Over 1 million tech questions and answers.

Norton Still Says Top Banners Is Being Blocked

Q: Norton Still Says Top Banners Is Being Blocked

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:27:32 PM, on 8/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\System32\tabbtnu.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Intel\Wireless\Bin\OProtSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TME3\Tmesrv31.exeC:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\00THotkey.exeC:\Program Files\Toshiba\CrossMenu\CrossMenu.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\Program Files\TOSHIBA\TME3\TMERzCtl.EXEC:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exeC:\WINDOWS\system32\TPSBattM.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Intel\Wireless\Bin\EOUWiz.exeC:\Program Files\TOSHIBA\TME3\TMETEMNU.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trillian\trillian.exeC:\Program Files\MySpace\IM\MySpaceIM.exeC:\Program Files\utorrent\utorrent.exeC:\Documents and Settings\Rudy\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/searchR0" target="_blank" class="wLink">http://www.toshiba.com/searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {11705AAA-618E-4857-8026-E31067B9984C} - C:\WINDOWS\system32\gebcc.dll (file missing)O2 - BHO: (no name) - {174B1CDE-D71D-88E6-1A64-828DCC24869B} - C:\WINDOWS\system32\kdpvehz.dll (file missing)O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\hgghhhg.dll (file missing)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {9F67E679-15AF-4CD5-9E1F-24302A502C24} - C:\WINDOWS\system32\pmklk.dll (file missing)O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\cgfeljsn.dll (file missing)O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exeO4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exeO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TFNF5] TFNF5.exeO4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /LogonO4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /ServiceO4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by128fd.bay128.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185662839656O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cabO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exeO24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\progyrtaqyl.htmlO24 - Desktop Component 1: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}--End of file - 10279 bytes

RELEVANCY SCORE 200
Preferred Solution: Norton Still Says Top Banners Is Being Blocked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Norton Still Says Top Banners Is Being Blocked

Hello chingatumadrevirus,Please download Combofix to your desktop.Doubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

Read other 2 answers
RELEVANCY SCORE 66.4

I currently am have a problem with some banners on a web site not showing up.....using Windows XP home on a laptop....

Some banners show up on the site and others don't....don't know if this is a browser settings problem or what....

The site in question is a local Chamber of Commerce site where members join at on of three levels.....when I go to the site, only one of the levels shows it's banner....the other two levels of membership only show generic buttons instead of the members banner???

All banners are gif format and created the same way....the various banners show up on different pages of the site.

Any suggestions?

Thanks
 

A:Banners blocked

try using another browser such as firefox.

hosts files don't seem to bother firefox
and if you want you can use my adblock files.

i blocked every ad possible and made sure that it doesnt block anything usefull to. to make the file, i open about 2000 pages and block all ads.
 

Read other 2 answers
RELEVANCY SCORE 61.6

My mother's computer has been infected for about a week now. We believe it started when a McAfee warning popped up, saying it had just blocked something, and it shut down all the IE windows and told her to restart. I suspect that was fake. Ever since, various malicious programs have popped up and been removed. Of course, then new IE screens pop up and something new is downloaded. Some examples of what's appeared include voguecash and sky-banners, both of which were nearly unheard of when she was first infected, but seem to be gaining popularity. When Google searches are run, the links appear OK (when I right-click and do "copy shortcut", the correct link is copied), but when you click on one, it redirects to places like scour.com.She's also unable to make Windows Update function properly. When she goes windowsupdate.microsoft.com, it doesn't load at all. When she goes to microsoft.com and clicks Security & Updates and then Microsoft Update, it generates error 0x80072EFF: "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem." We've followed all the steps in the FAQ, to no avail. Yesterday, the little yellow shield popped up in her system tray after a SUPERAntiSpyware scan completed, and she installed those.Programs that have been run since the infection include McAfee Total Protection, Spybot, MSSE, MalwareBytes, CCleaner, and SUPERAntiS... Read more

A:redirected search results, pop-ups, Windows Update blocked, voguecash, sky-banners, BSODs, and more

Hello skittleys, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"You may be presented with a warning dialog. If so, press Click on Clic... Read more

Read other 15 answers
RELEVANCY SCORE 48.8

I purchased my first PC a few months ago and am learning as I go, mostly by trial and error, and I will probably misuse terminology. I have Norton Internet Security and received a message of a low risk attempt to connect to my PC. I am overly cautious so I clicked on the "never allow access selection". Imagine my surprise when I realized I told Norton to block Explorer from connecting, I was able to confirm that mistake on a log I found on the Norton program. Surely there is an easy way to go in and unblock it, but I can't find it. Directions on how to do it will be appreciated.

A:Explorer Blocked By Norton

Hi brandgz, first welcome to BC. Second I think this will help,Unblocking programs in Norton Internet Security after selecting block and checking "Always use this action"http://service1.symantec.com/SUPPORT/nip.n...lg=en&ct=us

Read other 2 answers
RELEVANCY SCORE 48.8

I received a msg from Norton Internet Security that some registers has been changed that could indicate a virus. After NIS has restarted my comp, then a warning of being "unable to turn on Norton AntiVirus AutoProtect at startup" keeps appearing everytime before entering windows. I was unable to uninstall NAV either in Add/Remove Programs in Control Panel, and the uninstall icon for NAV is disappeared. I tried every way but I just can't fix this problem.

I have DL the Hijackthis and here are the results.

Please help me!!

Logfile of HijackThis v1.95.1
Scan saved at 03:14:58 PM, on 21/07/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\LTSMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\FUJITSU\BATTERYAID\BATTERYAID.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\APOINT\APOINT.EXE... Read more

A:My Norton AutoProtect is blocked!!, please help!

try starting your computer in safe mode and UNINSTALLING NAV from there... see if it shows up n the add/remove programs... let me know
 

Read other 1 answers
RELEVANCY SCORE 48

Hello.All of a sudden my PC is working slower than usual, and I am wondering if it has something to do with several messages that I've started getting on Norton.Please see examples of messages below.Any help on this would be much appreciated. Thanks!Example 1:Activity - Unauthorized Access blocked (Send Terminate Message to Window)Actor - C:\WINDOWS\EXPLORER.EXEActor PID - 1464Target - \Device\HarddiskVolume1\Program Files\Norton 360\Engine\4.1.0.32\ccsvchost.exeTarget PID - 1772Action - Send Terminate Message to WindowReaction: Unauthorised access blockedExample 2:Activity - Unathorized Access blocked (Duplicate Object)Actor - C:\WINDOWS\SYSTEM32\SERVICES.EXEActor PID - 912Target - \Device\HarddiskVolume1\Program Files\Norton 360\Engine\4.1.0.32\ccsvchost.exeTarget PID - 1772Action - Duplicate ObjectReaction: Unauthorised access blocked

A:Unauthorised access blocked - Norton

Hi.

No responses yet to my original post. Is anyone able to help??

PC isn't working as slow now, but I'm still getting a couple of messages per day regarding unauthorised access being blocked.

Thanks!

Read other 3 answers
RELEVANCY SCORE 48

norton360 keeps alerting me over and over of a blocked intrusion from httpstidservrequest2 How can I stop this?

A:Norton blocked intrusion httpstidservrequest2

uggie2002:

This is an attempt by a rootkit on your machine to get access to the internet. N360 is blocking it. You will need assistance from the Malware Removal Team.

Read other 1 answers
RELEVANCY SCORE 48

Norton blocks intrusion attempts several times per hour while using Internet Explorer. New IE screens pop up randomly. I also noticed that Windows Automatic updates are not working and I'm able to go to the main Microsoft page, but when I try to go to the Windows Update page I get a unable to connect message. I've run Norton scans, spybot s&d, malwarebytes' anti-malware, and ad-aware and am still having the above problems. I finally got DDS and GMER to run after repeatedly trying to run them.
Thanks in advance for the help.
DDS (Ver_10-11-03.01) - NTFSx86
Run by Owner at 15:43:39.20 on Wed 11/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.995 [GMT -8:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.e... Read more

A:intrusion attempt blocked by Norton

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 10 answers
RELEVANCY SCORE 48

My Norton360 program is fequently detecting and blocking intrusion attempts on my computer. Below is a sample of one of the attacks recorded by my Norton Internet Security Alert Summary:Severity: HighActivity: An intrusion attempt by 91.212.226.67 was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEStatus: BlockedRecommended Action: No Action Required----------------------------------------------------Under the Advanced Details heading we have:Risk Name: HTTPS Tidserv Request 2Severity: HighAttacking Computer: 91.212.226.67, 443Destination Address: DELL2 (192.168.1.168, 1076)Source Address: 91.212.226.67Traffic Description: TCP, https----------------------------------------------------AV Security Suite was taking over everything yesterday, so i ran Malwarebytes to remove it. It came back later that day though. I removed again with Malwarebytes and tried to run windows update. Whatever is on my computer is preventing me from updating windows. If I try through IE Tools/Windows Update, I get "IE cannot display the page" error, even though I can access other websites. If I try to access through Microsoft Updates website, I get "The website has encountered a problem and cannot display the page you are trying to view".Windows Security Center is constantly displaying a balloon that says "Your computer might be at risk. Norton 360 might be out of date". This error will not go away even after I... Read more

A:Norton Intrusion Attempt Was Blocked

Hi kray931,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 14 answers
RELEVANCY SCORE 48

Running XP
Norton put up a error threat on a program I was using and I inadvertantly said ok to block it . I want to change this back to allow the files to be used ect.
 

Read other answers
RELEVANCY SCORE 48

I have a HP Pavilion p7-1174 PC desktop that is fighting off Trojan.ADH.SMH (1.27.1.2938[1].exe). How do I get rid of it. Thanks. Chevelle67

A:Trojan.ADH.SMH is blocked by Norton daily

Hi chevelle are you also running Norton/Symantec? As I have another topic like this..Run these next, please.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-c... Read more

Read other 16 answers
RELEVANCY SCORE 48

so i installed norton 2010 the other day (bad decision), and ever since it wont allow me to access my gmail account on any browser.

i cleared my cache on every browser, cookies... everything. you name it, i cleared it. i Uninstalled norton, restarted, and STILL cant access gmail.

it just keeps telling me theres a loophole or something, and it never loads. something to do with HTTPS? i used another computer to access my gmail, and it worked! i even set the settings in gmail to use HTTP, instead of HTTPS.

but for some reason even after i uninstalled norton, i still cant access it.

pleeeeeeeease help!
 

A:norton blocked my gmail account

Read other 16 answers
RELEVANCY SCORE 48

For the Past hour and a half, I have been getting notices that "a recent attempt to attack your computer was blocked". When im idle they dont pop up as much but when Im searching, even as Im typing this they are coming up every 10-30 seconds. When I look at norton's history it says resolved no action required, but I just dont like knowing that something keeps trying to attack my computer. They are also coming from a few locations:The main ones says:system infected: Tidserv activityattacker url: apro0val-serch1.comthe other one says javanalitikEDIT: A different one also just popped up saying attacking computer: filefre-IIj0.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:repeated blocked attacks by norton

This sounds very similar to a Backdoor attempting to gain access to your PC, in that case, there's nothing you can do right now. My first step would be to download Malwarebytes from Malwarebytes.com - update it, boot into safe mode, and I would personally temporarily disable your internet while running the scan. Run the quick scan and then post the log here after removing everything found. I can then help further.

