Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

'Norton' pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

'Norton' pop-ups

Unread postby roykeane » January 14th, 2007, 3:10 pm

Hi.
I have begun to get pop-ups claiming to be from Norton telling me that 'Norton Anti-Virus 2006 was unable to start the Instant Messenger Scanner. It will be unable to scan Instant Messenger downloads for infections.' Then there is a link to follow and the number 3021, 4.
I went to the Symantec site and loooked up 3021, 4 and the Article it referred to spoke about 'scanning' IM not 'starting' it so its almost definitely not legit and its appearing every few mins...
Can you please help?

Much appreciated


Logfile of HijackThis v1.99.1
Scan saved at 19:04:15, on 14/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\Setup Files\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {5D4D167F-388F-0279-D8F4-0352109FFD90} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {76F9B04E-B5D1-45B2-B499-67A932B80B32} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
roykeane
Active Member
 
Posts: 3
Joined: January 14th, 2007, 3:01 pm
Location: Dublin
Advertisement
Register to Remove

Unread postby SifuMike » January 14th, 2007, 5:47 pm

Hello roykeane,

I am SifuMike and I will be helping you. :)

When you have more than one antivirus running at the same time, they conflict with each other rendering the computer vulnerable or unusable. It may even cause crashes. Please review this information:
Should you run more than one antivirus program at the same time? Microsoft recommends that you have only one anti-virus program installed on your computer.

There are basically two types of antivirus programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

I notice that you are using more than one antivirus program, Norton Antiviurs and Avast Anitvirus.

This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through.

Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.

I strongly suggest you:

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.

have begun to get pop-ups claiming to be from Norton telling me that 'Norton Anti-Virus 2006 was unable to start the Instant Messenger Scanner. It will be unable to scan Instant Messenger downloads for infections.' Then there is a link to follow and the number 3021, 4.
I went to the Symantec site and loooked up 3021, 4 and the Article it referred to spoke about 'scanning' IM not 'starting' it so its almost definitely not legit and its appearing every few mins...



Did you do everything listed by Symantec?
Error: "Norton AntiVirus was unable to scan your Instant Messenger download for infections" (3021,4)



Turn off Norton AntiVirus Instant Messenger
1 If the (3021,4) error message keeps you from seeing the Norton AntiVirus interface, then drag the message out of the way.
2 Start Norton AntiVirus.
If Norton AntiVirus is part of Norton Internet Security or Norton SystemWorks, then start Norton Internet Security or Norton SystemWorks.
3 On the program interface, click Options.
If you see a menu, click Norton AntiVirus.
4 On the left side of the Norton AntiVirus Options screen, click Instant Messenger.
5 Under the section headed "What instant messengers to protect," uncheck all of the items, and then click OK.
6 Restart the computer, and then go on to the next section.

STEP 3
Run LiveUpdate to download the latest Norton AntiVirus program update
1 On the Norton AntiVirus, Norton Internet Security, or Norton SystemWorks program interface, click LiveUpdate.
Download all available updates, and restart the computer if you are asked to do so.
2 Run LiveUpdate again until you see the following message:
"Thank you for using LiveUpdate. All of the Symantec products and components installed on your computer are currently up to date. Remember to check for new updates frequently."
3 Do one of the following: I use AOL Instant Messenger, Windows Messenger or Yahoo! Messenger
1 On the Norton AntiVirus, Norton Internet Security, or Norton SystemWorks program interface, click Options.
If you see another menu, click Norton AntiVirus.
2 On the left side of the Norton AntiVirus Options screen, click Instant Messenger.
3 Under "What instant messengers to protect," check AOL Instant
Messenger, Windows Messenger, or Yahoo! Messenger.
4 Click OK.
5 Exit Norton AntiVirus.
6 To enable Norton AntiVirus Instant Messenger scanning to work with
MSN Messenger, continue with the next section, "I use MSN Messenger."

I use MSN Messenger
1 Go to MSN.com, and follow the instructions to download and install the
latest version of MSN Messenger 6.
2 Restart the computer.
Norton AntiVirus Instant Messenger scanning should be automatically
configured to work with the latest version of MSN Messenger 6. If it is
not, then continue on to the next section.



Error: "Norton AntiVirus was unable to start the Instant Messenger scanner . . . " (3021,2)
SifuMike
Regular Member
 
Posts: 25
Joined: October 7th, 2006, 4:39 pm
Location: Vancouver (Not BC) WA (Not DC)

Unread postby roykeane » January 14th, 2007, 6:59 pm

Hi SIfuMike,
thanks for the prompt response!!
I've done what you asked an UNinstalled Avast so I just have Norton running now.
I then followed the instructions regarding Nonton/IM. I checked the box off in Norton, uninstalled msn, then reinstalled it (msnlive). After a restart, the box was automatically back on (as the article stated ut should be).

Nevertheless, the box is still popping up.

Earlier today I ran Lavasoft Ad-Aware and I found a trial version of A2-AntiMalware. Ad-Aware found nothing and AntiMalware found a tracking cookie which I deleted.

If you require any more info please don't hesitate to offer instructions.
Thanks
roykeane
Active Member
 
Posts: 3
Joined: January 14th, 2007, 3:01 pm
Location: Dublin

Unread postby SifuMike » January 14th, 2007, 9:19 pm

Hi roykeane,

Nevertheless, the box is still popping up.


I dont think I can solve you Symantec popup problem, as that is not caused by malware.
I suggest you contact Symantec directly and see what they have to say.
http://www.symantec.com/home_homeoffice/support/productdetail/contact_ts.jsp?pvid=nav_2006

As a double check, let's run AVG antispyware and BitDefender Online scan and make sure you no hidden malware.

Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. :)

When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.

*******************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose [b]"Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the AVG Anti-Spyware 7.5 log, the BitDefender log and a  fresh Hijackthis log.
SifuMike
Regular Member
 
Posts: 25
Joined: October 7th, 2006, 4:39 pm
Location: Vancouver (Not BC) WA (Not DC)

Unread postby roykeane » January 22nd, 2007, 3:53 pm

Hi SifuMike,

sorry for the massive delay in responding to your help but I've been up to my eyes recently.
I just wanted to let you know that I went down the route of reinstalling. I wanted to follow your advice of running the anti-virus on Internet Explorer but I couldn't install it!! Also all my accessories had been eaten away - no calculator, no games, no nothing. I think that whatever I had was slowly killing my laptop! And it was messing with my internet connection as well - I couldn't stay connected for more than five or ten minutes before the connection would drop off and I'd have to repair it...

Anyway, I appreciate all your help and know that if I ever experience any form of malware again, I can trust in this site!! Thanks again,

roykeane
roykeane
Active Member
 
Posts: 3
Joined: January 14th, 2007, 3:01 pm
Location: Dublin

Unread postby NonSuch » February 1st, 2007, 6:30 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 327 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware