Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: Help! Norton Anti Virus questions

  1. #1

    Help! Norton Anti Virus questions

    Hi, I have the norton anti virus service. In the last few months I have been getting ALOT of viruses. I have no idea where they all could be coming from. I don't visit any wierd sites. I have a yahoo email address and I think Yahoo screens all emails for viruses. NAV takes care of the viruses I get by deleteing them. I know I get them because a red and white window appears in the middle of my computer screen and tells me the virus name, where it is located, and the action taken by NAV. Is it possible to keep the window from coming up in the middle of my screen? This window is very annoying to me because I work on line and I get alot of these Virus Alert windows coming up. When one comes up I have to click on the OK button to get rid of it. The problem is, is that today alone I must have had over 1000 (thats right one thousand) virus alert windows come up on my screen. So I have to click the OK button 1000 times. This is not fun. So can I, in some way, keep this window from appearing? Thanks for any help. This is driving me crazy. Today is the worst so far. OH, I am not a computer person. I only use it because I need it for work. Thanks for any help or ideas that you have. Pete
    Pete Lamberty

  2. #2
    Join Date
    Feb 2003
    Location
    Plano, TX
    Posts
    265
    There are a lot of different versions of NAV, each slightly different. On my computer here I'm running Corporate Edition. On it, the option is "Display message on infected computer", which has a checkbox.

    If you're running the standalone version, I'm pretty sure there is a similar option. Search help for a message similar to the one I posted, or for "real-time protection options". Something like that ought to get you there.

    I can't imagine why your are being hammered so hard. Our entire network doesn't get maybe 10 a day.

    Dave

  3. #3
    Pete - how many e-amils do you get a day? I get a lot of e-mail (average 500/day) and I have rarely gotten a virus. What version of Norton are you running and what is the date of the Virus definition file that you are using? If you are using Live Update, it should be around 6/18/03. When was the last Full System scan that Norton ran? The easiest way to find out this information is to click the Norton icon in your tray (next to the date and time) The Virus definition info and last System scan will be right there. The version info should be available after you click the Help on the Norton screen and then About Norton AntiVirus.
    Dan McLaughlin

  4. #4
    Hi Dave, Dan, Thanks for your quick replies. Right after I wrote the original post, I went to NAV and scanned my computer. I had 1019 infected files. 1018 were automatically deleted. So I have a virus that they said is called Hacktool. It is in C:\system32\ntservice.exe. I have no idea what that is. Can I delete it or is it an important file? I don't know how to delete it. As far as I could see, NAV does not have a removal tool for the Hacktool virus. Dave, I have the 2003 version of NAV. I could not find anywhere in the options anything like Display message on infected computer. NAV said I should do a safe start and then a complete scan. When the file with the virus is found, I should delete it. I did do a safe start but I cannot get onto the internet when in the safe start mode. So I couldn't do a scan. Dan, I get about a dozen emails a day. Dan, even though I have the automatic live update, I go to NAV everyday and update the virus defintions. Dan the last update is 6/18/03. So now I have two problems. How to get rid of the virus and how to keep the virus alert windows from coming up. I read a little on the NAV site. Could someone be trying to get into my computer and use it for sending viruses or whatever. I am on the computer over seven hours a day. Should I get a firewall? Sorry guys for such a lone post. I just have alot of thoughts on this and know nothing. Thanks, Pete




    Quote Originally Posted by Dan McLaughlin
    Pete - how many e-amils do you get a day? I get a lot of e-mail (average 500/day) and I have rarely gotten a virus. What version of Norton are you running and what is the date of the Virus definition file that you are using? If you are using Live Update, it should be around 6/18/03. When was the last Full System scan that Norton ran? The easiest way to find out this information is to click the Norton icon in your tray (next to the date and time) The Virus definition info and last System scan will be right there. The version info should be available after you click the Help on the Norton screen and then About Norton AntiVirus.
    Pete Lamberty

  5. #5
    Hi, Since my original post, and the posts by Dave and Dan, I have gone back to the NAV site. I tried something different. I went to scan for viruses. Then scan files. Then I worked my way through a window that started with C; and then openned WINNT then openned system 32, then openned ntservice.exe. It scanned and then NAV said there was one virus in it. Can I just delete this file at this point? Or is it important? Thanks. Pete


