Read other 12 answers
RELEVANCY SCORE 48

http://buy-download.norton.com/downloads/2014/21.5/NISNAV/US/NAV-ESD-21.5.0.19-EN.exe
 

A:Norton antivirus blocked in US or server is down?

I can download where in Portugal
 

Read other 7 answers
RELEVANCY SCORE 48

I am having trouble logging on to a site that I have accessed
daily for ages.

It seems Norton Anti-Virus is blocking access.

How can I find a list of sites on my computer that Norton
blocks access to.

All suggestions appreciated.

Regards
Orbrey
 

A:Access to website blocked-is Norton the cause?

Hi..and welcome..
Blocking access to sites should not caused by an Anti virus program..
Make sure you have Spyware Programs installed...Spybot...Ad-Aware..links below..D/load..check for up-dates..scan..remove what they find...
Run a Hijack this log..link below..let it scan>save logfile to notepad>edit>select all>edit>copy>paste on your thread..Install in C:\ program file not temp..
A HJT log expert will read your log and help you...
 

Read other 3 answers
RELEVANCY SCORE 48

Dear Friends
Please look at the enclosed screen capture and give me some advice/help. I tried to delete the file mentioned in the report but was unable to do so. The message that appeared stated 'You need permission from a Trusted Intaller to make changes to this folder - Internet Explorer. Date created 14/7/2009 04:20'. The prorgram folder shows this file was modified on 25/02/09 19:58-This may relate installation of IE9.
WINDOWS 7 PROFESSIONAL 64 BIT.
Thank you very much for help.

A:Attack on computer blocked by norton

As far as I can see, there's nothing you should delete. Only file name I can see there is iexplore.exe, which is the executable file of Internet Explorer. It is a system file, belonging to Windows. You should not delete that.

That message does not tell you got a virus or other malware, and it does not ask you to delete something. In fact, your Norton tells you no actions are needed from your side. The message only tells that Norton has blocked a dangerous site from opening a page or doing something else nasty.

So, there's no issue, nothing to delete. Be happy that Norton blocked that intruder, which seems to be a fake AV scan which when allowed could have caused some serious problems.

Kari

Read other 1 answers
RELEVANCY SCORE 48

Hello, I'm getting traffic blocked by Norton from the following ip addresses everyday. Each time it occurs it slows down my connection and seems to temporarily block traffic I'm absolutely positive that this is maleware and rootkit related, but I want to make sure I do it correctly. Can someone please help me? I saw several differnet things about using things like TDSSKiller and using a couple other programs, but I want advice before I do so. My thanks in advance! IP addresses that keep getting blocked by norton:68.87.71.23068.87.73.246Here is my most recent HJT log and below that is a DDS log and attached is the file to go with it. I can not get GMER to run. Each time I try to run it it crashes my computer after an extended period of time at which time my computer then tells me on of the drivers caused a serious error FXDDQPOD.sys, but this only occurs while trying to run GMER. GMER also seemed to make my computer overheat. So I do not have an ark.txt file to share. Hopefully this is enough to get you started. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:46:15 AM, on 6/8/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exec:\Program Fil... Read more

A:Getting external traffic blocked by Norton

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 47.6

Hi All,

Thanks for reading this. Within the last week or so my Norton Internet Security (Microsoft Windows XP) has been having trouble with its "Protection Updates". My Norton status has been showing "At Risk", but when I click on the program to search for updates it completes the process but the "At Risk" status remains. Furthermore, whenever I click on Norton's "Help & Support" I receive a notification from Norton saying that "Auto-Protect has blocked a Trojan Horse" (Risk Level: High).

I have just downloaded and scanned with Avast for a "second opinion", and it is showing no infected files. Also, my Norton status is now showing as "Secure". However, when I open Norton and click on "Help & Support" I am continuing to receive the "Auto-Protect has blocked a Trojan Horse" message.

I'm not very clear on what the problem could be here, and even though Norton says it's "Blocking" the Trojan Horse, why am I consistently getting this message with "Help & Support"? Could Norton be corrupted? Should I try reinstalling Norton?

I would greatly appreciate any advice on this!

Cheers.

A:Trojan Horse Repeatedly Blocked with Norton

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

I am using windows xp. I can not use the IE browser at all or email unless I disable Norton internet security. I have no problem with Firefox browser at any time. I have combed the related support sites to no avail.
 

A:IE access blocked by norton internet security

you should be able to open norton secruity program and somewhere in there allow IE and OE I assume programs through the firewall.
I dont know the program well

what version of norton is it
norton secruity 2005 ???
 

Read other 1 answers
RELEVANCY SCORE 47.6

I've recently installed Kazaa, and i have a feeling I downloaded a Trojan, Below is an Outbound alert that I blocked manually.

Notice the Process name is some sort of a graphic character. How can I find out where this originated from in my PC.

The firewall blocks Trojans from getting in on there own, but if I inadvertantly installed it I don't think it picks it up (except when trying to access internet).

I did a Virus scan but it did not pick up anything.
Date: 7/29/02 Time: 19:17:46
This one time, the user has chosen to "block" communications. Details:
Outbound TCP connection
Remote address,service is (64.4.20.24,http)
Process name is "_i"

Any help is appreciated.

Oh, anyone have any thoughts on Kazaa? I was just trying it out.

