Norton AntiVirus Difficulties

Anti-Virus Apps Question

Hi. I had Norton AntiVirus 2004 Professional installed on my computer when I got it, and was running AdAware 6.0 Personal to keep on top of spyware, and one day I got an error with Norton. I clicked the 'more info' link and it took me to the norton site, where it listed a few different error codes, none of which matched mine. So I close the page and went back to Norton. It was still capable of scanning for viruses, but LiveUpdate was now disabled. I went on like this for maybe a week or two, and one day, my Norton was just Spontaneously dead. The icon in the system tray had a red X through it. So I attemtped to re-install it, and got 4 errors:

"Cannot find the file specified: C:\Documents and Settings\Admin\Local\Temp\pft8.tmp\ProductRegCOM.dll" (pft8.tmp is a temporary directory, created during install, which is strange, because the install would have to put that file there)

"Error 1308. Source file not found:
E:\NAV\External\CommonFi\SYMSHARE\SymLTCOM.dll
"verify that file exists and that you have access to it." (received twice, but not consecutively / I checked, this file is infact on the CD)

"Error 1308. Source file not found:
E:\NAV\External\NORTON\APP\NAVlcom.dll
"verify that file exists and that you have access to it." (I checked, and this file is also present)

My friend then sent me a .rar archive of the contents of the CD. I went to unzip it and had problems with the same files (they wouldn't unzip...)

Since I've lost Norton and haven't been able to fix it, I've been running 4 spyware/adware removal tools (AdAware 6, Spybot S&D 1.3, CWShredder, SpySweeper) and just this morning I downloaded and ran HiJack this. If it helps, here's the log:

Logfile of HijackThis v1.97.7
Scan saved at 5:47:20 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\Admin\Desktop\Stuff Left to Install\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.8191319444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


So, what do you recommend that I do? I did find out from a friend at work that Norton can be kinda wonky to fix if you have problems with it, he said something about it doesn't fully uninstall from the registry?

Thanks for the help guys

Default Text
 

Verified Answer?

The member who asked this question verified this comment provided the solution that solved their problem.

by:Posted on 2004-07-10 at 05:34:59ID: 11518225

I just did a search for zonealarm on this site and there are some mentioning zonealarm bugs, zonealarm setup, and similar items.  I will post a few below.

Accepted Answer from GEM100
Date: 05/13/2000 03:47AM EDT
If you make a portscan on computer with ZoneAlarm firewall, and your portscan will originate on port 67, it will not be detected by firewall:
http://www.securityfocus.com/bid/1137
And also it is still vulnerable to SYN attacks.

Notice the date on that one!!!

Here is a whole question on ZoneAlarm that is a year old.

I'm interesting, if i have some program that is exploitable on my computer
and i have zonealarm, am i secure?

what about trojans? if i am infected wiht some trojan and have zonealarm?

can i make some port close for all IP's and only a few can connect to it?
that few IP's will be somehow written or somehow recognized by the firewall.

tnx for your time!


 
 Send to a Friend     Printer Friendly   See Solution  
 
   
   
 Comment from sramesh2k
Date: 03/02/2003 01:19PM EST
 Comment  


you can add some IPs to trusted zone so that all communication are allowed for that IP.

to ensure that your system is secure, test it from the following site:

https://grc.com/x/ne.dll?bh0bkyd2

The above is the most famouse Steve Gibson research website.

 
Comment from war1
Date: 03/03/2003 03:25AM EST
 Comment  


Zone Alarm may be able to block programs with Trojans coming through the Internet, but it will not stop all Trojans through email attachments and instant messages.  You still need a good Anti-Virus program to block these openings.

<< if I am infected with some trojan and have zonealarm? <<

Are you asking that if you are already infected with a trojan virus, will Zone Alarm stop it from spreading in your computer?  No, it will not. You will need a good Anti-Virus program and maybe a virus uninstaller, depending on the trojan.
 
Comment from DaveHowe
Date: 03/03/2003 05:14AM EST
 Comment  


No.
Zone alarm will prevent a lot of trojans from outbound access to the internet. however, it will not

a) prevent infection in the first place or
b) prevent "firewall bypassing" trojans from either using direct access to the internet or disabling Zone Alarm and thus having access to the internet after your next reboot.

run a good AV and/or Antitrojan.
 