    Quote Originally Posted by Pete Lamberty
    Hi, I have the norton anti virus service. In the last few months I have been getting ALOT of viruses. I have no idea where they all could be coming from. I don't visit any wierd sites. I have a yahoo email address and I think Yahoo screens all emails for viruses. NAV takes care of the viruses I get by deleteing them. I know I get them because a red and white window appears in the middle of my computer screen and tells me the virus name, where it is located, and the action taken by NAV. Is it possible to keep the window from coming up in the middle of my screen? This window is very annoying to me because I work on line and I get alot of these Virus Alert windows coming up. When one comes up I have to click on the OK button to get rid of it. The problem is, is that today alone I must have had over 1000 (thats right one thousand) virus alert windows come up on my screen. So I have to click the OK button 1000 times. This is not fun. So can I, in some way, keep this window from appearing? Thanks for any help. This is driving me crazy. Today is the worst so far. OH, I am not a computer person. I only use it because I need it for work. Thanks for any help or ideas that you have. Pete
    Pete Lamberty

  6. #6
    Join Date
    Mar 2003
    Location
    SE PA - Central Bucks County
    Posts
    65,685
    Quote Originally Posted by Pete Lamberty
    Hi, Since my original post, and the posts by Dave and Dan, I have gone back to the NAV site. I tried something different. I went to scan for viruses. Then scan files. Then I worked my way through a window that started with C; and then openned WINNT then openned system 32, then openned ntservice.exe. It scanned and then NAV said there was one virus in it. Can I just delete this file at this point? Or is it important? Thanks. Pete
    You don't say which OS version you are running, but for WinNT, Win2K and WinXP, deleting that particular file may render your machine unusable--it's a key OS function. You have a very serious problem in that your picked up something that from the name indicates it's a trojan horse that will allow someone else to use your computer for "their own purposes". You may need to get help from someone who is skilled in your particular OS and virus issues as you may need to completely rebuild the machine to get rid of this scum-ware. There is a chance that something like PestPatrol or similar might help, but if your virus protection is not removing it...

    BTW, if you are not already doing do, you need to start running a firewall application like ZoneAlarm on your computer to help protect from these kind of things. This is in addition to virus protection. With a proper firewall, you may still get "infected" buy you'll know about it right away and the software will keep your PC from communcating information out that you do not allow it to do.
    --

    The most expensive tool is the one you buy "cheaply" and often...

  7. #7
    Hi Jim, The operating system on my computer is windows 2000. Pete




    Quote Originally Posted by Jim Becker
    You don't say which OS version you are running, but for WinNT, Win2K and WinXP, deleting that particular file may render your machine unusable--it's a key OS function. You have a very serious problem in that your picked up something that from the name indicates it's a trojan horse that will allow someone else to use your computer for "their own purposes". You may need to get help from someone who is skilled in your particular OS and virus issues as you may need to completely rebuild the machine to get rid of this scum-ware. There is a chance that something like PestPatrol or similar might help, but if your virus protection is not removing it...

    BTW, if you are not already doing do, you need to start running a firewall application like ZoneAlarm on your computer to help protect from these kind of things. This is in addition to virus protection. With a proper firewall, you may still get "infected" buy you'll know about it right away and the software will keep your PC from communcating information out that you do not allow it to do.
    Pete Lamberty

  8. #8
    Pete - Jim is correct. Deleting that file and any other files that may be infected very well could render your PC dead. Hacktool is a generic term for a several Trojan programs that can do a number of things:

    1. Take complete control of your PC (Hacktool.Rootkit)
    2. Keep a log of keystroke on the system (Hacktool.KeyLoggPro)
    3. Decrypt Windows passwords (Hacktool.PassUnleash)
    4. Hacktool.DoS is a hacktool that performs a Denial of Service (DoS) attack against a third-party server. Even though this tool does not cause any damage to the computer on which it is deployed, it is considered a threat by network administrators. (Hacktool.DoS)

    This is probably more than you ever wanted to know about Hacktool. I would not recommend dealing with this yourself especially since you have said "I am not a computer person". I would also echo Jim's recommendation about Zone Alarm (either the free version or the Pro Version). We used it here along with Norton AV until we upgraded to a hardware firewall rather just a softwall one.

