Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Symantec won't live UPDATE (host can't be found)

Posted on 2007-10-11
11
Medium Priority
?
1,895 Views
Last Modified: 2013-12-09
I have a computer that isn't even lettling me go to the internet...CPU usage is 90-100% all the time...I installed Symantec Anti Virus Corp Edit and it found over  700 adware/trojan horse/errorsafe/etc viruses...But it's still not letting me LIVE UPDATE - big red X then No host found...But it's working a little better now (60-70%) CPU usage only now...

I tried the follwoing:
1. Deleting the hosts file (c:\windows\system32\drivers\etc\host
2. added back a good copy from another computer
3. Can even get the www.symantec.com
4. everytime I tried to go to "trendmicro.com" or symantec.com it just gives me a and website can't be found...But when I ping it from dos prompt it gives me 127.0.0.1 for symantec...

I think if I can only live update I should be able to get the computer back to normal...Also every website I go to there's atleast 3 pop ups that I get...

Also every new browser that I open up the cookies are all allow in the internet tools option...

Thanks
plam125
0
Comment
Question by:plam125
  • 3
  • 2
  • 2
  • +2
11 Comments
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20061682
I wouldn't count on Norton being able to clean this completely, it may help but....

I suggest that you download, run, and post a HijackThis log from the link below.

NOTE: Do not fix anything with HJT at this point, just post the text from the log.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
0
 
LVL 10

Expert Comment

by:yasserd
ID: 20061747
Hi,

I suggest doing a full scan using superantispyware :

www.superantispyware.com

There are some spyware that antiviruses won't detect

Regards,
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 20062122
Download Host expert and restore to Microsoft Host Files, after doing so make the files un-rewritable.
Download Ccleaner from http://www.filehippo.com/download_ccleaner/ .
run cleaner and fix all the issues found after you scan with Ccleaner.

Make sure you have nothing loaded on your Startup Items such as unknown files/programs.
Download MSG cleaner from the following link, after you extract it run and tick "Enable task manager.." check box and click on Analyze.

http://upload-il.com/file/61637/MsnCleaner-eng.zip.html

Then download Combofix and run it, You will have dos box and you might be prompted to run a cleaning process, you will have to press 1 to continue and finish the cleaning process.
here's the link..
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Make sure you don't have any unknown toolbars and if there is try to uninstall them... Change the home page to any safe website that you know.

Now I'm sure after using Hostsxpert you will be able to go to any website and update your Symantec anti virus.

Good luck
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:plam125
ID: 20073651
IndiGenus:
Here's the log from HJT..Its foreign to me:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:20 AM, on 10/14/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\update\update.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tjem.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp0201.php?pc=64150&rc=1&ps=R&oc=5&mjv=3&mnv=2&bld=146&kc=ppa_obqi^^^^etl`avdf&cd=&dcc=&drc=&mo=&sid=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832210339226033AAC
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\iipgqbux.dll",sitypnow
O4 - HKLM\..\RunServices: [Ati Control Panel] atiphexx.exe
O4 - HKLM\..\RunServices: [8F7BBF0F] C:\WINDOWS\System32\viehqsxpto.exe
O4 - HKLM\..\RunServices: [`^]`LWI`WITL] C:\WINDOWS\System32\seathtk.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll                                                              .dbt
O4 - HKUS\S-1-5-18\..\Run: [Ati Control Panel] atiphexx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll                                                              .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Ati Control Panel] atiphexx.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112037319795
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O21 - SSODL: mtklefa - {A0339443-7AC2-4064-4DA1-29967D9620F3} - C:\WINDOWS\System32\sriwx32.dll (file missing)
O21 - SSODL: E0BCBJED - {6CD3628F-7212-4452-1269-440C5C1A4AFC} - C:\WINDOWS\System32\Mfmdoe32.dll (file missing)
O21 - SSODL: mtklefap - {4AE79E0C-AAFA-43DF-68A8-14FF2EEC5241} - C:\WINDOWS\System32\oefzn32.dll (file missing)
O21 - SSODL: mtklef - {6F735DB2-8EA7-469F-DC86-02D2F89DF0B1} - C:\WINDOWS\System32\muvw32.dll (file missing)
O21 - SSODL: mtkle - {C7E92A44-476D-4ADA-21AE-79C047203197} - C:\WINDOWS\System32\jvrbns32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8970 bytes
0
 

Author Comment

by:plam125
ID: 20073741
yasserd:
It won't download...just keeps spinning
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 20073848
Please try the Combofix first plam125.
and then download hostsxpert from.
http://www.majorgeeks.com/Hoster_d4626.html
This should reset your windows host files which there might be changed by a spyware...
Restore to Microsoft original FIle.
0
 
LVL 1

Expert Comment

by:ViruScan
ID: 20142326
best advice, re-install the operating system. you can clean your system from viruses, but spywares, forget it. unless you delete every entry from the registry. for that, you'd have to search for them which will take you more time than installing a fresh copy.
ViruScan
0
 
LVL 20

Expert Comment

by:IndiGenus
ID: 20142482
My apologies plam125, for some reason I wasn't subscribed to this thread and didn't get email notification.

I agree with moh10ly: 100% here on running combofix. CF will do quite a bit of work here and we should then be able to clean up with a CF script and scanning/removal.

Just my opinion.
0
 
LVL 10

Expert Comment

by:yasserd
ID: 20146543
0
 

Author Comment

by:plam125
ID: 20171641
Thanks for all your help...I just told my friend the best thing was to re-install the OS and start over...So that is what I did...Thanks everyone...
0
 
LVL 1

Accepted Solution

by:
ViruScan earned 500 total points
ID: 20171943
PLAM125,
at last, you recommended your friend with my advice...aren't you gonna issue the 125 points for the resolution you followed???
txs
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question