Accepted Answer from SunBow
Date: 03/03/2003 07:08PM EST
 Accepted Answer  


ZoneAlarm is not antivirus. You got trojan, tough luck, ZA will not fix. If the trojan is not so malicious and is merely like adware trying to dial out to a home base, then YES, ZoneAlarm can block the access attempt AND let you know when it happens. (actually, it gives me choice of letting it through. We/I tend to start firewall by first blocking everything and then decide what to permit; as opposed to alternative philosophy that enables everything - so all our stuff works, and then add blocks as the bad IPs/ports are discovered.

>  if i have some program that is exploitable on my computer and i have zonealarm, am i secure?

While you may be ok, the rule is = once you've been exploited, you've yielded control of your system to another. Recognize that. The program may not be so bad, but you must realize that as an unknown it can do anything such as deactivate ZoneAlarm or your antivirus. Many modern worms already target a few of the top antivirus products.
 
Comment from Mal-Tech
Date: 03/06/2003 12:21PM EST
 Comment  


If a trojan horse has been introduced to your system you are not neccessarily secure if you have ZA (or any firewall). Depending what trojan it is, it can start before ZA starts or register as a Windows service which ZA will allow access. Granted, ZA will disallow a majority of connections to a trojan server. You need to have an antivirus program in order to remove it.

Mention that the type of trojan you may have is not malicious is beside the point. It is intrusive and should not be there in the first place. An adware (spyware)file is not classified as a trojan horse (even though it transmits system information) and worms are not trojans, although they can download updates which contain trojans or have trojan droppers built in.

If you close a port, it is closed to all. You can allow a static ip address to a certain port if the firewall allows you that configuration.






 
Comment from Shadow_Hawk
Date: 03/10/2003 03:25PM EST
 Comment  


>> Suggestion>>  If you need "port control", to isolate certain appz from accessing the net(if you can't remove the problem app from your system), d/l *Kerio* firewall. This firewall gives you control of your Ports/Protocols/Individual App access/Direction of traffic travel/I.P.-Host Site Control.
*Spybot 1.1* can locate TROJAN activity on your system, w/ the ability to <remove> the appz that "spawn" others.
 
Comment from nisheed
Date: 03/12/2003 02:25PM EST
 Comment  


1. If you have a Trojan first try and get rid of the trogon.

2. Your firewall will protect you if you block all outbound access from the port the Torgan is using to communicate on. This is temporary protection.

Let’s take a look at this:
Netmonitor can use the following ports (UDP: 7000, 7300, 7301, 7302, 7303, 7304, 7305, 7306, 7307, 7308, 7789)

Hack99 uses(TCP 12223)

Portal of Doom (TCP 9872, 9873, 9874, 9875)

Let say you block the Netmonitor instance for port 7000 you still have the rest of the ports to worry about. You could block all the listed port but what about other Torgan's? Are you going to go through a list of well know ports used by Trojans and block them all? Crazy!

You could wait to get infected find out which port the Trojan is using and block that port - risky refer to SunBow.

In my opinion get rid of all malicious code on your computer, try some sort of commercial search and destroy software or even just formatting and re-installing.

Make sure you install your virus protection and firewall software and keep them up-to-date.

Be careful what you download and install on your machine.

Remember prevention is better than cure.
 
 
General FAQs for Zonealarm - http://www.zonelabs.com/store/content/support/zaav/generalFAQs.jsp

This content is available to Experts Exchange members

See the answer now
with your Free 30 Day Trial

Get unlimited access to solutions & experts

  • 4,169,477 solved questions
  • 3,805 articles & videos
  • 15,413 tech experts

Get Access Now

Need a customized answer?
Ask your question for one-on-one assistance. We will email you when an expert has commented on your question.

We will never share this with anyone. Privacy Policy Terms of Use

Select topics

You may select up to five topics.

201507-LO-Qu-068

Related Articles

Related Questions

Experts Exchange powers the growth and success
of technology professionals worldwide.

  • Solve

    Experts Exchange is the tech professional’s trusted, on-demand resource for solving difficult problems, making informed decisions, and delivering excellent solutions.

  • Learn

    With unparalleled access to technical experts, verified real-world solutions, and diverse educational content, Experts Exchange enables personalized development of technology skills.

  • Network

    Experts Exchange gives you the professional exposure and valued relationships key to building the career you want.

Join the Network Today

See Plans and Pricing