Guest ellas Posted January 1, 2003 Report Share Posted January 1, 2003 bloody hell still at it Link to comment Share on other sites More sharing options...
mark2 Posted January 1, 2003 Report Share Posted January 1, 2003 the zipped files like the one you had to unzip and double click yesterday, if you search for startuplist.zip you should find it Link to comment Share on other sites More sharing options...
mark2 Posted January 1, 2003 Report Share Posted January 1, 2003 Getting there ellas <_> Link to comment Share on other sites More sharing options...
mark2 Posted January 1, 2003 Report Share Posted January 1, 2003 Thats the one , looks a lot better than it did yesterday, but Ill have tio call it a day for now can't get back till tomorrow evening, but if anyone else can see anything nasty there perhaps they can point it out. If you go to http://www.spywareinfo.com/articles/hijacked/ if there are any stepswe have missed with the hijacker cleaning. Can't get back till tomorrow night now bout 6.30 Link to comment Share on other sites More sharing options...
Guest ellas Posted January 1, 2003 Report Share Posted January 1, 2003 no mark2 loves doing this :D Link to comment Share on other sites More sharing options...
mark2 Posted January 1, 2003 Report Share Posted January 1, 2003 Also have a look http://www.pacs-portal.co.uk/startup_pages...tartup_full.htm and compare your startuplist programs see if any are listed there as Spyware or virus, and run spybot once more and another A/V scan. :D should keep you out of mischief :D Back tomorrow ;) Link to comment Share on other sites More sharing options...
mark2 Posted January 1, 2003 Report Share Posted January 1, 2003 Very true :D ellas but learning how much I don't know :o Link to comment Share on other sites More sharing options...
Guest northamuk Posted January 1, 2003 Report Share Posted January 1, 2003 Shurely this thread is setting a Record which will NEVER get broken!! :o :D Link to comment Share on other sites More sharing options...
Randy_Bell Posted January 2, 2003 Report Share Posted January 2, 2003 Shurely this thread is setting a Record which will NEVER get broken!! :o :DYep this is a marathon thread all right. Once p2ccolo gets NAV reinstalled, up-to-date, and functioning properly: I still recommend he d/l and try TrojanHunter, especially since he was infected by sooooo many trojans. ;) Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Found the reason for hijacker coming back The reason for this is most likely an entry in the run section of the registry. In many cases, it has either been "regedit.exe /s filename" or "\windows\ regedit.exe /s filename". That command will cause regedit to import whatever text is in the file into the registry if it's in the right format, regardless of the filename and extension we have it herereg = regedit /s "C:\Documents and Settings\me\reg.reg,unless that is the back up copy you made of the registry, have another look see if you can change your homepage to what you want now and if it stays Link to comment Share on other sites More sharing options...
Guest Clint Posted January 2, 2003 Report Share Posted January 2, 2003 Here is the post for the first link: © 1995-2003 Symantec Corporation.All rights reserved.Legal NoticesPrivacy Policy start over my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product Document ID:2002051609330106Last Modified:12/17/2002 Problems with Symantec software may be caused by a virus infection Situation:You encounter at least one of the following problems:- When you start your Symantec product (such as Norton AntiVirus, Norton SystemWorks, or Norton Internet Security), the program window appears briefly and then disappears- You cannot complete LiveUpdate successfully- You cannot install or run Symantec products- You receive an email message, indicating that you are infected with the W32.Klez virus- You see "out of memory" error messages- Your computer stops responding during virus scans- Your Internet connection is much slower than usual- Your firewall software detects "Wink???.exe" accessing the Internet- You see low disk space error messages- Nmain caused an error in Nmain.exe- Nmain caused an invalid page fault in Nmain.exeSolution:These symptoms are known to occur on computers that are infected by one of the following viruses or worms:a W32.Klez variantW32.Bugbear@mm Follow the steps in each section in the order listed to make sure that your computer is not infected:W32.Klez variant:To determine whether your computer is infected with a W32.Klez variant, download and run the W32.Klez removal tool.NOTE: Carefully review the removal instructions before running the W32.Klez removal tool. An online demonstration on how to download and run the tool is available with audio and without audio.For detailed information about a particular W32.Klez variant, click the appropriate write-up:W32.Klez.H@mmW32.Klez.gen@mmW32.Klez.E@mmW32.Klez.D@mmW32.Klez.A@mmW32.Bugbear@mm To determine whether your computer is infected with W32.Bugbear@mm, follow the removal instructions in the W32.Bugbear@mm write-up. After the worm is removed, run LiveUpdate to download the latest virus definitions and scan the computer.If the removal tool does not detect a virus infection, then the problems that you are encountering are not likely the result of a virus infection. To continue searching the knowledge base for a solution to your problem, click the KNOWLEDGE BASE link at the bottom of this page. Select your product and version, and then click Continue. On the "search the knowledge base" page follow the instructions to enter your search criteria, and then click search. Please rate the quality of this document:low high 1 2 3 4 5 Is this document well written and easy to use?Submit specific suggestions to improve the quality of this document.Product(s): Norton AntiVirus 2000, Norton AntiVirus 2001, Norton AntiVirus 2001 Professional Edition, Norton AntiVirus 2002, Norton AntiVirus 2002 Professional Edition, Norton AntiVirus 2003, Norton AntiVirus 2003 Professional EditionOperating System(s): Windows 95, Windows NT 4.0, Windows 98, Windows 2000, Windows Me, Windows 95B, Windows 98 SE, Windows XP Home Edition, Windows XP Professional EditionDate Created: 05/16/2002 BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT Link to comment Share on other sites More sharing options...
