 19, 2013.



 

Norton selected jpgs.

 









Norton reinstalled. Running scans. 13:57

Can't report problems to Symanec.

Repeated attempts failed.

Help to remove viruses from computer last part of phone call Friday October 18, 2013 about 14:00.

Norton scan crashed.


Virus is in IE 8 Favorites!

Flash Player Installation was appened to Yahoo Finance. Now it is appeneded to Prudent Bear, Urban Survival.
and CNN.


Friday October 18, 2013 07:56

DSO Nano V3 left running connected to Belkin 7 port USB powered hub on.

New WD 1 TB SATA drive installed. Destop XP installation tutorial.

Yahoo Finance required installation of Adobe Flash to run properly.

Google Toolbar indavertently installed with adobe flash.


Didn't notice 'Optional offer'.

Google Toolbar uninstalled with Add Remove Programs after answering a long questionnaire.

Desktop did not shut down at night but was found powered with below message in the morning.





Full system scan started on desktop in the evening.

Noth Norton programs found unresponsive in the morning




and was terminated through Windows Task Manager.

Comcast, please investigate and report.

Garbage Internet software intrusion is becoming a serious problem.



http://forums.comcast.com/t5/Security-and-Anti-Virus/Comcast-Norton-Security-Suite-hit-by-virius/td-p/1881029


http://www.driverupdate.net/lp/1/?aps=ad_xp_lp1&k=Windows%20XP%20Drivers&partner=1005&utm_campaign=driverupdate&utm_source=100&utm_medium=widget&utm_term=xp

poped up on Friday October 18, 2013.

New WD 1 TB disk infected upset me. Destop XP installation tutorial.



Regards,
bill

This page is formatted with CSS by the author