Ziggy
 

A:Norton Firewall 2001 - ALERT Blocked

Read other 14 answers
RELEVANCY SCORE 47.6

Yesterday, my dad seems to have picked up a virus of some sort that has quickly rendered our Norton Antivirus useless, blocks access to websites such as www.norton.com, the support page for Microsoft and multiple other useful links. Also, when clicking on a search result in Google, he gets redirected to other, lesser known search engines of some sort. The last symptom that was have noticed is the computer running very slowly. It takes ten or more seconds to right click.The computer is currently running on Windows XP Professional. Also, something to note is that the same morning, we encountered a virus called prunnet.exe. We promptly removed it and everything associated with it by following the steps on the third post titled "removal of prunnet.exe" at http://forums.cnet.com/5208-6122_102-0.htm...ssageID=2916950. I believe that doing those actions has removed that particular malicious file, but we think that this more recent virus is another all together as it seems to have some different symptoms than prunnet.exe. We currently have the computer off and unplugged from the internet.Does anybody here have any idea what this could be? Do you think it is associated with prunnet.exe? Thank you for your help.Also, the not being able to access certain pages and Google links being redirected happens on both IE and Firefox.

A:Norton Won't Work, Helpful Websites Blocked

hmmm... could be a TDSS infection or your host file could have been altered...

Read other 2 answers
RELEVANCY SCORE 47.6

I put this in the other forum by accident so you may see it twice....

I've recently installed Kazaa, and i have a feeling I downloaded a Trojan, Below is an Outbound alert that I blocked manually.

Notice the Process name is some sort of a graphic character. How can I find out where this originated from in my PC.

The firewall blocks Trojans from getting in on there own, but if I inadvertantly installed it I don't think it picks it up (except when trying to access internet).

I did a Virus scan but it did not pick up anything.
Date: 7/29/02 Time: 19:17:46
This one time, the user has chosen to "block" communications. Details:
Outbound TCP connection
Remote address,service is (64.4.20.24,http)
Process name is "_i"

Any help is appreciated.

Oh, anyone have any thoughts on Kazaa? I was just trying it out.

Ziggy
 

A:Norton Firewall 2001 - Alert blocked

Ziggy, around here you won't find much good to say about kazaa; it installs loads of advertising and "spyware". This is undoubtably what you are seeing. My suggestion would be to uninstall it and look for an alternative such as Kazaa lite or WinMX.

To detect and remove the spyware you will have to use a program like Ad-Aware:

Installing and Running Ad-Aware
http://www.lavasoft.nu/

1. Download to a convenient folder the installation file:

http://www.wyvernworks.com/Lavasoft/aaw.exe

2. Download the Refupdate installation file:

http://www.jamcomputerservices.com/lavasoft/refupdate.exe

3. Run the Ad-Aware setup file (aaw.exe) to install Ad-aware and reboot.

4. Run the refupdate.exe installation file. Go to Start Menu>Programs and find the Lavasoft Refupdate entry and run it. It will want a connection to the internet to check and update the current signature file. When that is complete. Run Ad-aware itself.

5. Configure Ad-aware to scan all drives on which you have installed programs, memory and registry. When the scan is complete, check all entries it finds, click "Backup" and then "Finish". Reboot afterwards.

======

Kazaa will not run without its bundled ad and spy ware. However kazaa lite, if you can get it, will.
 

Read other 3 answers
RELEVANCY SCORE 47.6

hello friendly bug killers.

Im running vista.

getting repeated popup from my norton stating an intrusion attempt was blocked.

alert summary states: an intrusion attempt from 0imh17agcla.com was blocked application path ........blahblahblah... svchost.exe
risk name: system infected: tidserv activity 2.

just got a different pop from norton as i was typing this something something something trojan.fake.av

running malwatebytes full scan now.

thx much for any help.

rick

A:norton alert intrusion attempt blocked

When the scan is complete post the log here.

Read other 8 answers
RELEVANCY SCORE 47.6

I am pretty sure I have an undetected threat affecting my computer. I can download updates but cannot install them. This is for various programs like Itunes, Quicken, HP printer updates, etc. Each time I get the error message I notice there is a security log entry on Norton with the Windows\System32\msiexec.exe being blocked. I disabled Norton and the Windows firewall and still not able to install updates so it isn't that. I am attaching my log in case anyone can help me. This is so frustrating..DDS (Ver_11-03-05.01) - NTFSx86 Run by Tamitha at 11:55:41.71 on Sat 04/09/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1574 [GMT -7:00].AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton 360&... Read more

A:Windows\System32\msiexec.exe blocked by Norton

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

my norton virus protection keeps popping up stating an intrusion attempt has been blocked. computer is a bit slow. was getting some redirecting when clicking on links from a google search. not consistently.

when i click on the norton pop for info i get the following...(abbreviated)
alert details:
system infected: tidserv activity 2
severity: high
attacking computer: 0imh17agcla.com (as an example..not always the same.)

etc etc

I think problem started with an email attachment of tracking info from 'UPS'. i think.

DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by rick at 17:03:31.53 on Wed 03/30/2011
Internet Explorer: 7.0.6002.18005
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1588 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceN... Read more

A:norton alert: intrusion attempt blocked

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

Read other 18 answers
RELEVANCY SCORE 47.6

norton360 keeps alerting me over and over of a blocked intrusion from httpstidservrequest2 How can I stop this?

A:Norton keeps alerting of a blocked intrusion from HTTPSTidservRequest2 over and over.