Guest Clint Posted January 2, 2003 Report Share Posted January 2, 2003 Here is the post for the second link:© 1995-2003 Symantec Corporation.All rights reserved.Legal NoticesPrivacy Policy start over my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product Document ID:2001092513534506Last Modified:12/11/2002 Error: "The System Administrator has set policies to prevent this installation" when installing Norton AntiVirus 2002 Situation:When you start the installation for Norton AntiVirus (NAV) 2002, you see the error message "The System Administrator has set policies to prevent this installation."Solution:This error message can have different causes. It can occur under Windows NT/2000/XP if you are not logged on as administrator. It can also be caused by a corrupted installation or a partial uninstallation of a previous version of NAV.If you are running Windows NT/2000/XP, then verify that you are logged on as administrator. If you are not, then log on as administrator, and then reinstall NAV.To fix a corrupted or partial installation, follow these instructions to uninstall NAV, run the Rnav.exe removal utility to remove all previous versions of NAV, delete the NAV program folder and the virus definitions folder, and then reinstall NAV.To uninstall NAV by using the Rnav.exe or SymClean removal utility:1. In the document How to uninstall Norton AntiVirus, follow the steps in the To uninstall NAV from the Control Panel section, then follow the steps in the To uninstall NAV using the Rnav.exe removal utility section.2. If NAV was installed as part of NSW, then follow the instructions in the document How to uninstall Norton SystemWorks 2002 to uninstall NSW, and then follow the instructions in the document How to use the Norton SystemWorks cleanup utility (SymClean) to run the NSW removal utility.3. After NSW has been removed, run the Rnav.exe removal utility to make sure that all of NAV has been removed.4. Restart the computer.To delete the NAV and virus definitions folders and the virus definitions registry entries:1. Restart the computer.2. Open Windows Explorer.3. Delete the following folders:For Windows 98/Me/2000/XP:C:\Program Files\Common Files\Symantec Shared\VirusDefs folderC:\Program Files\Norton AntiVirusNOTE: If NAV is installed to a different folder, then delete that folder instead. If NAV is installed as part of NSW, then delete the C:\Program Files\Norton SystemWorks folder.For Windows NT:C:\Program Files\Common Files\Symantec Shared\VirusDefs folderC:\Program Files\NAVNTNOTE: If NAV is installed to a different folder, then delete that folder instead. If NAV is installed as part of NSW, then delete the C:\Program Files\Norton SystemWorks folder.4. Exit Windows Explorer.5. Edit the registry to remove the SharedDefs key according to the following instructions:CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys that are specified. See the document How to back up the Windows registry before you proceed. 6. Click Start, and then click Run. The Run dialog box appears.7. Type regedit and then click OK. The Registry Editor opens.8. Delete the following key:HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs9. Exit the Registry Editor, and then restart the computer.To reinstall NAV:1. To reinstall NAV, follow the instructions in the document that applies to your version of NAV:If only NAV was installed:How to install Norton AntiVirus 2002 from the CDHow to install a copy of Norton AntiVirus that was downloaded from Digital RiverIf NAV was installed as a part of NSW, then see the document How to install Norton SystemWorks 2002.2. Follow the prompts during the installation.3. Restart the computer when prompted.If this process does not fix the problem, then you will need to edit the registry and remove a key that was left by the M****soft Windows Installer. Follow these steps to remove the registry key:CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys that are specified. See the document How to back up the Windows registry before you proceed. 1. Click Start, and then click Run. The Run dialog box appears.2. Type regedit and then click OK. The Registry Editor opens.3. Click the Edit menu, and then click Find. The Find dialog box appears.4. In the Find What box, type or copy and paste the following:3C5C570370804294FAF8FF7250C221EANOTE: These are zeroes, not capital O's.5. Click Find Next.6. Click the 3C5C570370804294FAF8FF7250C221EA key.7. Press Delete, and then click Yes to confirm the deletion.8. Press the F3 key to search for the next instance of this key.9. Repeat steps 7 and 8 for each key that is found until you see the message that the registry editor is finished searching.10. Exit the Registry editor. Please rate the quality of this document:low high 1 2 3 4 5 Is this document well written and easy to use?Submit specific suggestions to improve the quality of this document.Product(s): Norton AntiVirus 2002Date Created: 09/25/2001 BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT Link to comment Share on other sites More sharing options...