    Find a good PC Tech and let him deal with the problem. You may need a re-install of Windows2000 after the Hacktool trojan is removed.
    Dan McLaughlin

  9. #9
    Thanks guys for all the info. I guess I will have to find someone more knowledgable than myself. Where do I look for a PC tech like Dan suggested? I will have to ask some friends that are computer people, hopefully they will know also. Also, am I spreading this virus to others in emails or how about here on Saw Mill Creek? Should I stop being on line until I get this fixed? Thanks again. Pete




    Quote Originally Posted by Dan McLaughlin
    Pete - Jim is correct. Deleting that file and any other files that may be infected very well could render your PC dead. Hacktool is a generic term for a several Trojan programs that can do a number of things:

    1. Take complete control of your PC (Hacktool.Rootkit)
    2. Keep a log of keystroke on the system (Hacktool.KeyLoggPro)
    3. Decrypt Windows passwords (Hacktool.PassUnleash)
    4. Hacktool.DoS is a hacktool that performs a Denial of Service (DoS) attack against a third-party server. Even though this tool does not cause any damage to the computer on which it is deployed, it is considered a threat by network administrators. (Hacktool.DoS)

    This is probably more than you ever wanted to know about Hacktool. I would not recommend dealing with this yourself especially since you have said "I am not a computer person". I would also echo Jim's recommendation about Zone Alarm (either the free version or the Pro Version). We used it here along with Norton AV until we upgraded to a hardware firewall rather just a softwall one.

    Find a good PC Tech and let him deal with the problem. You may need a re-install of Windows2000 after the Hacktool trojan is removed.
    Pete Lamberty

  10. #10
    Join Date
    Feb 2003
    Location
    Collin County Texas
    Posts
    2,417
    Hi Pete. I also run W2k, the Pro version, with all recommended maintenance installed. There is NO such program as ntservice.exe on my system drive. Use file explorer to find it, right click on it and select properties, you will get a small window. click on the version tab at the top, this will give you pertinent info about the module. If it doesn't say Microsoft or some other software house whose product you have installed, it is probably bogus. An easy test is to rename it to ntservice.exo, a see what happens. The worst thing is that you need to boot up into "safe mode" and name it back again.

    If you are not installing the current maintenance from M/S, you need to start doing that. There are almost monthly security fixes issued by the Redmond crew.

    I don't run any Norton products, but that is another story I have been quite happy with the McAfee virus filter.
    Best Regards, Ken

  11. #11
    Join Date
    Feb 2003
    Location
    Gloucester, VA
    Posts
    1,996

    Don't worry

    Quote Originally Posted by Pete Lamberty
    Thanks guys for all the info. I guess I will have to find someone more knowledgable than myself. Where do I look for a PC tech like Dan suggested? I will have to ask some friends that are computer people, hopefully they will know also. Also, am I spreading this virus to others in emails or how about here on Saw Mill Creek? Should I stop being on line until I get this fixed? Thanks again. Pete
    Don't worry-- SawmillCreek is safe from your 'puter, but personal emails
    to members are a plausible method of transmission.

    _Aaron_

  12. #12
    Hi Ken, Thanks for the good info. I, too, have windows 2000 Professional. Sorry for the mistake. I tried to follow your directions but I didn't know where everything was. For example, I don't know where to look for my system drive. But I did this. Try to follow my poor description. I got into my computer on the desk top. I explored and worked my way thru a list on the side of the window. I went Gateway C, then FIXIT, then OEMINFO, then WINNT, then system32. After I expanded all of these, I right Clicked on the WINNT icon in the right side of the window and openned it. Then I found the system32 icon, right clicked and hit explore. It gave me a whole bunch (computer talk here). of icons. So I went thru it all and found ntservice. I right clicked on this icon and selected properties. The tab at the top said "General". Under the word General in a little window was the letters ntservice. Then it listed the following:
    Type of file: application
    Description: ntservice
    Location: C:\WINNT\system32
    Size: 9.50KB(9,728 bytes)
    Size on disk: 16.0 KB (16.384 bytes)
    Created: Tuesday, June 17, 2003, 10:57:20 AM
    Modified Saturday, September 07, 2002. 1:54:14 AM
    Accessed: Today June 24, 2003
    Attributes Open box Read only open box hidden open box Archive

