Virus on computerthat symantec cannot remove
Posted on 2006-10-26
Hi Folks, not that I'm bagging norton, I have been using norton antivirus for years. My daughter who is Chinese, uses a separte login and while browsing came accross a Chinese webpage that installed a virus onto my box. It was first noticed when my daughter couldn't delete three IE shortcuts on the desktop, because every time she did they would just put themselves back there.
They have now installed themselves on my login as well. Norton is up to date, I have done a full system scan, nothing found.
I rang norton help, got put through to India after paying $70au, as you do, gave away control to the bloke in India to do his bit, as I watched him flounder around without success.
What it does, as the dude in India found out is write a heap of urls to the windows\system32\drivers\etc\hosts file.
You cannot delete them, I even went into safe mode to delete them but they are rewritten stright away.
Sometimes when the system is booted it will hang even before POST has finished, and you have to reboot, it then boots into setup with the error message "the system hung for an improper CPU speed", time to reboot again.
So there is a little program that write the host file, that symantec cannot find, don't know about as the full scan proves, is of Chinese origin and is pissing me off.