Guest Clint Posted January 2, 2003 Report Share Posted January 2, 2003 Here is the post for the third link:© 1995-2003 Symantec Corporation.All rights reserved.Legal NoticesPrivacy Policy start over my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product Document ID:2001091907501606Last Modified:11/26/2002 Error: "Cannot delete navshext.dll. The specified file is being used by Windows" when deleting the Norton AntiVirus 2002 program folder during a manual uninstallation of the program Situation:You are following the manual uninstallation procedure for Norton AntiVirus 2002 (NAV). When you highlight and delete the Norton AntiVirus folder in C:\Program Files, you see the error message "Cannot delete navshext.dll. The specified file is being used by Windows." This happens if the computer has been restarted in a clean boot or in Safe mode.Solution:If you cannot delete the NAV program folder, and if you could not uninstall NAV from the Add/Remove Programs applet in the Control Panel, then follow the steps in the document How to uninstall Norton AntiVirus using the Rnav2003.exe removal utility to download and run the Rnav.exe removal utility to remove NAV from your computer.If running the Rnav2003.exe removal utility does not work, then follow these steps to unregister the navshext.dll file:1. Click Start, and then click Run.2. Type or copy and paste the text that applies to your version of NAVIf NAV is installed as a stand-alone product:regsvr32 -u "c:\program files\norton antivirus\navshext.dll"If NAV is installed as part of Norton SystemWorks:regsvr32 -u "c:\program files\norton systemworks\norton antivirus\navshext.dll"3. Click OK at the next prompt.4. Please rate the quality of this document:low high 1 2 3 4 5 Is this document well written and easy to use?Submit specific suggestions to improve the quality of this document.Product(s): Norton AntiVirus 2002Operating System(s): Windows 98, Windows 2000, Windows MeDate Created: 09/19/2001 BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 still no luck uninstalling nav ? Link to comment Share on other sites More sharing options...
Randy_Bell Posted January 2, 2003 Report Share Posted January 2, 2003 p2ccolo, hang in there, you'll have a clean system soon. ;) Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 maybe that would have been the best way,but where are you getting the trojans from,is it possible the other machines are infected,what trojan have you found. Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Okay you can delete that file containing toplistcity then find it in the reg and delelte ltlhe key in there THhat shopuld get shot of te Hijacker.What Trojan has been found ? Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 why not take randy bells advice with trojan hunter,we come this far format would be defeat. Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Do we really want to give in to these Bas*****? :angry: :angry: Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Give Randy's suggestion a try to get rid of the trojan, we will get you back to a clean well running system, If the worst comes to worst with Norton we can go with AVG and ZA or Sygate, Then uninstall what you don't need. When it comes to the backing up & formatting option you could find yourself backing up the problems too. :huh: Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 like mark2 says how can you back,get a clean system then maybe run the repair console which will reinstall all the windows files and i/e. Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 what do you mean crap mp3 etc Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Most of the stuff in your startup list we can take care of thru msconfig and once the unnecessary stuff doesn't autostart will run quicker, then at some point we can disable unnecessary services too. Link to comment Share on other sites More sharing options...
mark2 Posted January 2, 2003 Report Share Posted January 2, 2003 Make sure system restore is still turned off if not you could have to go thru this all again :( :(dleting that reg file relating to the hijacker will get rid of that but we will need to remove it once more from the registry before it will be gone hopefully for good!! there are free progs to prevent a hijack like that again ;) ;) Link to comment Share on other sites More sharing options...
Guest ellas Posted January 2, 2003 Report Share Posted January 2, 2003 should be,even if it ends up as a format you will have learnt a hell of a lot about your computer :D ,have you got a full version of xp or upgrade or recovery discs. Link to comment Share on other sites More sharing options...
Recommended Posts