    Is this what you wanted me to find? No where do I see anything that says it is a Microsoft prduct or another one that I have. I have very few programs on this computer. I tried to open the ntservice file but a little window came up that said..."access to the specified device, path, or file is denied". I can right click on the icon and then select rename and the name does get boxed in and highlighted . So I can rename it. I did not try to rename it yet, because I don't know if I am at the right place that you told me to go. Should I try to rename it here? Thats about all I found with your instructions. I didn't follow the path you said so I don't know if this is right. Please let me know.
    Also you said that I should be installing the current maitenance from Microsoft. I have never done this and I really don't know what you are talking about. I went to the Microsoft website but couldn't find anything called current maitenance. I don't know who the Redmond crew is or how to find them. How do I get to them? Sorry for such along post but I thought I need to explain what I have been doing here.
    Thanks for the help. I hope you could follow what I did here. Pete Lamberty



    Quote Originally Posted by Ken Garlock
    Hi Pete. I also run W2k, the Pro version, with all recommended maintenance installed. There is NO such program as ntservice.exe on my system drive. Use file explorer to find it, right click on it and select properties, you will get a small window. click on the version tab at the top, this will give you pertinent info about the module. If it doesn't say Microsoft or some other software house whose product you have installed, it is probably bogus. An easy test is to rename it to ntservice.exo, a see what happens. The worst thing is that you need to boot up into "safe mode" and name it back again.

    If you are not installing the current maintenance from M/S, you need to start doing that. There are almost monthly security fixes issued by the Redmond crew.

    I don't run any Norton products, but that is another story I have been quite happy with the McAfee virus filter.
    Pete Lamberty

  13. #13
    Hi Ken, I went ahead and tried to rename it. It wouldn't let me. So I don't know what to do next. Any advice is appreciated. Pete


    Quote Originally Posted by Ken Garlock
    Hi Pete. I also run W2k, the Pro version, with all recommended maintenance installed. There is NO such program as ntservice.exe on my system drive. Use file explorer to find it, right click on it and select properties, you will get a small window. click on the version tab at the top, this will give you pertinent info about the module. If it doesn't say Microsoft or some other software house whose product you have installed, it is probably bogus. An easy test is to rename it to ntservice.exo, a see what happens. The worst thing is that you need to boot up into "safe mode" and name it back again.

    If you are not installing the current maintenance from M/S, you need to start doing that. There are almost monthly security fixes issued by the Redmond crew.

    I don't run any Norton products, but that is another story I have been quite happy with the McAfee virus filter.
    Pete Lamberty

  14. #14
    Join Date
    Feb 2003
    Location
    Plano, TX
    Posts
    265
    Pete, it sounds to me like you've landed a worm dubbed "muma". It appears to be a whole bunch of files.

    Norton Antivirus has a page for this virus, here: http://securityresponse.symantec.com...mu.a.worm.html

    The beginning is a technical breakdown that you probably aren't interested in. If you click on the button marked "removal instructions", it will take you to where you can download the specific tool that will (hopefully) remove it.

    If you have anything on the computer that is irreplaceable, before is a much better time to back it up, than after. Just in case.

    Dave

  15. #15
    Join Date
    Feb 2003
    Location
    Collin County Texas
    Posts
    2,417
    Pete, sorry I confused you with "system drive". In 99.99% of the cases it will be the C drive. M/S started all the alphabetic drive stuff back with DOS. Other OSs use a more basic form of IDing the drive involving the physical path from the cpu out to the device. The user only knows about "files" and doesn't even know where they are stored.

    It looks like you did the best you can, and I think Dave A. has the right next step.

    Good Luck
    Best Regards, Ken

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •