Symantec won't live UPDATE (host can't be found)
I have a computer that isn't even lettling me go to the internet...CPU usage is 90-100% all the time...I installed Symantec Anti Virus Corp Edit and it found over 700 adware/trojan horse/errorsafe/etc viruses...But it's still not letting me LIVE UPDATE - big red X then No host found...But it's working a little better now (60-70%) CPU usage only now...
I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drive
2. added back a good copy from another computer
3. Can even get the www.symantec.com
4. everytime I tried to go to "trendmicro.com" or symantec.com it just gives me a and website can't be found...But when I ping it from dos prompt it gives me 127.0.0.1 for symantec...
I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...
Also every new browser that I open up the cookies are all allow in the internet tools option...
Thanks
plam125
I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drive
2. added back a good copy from another computer
3. Can even get the www.symantec.com
4. everytime I tried to go to "trendmicro.com" or symantec.com it just gives me a and website can't be found...But when I ping it from dos prompt it gives me 127.0.0.1 for symantec...
I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...
Also every new browser that I open up the cookies are all allow in the internet tools option...
Thanks
plam125
Hi,
I suggest doing a full scan using superantispyware :
www.superantispyware.com
There are some spyware that antiviruses won't detect
Regards,
I suggest doing a full scan using superantispyware :
www.superantispyware.com
There are some spyware that antiviruses won't detect
Regards,
Download Host expert and restore to Microsoft Host Files, after doing so make the files un-rewritable.
Download Ccleaner from http://www.filehippo.com/download_ccleaner/ .
run cleaner and fix all the issues found after you scan with Ccleaner.
Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.
http://upload-il.com/file/61637/MsnCleaner-eng.zip.html
Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
here's the link..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.
Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.
Good luck
Download Ccleaner from http://www.filehippo.com/download_ccleaner/ .
run cleaner and fix all the issues found after you scan with Ccleaner.
Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.
http://upload-il.com/file/61637/MsnCleaner-eng.zip.html
Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
here's the link..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.
Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.
Good luck
ASKER
IndiGenus:
Here's the log from HJT..Its foreign to me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:20 AM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\Program Files\Java\jre1.5.0_03\bin
C:\WINDOWS\System32\taskmg
C:\WINDOWS\SoftwareDistrib
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\System
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgq
O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqs
O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seatht
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {8C875948-9C60-4381-9248-0
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-2
O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-4
O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-1
O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-0
O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-7
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8970 bytes
Here's the log from HJT..Its foreign to me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:20 AM, on 10/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spools
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTra
C:\Program Files\Java\jre1.5.0_03\bin
C:\WINDOWS\System32\taskmg
C:\WINDOWS\SoftwareDistrib
C:\WINDOWS\System32\wuaucl
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
F2 - REG:system.ini: UserInit=C:\WINDOWS\System
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-0
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTra
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgq
O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqs
O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seatht
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-0
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-1
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {8C875948-9C60-4381-9248-0
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-2
O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-4
O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-1
O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-0
O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-7
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8970 bytes
ASKER
yasserd:
It won't download...just keeps spinning
It won't download...just keeps spinning
Please try the Combofix first plam125.
and then download hostsxpert from.
http://www.majorgeeks.com/Hoster_d4626.html
This should reset your windows host files which there might be changed by a spyware...
Restore to Microsoft original FIle.
and then download hostsxpert from.
http://www.majorgeeks.com/Hoster_d4626.html
This should reset your windows host files which there might be changed by a spyware...
Restore to Microsoft original FIle.
best advice, re-install the operating system. you can clean your system from viruses, but spywares, forget it. unless you delete every entry from the registry. for that, you'd have to search for them which will take you more time than installing a fresh copy.
ViruScan
ViruScan
My apologies plam125, for some reason I wasn't subscribed to this thread and didn't get email notification.
I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.
Just my opinion.
I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.
Just my opinion.
Hi Palm,
This is the direct link:
http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe
This is the direct link:
http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe
ASKER
Thanks for all your help...I just told my friend the best thing was to re-install the OS and start over...So that is what I did...Thanks everyone...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I suggest that you download, run, and post a HijackThis log from the link below.
NOTE: Do not fix anything with HJT at this point, just post the text from the log.
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php