Hello I am moving this from Vista to the Am I Infected forum..Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate do... Read more

Read other 5 answers
RELEVANCY SCORE 47.6

For the past few days someone has been attempting to get into my computer. Everyday I get several alerts from Norton which reads "An intrusion attempt by (91.207.8.198) or (37.139.52.92) was blocked.".The details all have one thing in common "The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE". Each attempt always has a different web address but is from either of the two IP addresses above. I've done full system scans with no success in finding them.I've looked around and believe its a Trojan.Gatak disguised as explorer.exe. The original file is located at C:\Windows\Explorer.Exe so I ran a search for it and found 3 of them.The first is located exactly where it should be and was created 8/9/04 and last modified 4/13/08.The second is located at C:\Windows\$NtServicePackUninstall$ and is in blue and was created 12/13/12 and was last modified 8/9/04( I suspect this file may be what I'm looking for). and no, i did not mix up the created and modified dates, that is exactly what it says.The third is located at C:\WINDOWS\ServicePackFiles\i386 and was created and modified 4/13/08. (How many explorer.exe files should I have? Just one?) I would Like confirmation before I start deleting files that may be crucial to Windows.Norton 360 v6.4.09Microsoft Windows XPMedia Center EditionVersion 2002Service Pack 3Hewlett-Packard CompanyHP PavilionIntel ®Core™2 CPU... Read more

A:Norton displays Intrusion attempt blocked

Hello ,I would suspect it is Gatak.This is a backdoorinfection and we eed to know if it got in.You need to repost. I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic. Let me know if all went well.

Read other 1 answers
RELEVANCY SCORE 47.2

http://buy-download.norton.com/downloads/2014/21.5/NISNAV/US/NAV-ESD-21.5.0.19-EN.exe
 

A:Norton antivirus blocked in US or server Internet Security down?

I can download where in Portugal
 

Read other 7 answers
RELEVANCY SCORE 47.2

HelloI recently changed my internet connection from DSL to Cable internet. The DSL had its own security suite and now the cable one has one of its own so I uninstalled the DSL one and put in the cable one. The one for the cable internet is Norton Security Suite, so shortly after I installed it I noticed that every time I go on my browser (Firefox) it keeps popping up a Norton messages saying it has just blocked an attack on my computer. I would look at the details of the message and it would say the attack would be from a website that was a bunch of random numbers and letters that was different every message. I ignored it at first but then decided to check it out and I first ran the virus scan and it picked up 3 things which I had the program deal with but it didn't fix the pop ups and then my computer started running extremely slow. I have Malwarebytes' Anti-Malware from some problems my sisters computer had in the past and I ran that and it found nothing. So I looked around on the internet and someone was suggesting to us the free scan at PandaSecurity.com. So I did that and it returned a few files that it said were torjan viruses. I couldn't just delete them cause it wouldn't let me. So I wrote them down and went into safe mode and then ran my normal virus scan to see if it could find them like that but it didn't. So I just searched out the files that panda had told me and deleted them while running safe mode. Thinking that would have got rid of it I tu... Read more

A:Norton Security Suite pop ups saying and attack on my computer has just been blocked

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Despite the fact that my Norton Internet Security 2006 shows my Spysweeper as an "allowed" program, it's downloads have been blocked for almost three days now. I checked the "Alerts" log and therein found countless log entries of Webroot updates being blocked! This is whacky. One part of the Norton software says okay, this program and it's associated activities are approved and safe to accept. At the same time the internet safety software partition is stopping the needed update downloads! And, for the life of me, I can't undo these blocks. There doesn't seem to be any apparatus to do so. If a program is on the approved list, then there shouldn't be any blocking going on. But there is in this case, and my Spysweeper, only five weeks onboard, has been effectively rendered useless. Inquiries to both Symantec and Webroot have been made, but no answers are yet forthcoming. I disabled Norton long enough to attempt another manual download from Webroot but, incredibly, that failed as well! This is odd. If the Symantec software clearly documents its blocking activity, why does the blocking continue despite the flippin' software having been turned off? Has anyone encountered this? If someone has Spysweeper and is thoroughly familiar with its wrinkles, I'd really appreciate some rescue here. This is making me nuts.
 

Read other answers
RELEVANCY SCORE 47.2

Norton 2004 popped up and had a warning about some traffic (i didnt read it really). But what it ended up doing is blocking all traffic on my IP address so that I cannot access the internet with my Internet Explorer. My report says:

"The user has created a rule to block communications
Inbound UDP packet
Local Address is...
Remote address is...
Process name is C:\Program Files\Internet Explorer\iexplorer.exe"

HOW DO I UNDO THIS CHANGE???? Its driving me crazy because I just cant find how to change the settings... HELP!
 

A:Norton Antivirus Blocked my IP Address and all Internet Traffic!!!!

Please go to http://www.spywareinfo.com/~merijn/

Please note: When you download HijackThis put it in its own permanent folder like My Documents for example. DO NOT download to a temp folder or the desktop.

Launch program and click on the SCAN button. After scan click on Save Log . It should save to Notepad.

Click on Edit, then Select All. Then click Edit again then Copy. Then paste log back here in a reply.

DO NOT have HijackThis fix anything yet. Most of what it shows will be harmless / needed stuff. Wait for an expert to review it and advise you.
 

Read other 2 answers
RELEVANCY SCORE 47.2

Computer began running very slow on 11/08.  Ran Norton Internet scan, and restarted.  Keep getting Norton alerts small window in lower right of screen indicating "Norton blocked Trojan. Poweliks!gm" and "Norton blocked AdCliker".  I am also getting Norton alerts for high CPU usage for  "COM surrogate" (I got this message 5 times tonight alone). While downloading the DDS program, I even received a Norton alert for high CPU usage for Chrome.  Norton keeps wanting to restart the computer to complete the removal process. Downloaded Malewarebytes last night (11/11)--ran it and found 320 items---restarted computer.  This morning when I went to check email, computer couldn't complete the task (too slow) and Norton again wanted to restart the computer.  Did this.  Computer was on and sleeping all day today.  Ran Malewarebytes again this evening (11/12) and it found nothing.  Reran Norton full scan, it found 2 cookies and  the Trojan Poweliks!gm and wanted me to restart to finish the removal process.  I seem to now be in a loop where Norton believes it is "blocking" multiple intrusion attempts, wants me to restart, but it can't really remove the Trojan.  Creating this post took nearly an hour---even typing is slow. Worth mentioning---the Norton alert messages just started with this problem. I am not the most advanced computer user.  Thank you so much for your help with this problem.
 
  DDS (Ver_2012-11-20... Read more

A:Poweliks!gm "blocked" by Norton, COM surrogate high CPU usage msg

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555914 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Every few mins norton antivirus is blocking a virus. PLZ HELP ME DELETE THIS!10/9/2010 3:53 PM,High,An intrusion attempt by USER-4CD304AADD was blocked.,Blocked,No Action Required,HTTP Nukesploit P4ck ActivityIm running windows xp btw.Sorry guys...CD emulation programs has and will be disabled. I also have malwarebites anti malware and norton installed. I was able to scan malwarebytes and remove 2 threats, one called avdrn.dat, which I read someone else removed and it worked for them. not for me. PLZ HELP!!!Heres the logs requested:DDS:____DDS (Ver_10-10-10.03) - NTFSx86 Run by Owner at 17:35:27.84 on Sat 10/09/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.989.513 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exeC:\Pro... Read more

A:Nukesploit P4ck activity blocked by norton every few mins. PLZ HELP!!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Links through google are being redirected through 67.29.139.253. After pressing back twice (once only gets redirected again) the original links work. Also, Norton, Adaware, Spybot, etc are not being allowed to update, nor do they detect anything when they scan. They won't even connect to the update server! Any/all help is appreciated.

Thanks in advance!

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 13:06:36.41 on Thu 02/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2036.1029 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32 ... Read more

A:Browser Hijacked/Norton, AdAware, etc updates blocked!

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 4 answers
RELEVANCY SCORE 47.2

Hello!
 
I am new to this forum and greatly appreciate any help you may provide.
 
Like another forum member posted on 26 Jan 2015, I, too, saw a "this site is safe pop up from Norton"...but then was asked to approve a Microsoft Registry something.  I hit no 5 times and it kept coming up.  I hit yes and then it started.  Every minute a pop up from Norton keeps telling me that it has blocked a Trojan.Ransomlock.G attack.
 
I ran Norton Power Eraser: nothing.  I ran Spybot: nothing (a couple of cookies to delete is all).
 
I am not a computer wiz...so will need some hand holding.  Sorry!
 
I did not, as others have, searched for the files (cpp, dll, etc) for fear of messing with the order of removal.  I hope that is ok.
I did notice that this file was inserted just when my problems started: 2015-01-29 16:37 - 2015-01-29 16:37 - 00229376 _____ () C:\ProgramData\C7486980F.cpp
 
The computer acts normally. although, it now says that my Windows Security Service cannot be started.  Norton is likely keeping this from full blown lock down...?
 
Here is the log, as requested:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Hummel Office (administrator) on HUMMELOFFICE-HP on 29-01-2015 18:20:39
Running from C:\Users\Hummel Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60K09UT6
Loaded Profiles: Hummel Office (Available profiles: Hummel Office)... Read more

A:Repeated Trojan.Ronsomlock.G attacks blocked by Norton

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.   Please post the addition.txt as well!

Read other 20 answers
RELEVANCY SCORE 46.4

This morning on July 26th, I has an intrusion attempt blocked by Norton Internet Security Firewall. At the time, I had Interet Explorer open on two websites: aircanada.com and wrestlecrap.com. Both are legitimate websites. Wrestlecrap.com I've had no problems with in the past. Aircanada.com I had an issue with a few months back where the website would load and then suddenly, an error screen would come up saying that it could not connect to the site (not the blue screen). I let it go for a few weeks and then came back to the site and there was no problem. This morning, I had two tabs open on IE. Wrestlecrap.com had loaded and aircanada.com was in the process of loading when the firewall went off and then the error screen for IE came up on the tab I had opened for aircanada.com. Then the popups for Norton came up, so I pulled them up and found out that two intrusion attempts had been blocked.I immediately closed IE and began a full system scan with Norton. It found 25 tracking cookies which I deleted once the scan completed. I then ran scans with: TDSSKiller (no threats found) MBAM Anti-Malware on quick scan (no threats found) Super Anti-Spyware (53 tracking cookies found, all deleted).So far, nothing else has surfaced. IE and my PC still works. I'm wondering if there was anything with the intrusion attempts. I have yet to try those two sites again and don't plan on it anytime soon.So is there anything else I need to do and is there any cause for concern? The alerts according t... Read more

A:Intrusion attempt blocked by Norton Internet Security Firewall.

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 15 answers
RELEVANCY SCORE 46.4

Hello, I am new to this forum
 
I am getting a warning every few minutes from Norton Antivirus which states : Norton Blocked an Attack by: System Infected: Trojan:Ransomlock.G
I searched the web and found your web site and do appreciate any help you can give me with this problem.
I read the directions which I am supposed to follow and commit to your staff that I will adhere to all rules and instructions.
I tried to download FRST64 but Norton Antivirus immediately removes the file.
 
My computer setup is as follows:
 
Dell XPS9000
Windows 7 Professional
Norton Security Suite.
 
I am a novice at computer stuff so please be patient with me if I ask for clarification on something I am confused on.
 
I wish to thank all who will be willing to help me on this problem

A:Norton Blocked an Attack by: System Infected: Trojan:Ransomlock.G

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Please set an exclusion for FRST64.exe and download the file.Run a scan and post the logs.

Read other 10 answers
RELEVANCY SCORE 46.4

Hello All,I am having an issue when I start to use the internet, especially if I use any sort of search engine. If I try a search on google as soon as I enter the search my Norton Internet Security pops up a warning stating, "A recent attempt to attack your computer was blocked". I look at the info on it and the risk name is: HTTP Tidserv Request, and the attacking computer, most of the time, is: m01n83kjf7.com. Sometimes the attacking computer is: j00k877x.cc. Even after I close the browser if I leave the internet connected there are still random attacks being blocked. This happens consistently while I am connected. I am almost to the point where I am going to wipe the computer clean and start from scratch. Please help before I lose it! I have included the DDS log in the post and have attached the attach log and GMER log as attachments. Thank you so much for your help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Vicki at 22:25:08.25 on Sat 05/29/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1222 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\ACS.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

A:Attack being blocked by Norton Internet Security whenever I use a search engine

Hello, farakahn.My name is etavares and I will be helping you with this log.Here are some guidelines to ensure we are able to get your machine back under your control.Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.Please reply within 3 days to be fair to other people asking for help.When in doubt, please stop and ask first. There's no harm in asking questions!Backdoor WarningOne or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Man... Read more

Read other 6 answers
RELEVANCY SCORE 46.4

i think I got this virus from a porn website. Since then Norton Internet Security keeps alerting me every 2 to 3 minutes:  Norton has blocked an attack by: System Infected Trojan.Ransomlock.  When I view details, it says "An intrusion attemps by OLDHP (which is my conputer name) was blocked.  How can I remove this?  Help!

A:"Norton blocked an attack by: System Infected : Trojna.Ransomlock.G"

Step 1: Minitoolbox. Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result. Step 2: Junkware Removal Tool. Please download Junkware Removal Tool and save it on your desktop.Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log is saved to your desktop and will automatically open.Please post the JRT log.Step 3: Adware Cleaner. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Step 4: Adware Removal Tool. Download Adware removal tool to y... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

Hello, I am new to this forum
 
A person responded to my thread in the Symantec forum ( I have Norton security suite ) and directed me to post in this thread I have read the preparation guide carefully and will try to explain as honestly and accurately as I can. As my first post in this forums and also as a technical newbie in the field of computers I hope you will excuse my poor "language" .
 
I don't recall precisely in what order the events happened and I will try my best to retrace my steps up to the whole infection.
 
I woke up from a nap and turned on my computer, then started browsing an adult site, ( hehehe ) booted my mel0n player ( a Korean iTunes of sorts to download music ) and logged into Steam to play CSGO. For some reason a file named goty.dll ( it might have been goty7.dll not sure... ) popped up in my Norton community thingy (which also said the file was safe -_-;; ) and I gave it no second thought. ( I had just woken up from a nap and was not fully there haha )
 
I don't remember in what particular order it happened, but it soon BSOD'd after I logged into Steam. When it restarted it prompted to either boot up startup repair or boot up normally. I didn't know what to do so I just chose the recommended option. ( startup repair) Unfortunately ( and sadly expected... ) the startup repair did not do anything and a new notification on my Norton started appearing every minute or so saying "Norton blocked an attack by: System Infected: Tro... Read more

A:Repeated Trojan.Ransomlock.G attacks are blocked by my Norton Security

Hi Qrinkle
 
My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina

Read other 37 answers
RELEVANCY SCORE 46.4

Hi.
I am getting a small pop up every few seconds from my Norton software in the bottom right corner of my screen that says Norton blocked an attack by: System Infected:  Trojan.Viknok Activity 3.
I have already ran virus software updates and a full scan.  Ran Norton Power Eraser but it came back with a message about reinstalling the windows software dll file or something to that effect.
 
If I click on view details, it shows an ip address and some other info about the virus.
 
I am not a computer pro so would appreciate any step-by-step instructions on how to get rid of this.  Thank you!

A:Trojan.viknok Activity 3 popup blocked message from Norton

Hi lego7191 and Welcome to BleepingComputer ! I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post. Next time when you get another pop-up from Norton alerting you about the infection can you click View Details and copy and paste the contents into your next reply. Also can you tell me What operating System you are running and if it's 32 or 64 bit.If you are unsure what you're system bit type is..... click Here for help. 

Read other 23 answers
RELEVANCY SCORE 46.4

Hi
 
For some weeks now my web browsers appear to be trying to access a blocked site. Norton Internet Security blocks the site. below is the sort of information the web page brings up

 
Malicious Web Site Blocked


You attempted to access:
http://static.luwyrebyzuz.com/ac/?d=001F3B248F71C0D1___z=1___rd=f997462a1a9243379aea0b533a8d2328___cd=DS
This is a known malicious web site. It is recommended that you do NOT visit this site. The detailed report explains the security risks on this site.
For your protection, this web site has been blocked. Visit Symantec to learn more about phishing and internet security.

 
I have looked at my Norton Internet Security History log files and they state the following
 
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
09/11/2014 11:27:14,High,An intrusion attempt by 199.19.212.190 was blocked.,Blocked,No Action Required,Web Attack: Fake Application Website 2,No Action Required,No Action Required,"199.19.212.190, 80",static.luwyrebyzuz.com/favicon.ico,"SONYFZ38M (192.168.1.65, 56412)",199.19.212.190,"TCP, www-http"
Network traffic from <b>static.luwyrebyzuz.com/favicon.ico</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFO... Read more

A:Browser regularly blocked by Norton for trying to access malicious site.

Hi
 
Having looked a little deeper into these forums I now realise that there is a lot of preliminary stuff I could have done to remove general malware before posting the above.
 
Please therefore ignore this request and I will re-post if necessary.
 
Many thanks to all of you who help out all us numpties you must have the patience of saints!
 
Regards
 
Peter

Read other 3 answers
RELEVANCY SCORE 46.4

As of a few weeks ago, my computer's memory often got used up by a single svchost.exe under the netsvcs group, causing the computer to freeze often whenever the internet was connected to this computer. As of a side note, the themes service for Windows 7 (the operating system I use, 32 bit) are also of a rather unstable and glitchy nature. A Trojan.Tracur.C!inf was later discovered under the spoof name mibhoh.dll, which was always trying to be accessed whenever the computer went through a reboot, but denied. The file was later deleted, and the computer is now largely operable. However, as of recently, attacks reported by the computer's protection system, Norton Security Suite, have been blocked, but the attack is reportedly resulting from the svchost.exe file located system32 folder under windows with this current drive partition. Upon further research, the trojan horse virus originated from another .dll file known as "rundll32." I suspect that my computer is therefore infected with a rootkit, and all scanning attempts through Norton and other means have since came up empty of any results, as well as possible solutions on the internet. Some professional level help would be, at this point, deeply appreciated.

As requested, here are the files for preliminary analysis.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Yips at 12:20:51 on 2012-09-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1672 [GMT -7:00]
.
... Read more

A:Google redirect ads and repeated Norton reports of blocked attacks

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 18 answers
RELEVANCY SCORE 46.4

Please advise how to stop this constant attempts of intrusion and any other virus or malware on my PC. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:21 PM, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe... Read more

A:Trojan Vundo intrusion attempt by volokol.com was blocked by Norton

After reading through the forum; I have also ran Combofix.
Here are the combofix and hijackthis log files after running Combofix. Thanks

Best Regards
Reynold

[COMBFIX LOG]

ComboFix 08-03-26.3 - Reynold 2008-03-28 19:09:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1347 [GMT 8:00]
Running from: D:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqrqrp.dll
C:\WINDOWS\system32\xxyxxvw.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-28 19:12 . 2008-03-28 19:12 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-28 18:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-28 18:36 . 2008-03-28 18:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-28 17:00 . 2008-03-28 17:00 <DIR> d-------- C:\VundoFix Backups
2008-03-24 08:31 . 2008-03-24 08:31 244 --ah----- C:\sqmnoopt13.sqm
2008-03-24 08:31 . 2008-03-24 08:31 232 --ah----- C:\sqmdata13.sqm
2008-03-24 08:30 . 2008-03-24 08:30 244 --ah----- C:\sqmnoopt12.sqm
2008-03-24 08:30 . 200... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

I bought my new pc at the start of this year and it appears I managed to install some malicious software.  I'm running Windows 10.  I'm now facing repeated attacks from Trojan.Zlob.Q which is being blocked by my Norton 360 Premier firewall.  Looking back over the Norton logs, I'll give a timeline of events in the hope it gives plenty of information. Since Tuesday last week, my system has been detecting various malware issues with more and more unusual activity, i.e. pop-up ads by DNSUnlocker.  I've tried various ant-spyware programmes which have removed a few things, but there is still the repeated attacks by Trojan.Zlob.Q being blocked by Norton. I'm also seeing warnings of high activity outbound traffic by Malwarebytes, but I'm not given much information on what that is. I've used the following: AdwCleanerSpybot Search & DestroySpyHunterMalwarebytesHitman ProCCleanerRkillSophos virus removal toolSystem Mechanic is installed New pc fired up on the 4th January.  Installed Chrome on the 5th and Norton's logs show this activity - "chrome_setup[1].exe (WS.Reputation.1) detected by Download Insight".  This was removed by Norton.  A few days later, the log shows onesystemcare.exe was quarantined as a PUA.onesystemcare file. There were no intrusion attempts until the 19th to 23rd February where Norton blocked "System Infected: Trojan.Zlob.Q Activity" intrusion attempts 16, 10, 1, 7, 6 threats on each of those... Read more

A:DNS Unlocker Removed, but Trojan.zlob.Q still attacking - blocked by Norton

Greetings Jackkane and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

Read other 23 answers
RELEVANCY SCORE 46.4

Notebook: Dell Latitude D830, Windows XP/SP3 (work/home computer)Long story, please bear with me.I was staying in a hotel about a week ago and my laptop had been working fine. I started recieving a popup from Norton 360 that "an intrusion attempt by 202.157.171.207 was blocked. Application path \device\harddiskvolume2\windows\system32\svchost.exe. - Risk name HTTPS Tidserv Request 2." I ignored it then because norton said it was blocked. I closed my computer to leave for work (which I normally do for standby). I came back in the evening, opened it up and everything had gone to hell. My wireless recognized the hotel network but would not acquire an IP address. In addition, the windows desktop theme had reverted back to windows 98 theme. Also, my computer would not enter standby mode when I closed it. I figured that it was just having a slight hiccup and shrugged it off until I could spend some time on it. I did not use it for several days over Memorial Day weekend. When I got home this weekend, I tried connecting to my home wireless but to no avail. I tried restoring the system back to a previous restore point several times but it said that no changes had been made since the restore point so nothing was restored. I ran a full system scan with Norton 360; nothing. The next day I tried connecting to my work network (both through wireless and a hard connection) and I got the same thing (could not acquire an IP address.This is when I started getting nervous. I contac... Read more

A:Norton 360 intrusion attempt blocked - HTTPS Tidserv Request 2

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================1. Please try using a different version of DDS, download it from the links below:DDS.com => http://download.bleepingcomputer.com/sUBs/dds.comDDS.pif => http://www.forospyware.com/sUBs/dds2. Please try running GMER on safe mode.How to boot in safe mode => http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Unchecked the following checkboxes: IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Post the contents of that report when you reply.

Read other 16 answers