amanoffewwords

How 'bout trying the Stinger - mcAfee "Swiss Army Knife" for anti-virus detection and removal?

Charles

lofty50

Don't think I have any virus, just a problem getting to update NAV. Why I don't know, but it did happen the same day I changed my ISP. I can do full scan, everything clean. I have always meticulously kept NAV and MS fully updated after major probs 18 mos ago. Just can't update NAV after reinstalling. Is there a setting I am missing perhaps?

Feline

Lofty - Apart from LiveUpdate, there is another way of downloading and updating your virus definitions. Go to http://securityresponse.symantec.com....download.html and download them (the file is about 4.7Mb). Once you have downloaded them, doubleclick on the file and it will update your virus definitions.

I use this method quite often because I'm never quite sure that LiveUpdate has downloaded enough code while I'm logged on - I use dial-up and sometimes LiveUpdate can be very slow (site congestion I imagine).

lofty50

Feline

Thank you for that, but as I have already mentioned I cannot get into the Symantec site for a manual download. There are no other problems accessing any other website, just Symantec. I am baffled why this should be and welcome any clues from anyone.

PPRuNe Pop

ONE tip I will give, and that has never let me down!

Go to www.grc.com and click on 'Shields Up' it will tell you if your computer is open to possible 'attack' or not. But DO get the Microsoft patches first. Just go to Windows Update. Not necessary for a few operating systems so check.

While you are there you may find other things you can use and this Guy Steve really does know what he is talking about. The FBI use him as do the CIA and he been known to assist the Met Police.

So, for what it's worth, and it is good, go get it is my advice.

amanoffewwords

lofty50,

just spent three hours with a client whose machine is displaying the same symptoms you are having.

It stops you accessing any virus-removal site - I tried NAV, McAfee, Sophos, Trend, AVG (Grisoft) and others.

Liveupdate does not work and NAV gets disabled soon after start-up.

Windows update are also not installing although all the right screens appear but the number of critical updates remains at 37. Tried to download an install Win 2k SP4 but that got cut off.

I have tweaked the startup process with a utility similar to msconfig.exe - removed anything that look suspicious. I scanned the registry for any clues. I ran ad-aware and installed Zone Alarm.

I scanned the system using Stinger in safe mode and it did remove a couple of minor worms and viruses but essentially didn't result in any change to the situation.

All to no avail.

I am currently scanning the disk using my PC and the disk as secondary unit.

My next option will be to reformat and re-install everything, including windows updates etc.

Will let you know if I find anything useful during the current scan I'm doing.

Charles

OneWorld22

amon,

I'm sure you've tried this but here's the removal tool itself,

removal tool

If that doesn't work I could e-mail you the fix? Its only 150kb

Wedge

You can check to see if your PC is infected here at Microsoft Security

E-Liam

Hi Amofw,

Before you format, could you send me a Hijack this log of the machine please. I'd like to see what it's up to on the inside, if you don't mind. I'm off out in a minute, but I'll be back later (11.30ish UK) and I should be able to help.

Cheers

Liam

amanoffewwords

Thanks OneWorld22 and Wedge - but I don't think Sasser is the culprit in this case - I ran the latest version of Stinger which looks for two variants of Sasser - and the symptoms are different but there as similar lofty50's problem. This is taking off a tangent somewhat.

I just completed another full scan with the disk as secondary in my own PC - it came clean so I'm left with a reformat. However I will try hijack this and let you know what's up E-Liam - thanks for the suggestion.

Cheers
Charles

lofty50

AMANOFFEWWORDS, Mike Jenvey, PPRUNE POP, Wedge et al

Thanks for all your replies and advice, I am 7 hours ahead of you guys in UK so a time lag in my reply.
NAV now has auto protect and email scanning enabled, but also ZoneAlarm has email scanning so I feel moderately safe but desperately need to get NAV updated. I have the MS Sasser patch and the removal tool and have run adware, seems the only prob is update.
I have noted all your advice and will try now to get my NAV updated.

Cheers

lofty50

Mike Jenvey

The Symclean is only for Norton System Works which I don't have (only NAV) so didn't run it.

_________________________________________________

PPrune Pop

Shields Up seems very good, however all it did was confirm I have an exceptionally well protected computer, I only had to load Unplug 'n' Pray. I'd recommend everyone to use this excellent utility.

By the way the time is wrong! Showing GMT +7 here. Just because u went to BST, it doesn't change GMT +8 here!!!

Oh Sh1te

Auto protect and email scanning disappeared off NAV again. Trying a reboot.

amanoffewwords

Lofty50,

on my client's pc I applied winsock fix as suggested by fobotsco in an earlier unrelated post and the updates work again. However it was still stopping IE from accessing Symantec et al so I got rid of it and put Mozilla Firefox in its place and it all works ok now.

Now just got to try and sort his email out...

hth
Charles

lofty50

amanoffewwords

Here's what I did, first upgraded to ZoneAlarm Pro and cleaned out all tracking cookies and leaned cache. Then (thro' Google) I ran an online antivirus from
http://housecall.trendmicro.com/housecall (I had to disable ZoneAlarm first), that found the AGOBOT.IM worm, noncleanable but I deleted the affected file, then to be doubly sure I ran activescan online from http://www.pandasoftware.com/actives..._principal.htm which showed all clear, and by the way scans emails also.
I then reinstalled NAV, which worked okay and live update seems to have worked, and then reactivated ZoneAlarm. Then I tried to access Symantec - guess what - no joy. Going to try again.
Can you please post the site to get the
Mozila Firefox.

Don't know why but the activescan url came out funny, I'll try again.
http://www.pandasoftware.com/actives..._principal.htm

after the first activescan it should be /com/activescan_principal.htm

40 yearflyer

You guys have left me standing. Any quick way to get rid of Sasser worm from my XP?...MSN download cuts off..and take 2 hours estimated...Mcfee doesn't seem to stop it.. I am not an easy user of computers..do you suggest I pass it to an expert.
PS I scanned my files and cwindows\system32\wins\SVCHOS infected...so I followed McFee advice and deleted it when it proved 'non cleanable. I am using my 'old' computer Windows 95 to post this.

OneWorld22

First hit CTRL+ALT+DEL and have a look at your task manager and processes. If you see avserve.exe end it straight away!

Then go into your regedit, (go to Start and then run and type in regedit)

Click on: HKEY_LOCAL_MACHINE then SOFTWARE then MICROSOFT then WINDOWS then RUN

If you see avserve.exe listed there with your other programs then delete it....(Back up your registry first just in case!)

40 yearflyer

Thanks 'Jolly Green Giant' I used to tell my kids bedtime stories based on a 'jolly green giant' taken from the tin of sweetcorn ! !

I will try your suggestion.

If that doesn't work I will rush into symantec again and download sasser 'b' version before the worm closes me down again...I usually have 3 minutes.

Just a thought if I restore the file I deleted last night that McFee could not clean, could symantec clean/neutralise it I wonder. Sounds dangerous to me.

Here i go again ..today is a computer day...the sim computer needed rebooting ...the ADF in the aircarft locked onto the nearest CuNimb...life was much simpler when all I had was one radio and a DI.

lofty50

Good news guys, this a.m. I have been able to access Symantec and down load Intelligence Updater. So now fully up to date and protected all round with extra protection with activescan and trendmicro, both of which work much faster than a NAV scan.

I have a suspicion that after reinstalling NAV you cannot do liveupdate or manual update until you perform a complete scan, I tried to bypass this as it is so slow, and I was confident I was clean.

I trust you have sorted your probs finally amofw.

Cheers everybody and thanks for all the help.

amanoffewwords

Thanks I have fixed it lofty50, but it was my client's problem really...off to re-install his hard-disk and cross my fingers it doesn't get damaged on the way as I rattle along the potted holes of London's Streets.

And then I can turn my attention to my laptop which seems to overheat and shutdowns after10 mins or so , subject of another thread no doubt.

Cheers
Charles

amanoffewwords

Hey hey - BBC are reporting that the suspected author of Sasser has been arrested in Germany.

Now, for a suitable punishment....



Charles