#1
|
|||
|
|||
Anti Antivirus = ? Virus ?? Trojan ??
Recently i visited a site Iptools.com and downloaded some files from there and started to scan with trojan remover and Nortan AV 2003 (On Xp no Sp1) After Scanning two zip filoes I suddenly noticed that Scan with NAV option was greyed out. I saw that tray Icon also dissapeared and NAV was dead (.
So I did a online scan fom symantec(no virus detected) Uninstalled and reinstalled NAV. But this did not help. Both Navapw32 and navapsvc are loaded as seen in task manager but NAV does not open and scan is not possible. I got the message : Error: "A settings violation has been detected. The security settings have been tampered with." (1004,1) "Settings alert! Some Symantec product settings have been changed by an unauthorized program. This can indicate that an attacker or a virus is attempting" to disable your program. To avoid problems settings will be reverted to their previous configuration and the system will be restarted." Restart obvoiusly did not help. I did Uninstall NAV and run the Rnav2003.exe removal utility for NAV 2003 also. Removed all keys I thought were relared to NAV/Symantec. Then I repaired Internet explorer thinking it could be a possible culprit. Reinstall NAV 2003 = same problem. Then I installed NAV 2002. Now during the last parts of the setup "Norton AntiVirus Information Wizard" I get Internet explorer Script error url = res://C:\Program Files\Norton AntiVirus\Cfgwiz.exe/CfgWizRoadmap.htm Script error : Permission denied. and the next button for registration, setup live update and AUTOPROTECT are all disabled.(the page CfgWizRoadmap.htm comes from Cfgwiz.exe Hence I replaced it with a fresh copy from the setup). I have also tried decreasing Internet security options to minimum. Also script blocking is already disabled in NAV. Still I am getting this "Permission denied" Script error is preventing me enabling Autoprotect. I uninstalled NAV 2003 and Installed Dr. Web(AV) but this also doesnot run - hangs the system with 100% CPU usage and dispaly starts corruption. No viruses R detected by another copy of NAV 2003 in Second Partion - win98(but XP - NTFS partion was not scanned). I am frustated with it and thinking Clean Install of XP is the only option . Anybody has encountered a similar problem ? Could it be new virus/trojan? How can I correct the script error ? Please Help Last edited by drasd_20002; 06-01-2003 at 20:59. |
#2
|
|||
|
|||
NAV, Dr.Web-suxx.
Try to use Kaspersky Antivirus Personal Pro. |
#3
|
|||
|
|||
Tried Scanning in DOS with various AV soft - No virus found.
Also scanned from windows (other partition OS) - No virus found. Either the virus/trojan was hit and run - self destructive and only script error is remaining or not with in the scope of AV softwares. Hoping the first case to be true and having no virus etc in my computer how can i correct this Internet explorer Script error Access Denied. If i can overcome this ? If i can do this then I think most of the problems are solved -- Hope so. (I have already Reinstalled IE from WIN XP CDROM.) I will try dl Kapersky AV once I have better connection speed ( atleast 3 kbps dl speed !!) Last edited by drasd_20002; 06-02-2003 at 12:40. |
#4
|
||||
|
||||
hmmmmmmm..
This seems reminiscent of a semi-new breed of Trojan-Horse applications that contain an internal database of "known" AntiVirus software executable names (how ironic) to terminate upon execution. You probably can't start norton OR kaspersky if you decide to install it because this program is already in memory and is monitoring for AV utilities to terminate as soon as you start/install them.
Of course I could be wrong, just a thought. Now, you'll have to check every known start-up method and remove suspicious entries so that they are unable to start up with the rest of your "legit" programs. Also download an enhanced process viewer (procexp from sysinternals is my favorite for win32/64) and terminate suspicious shit that's been loaded in memory. Check netstat.exe to determine if your system is listening on any suspicious TCP/UDP ports as well, if possible use a process-to-endpoint mapper to see what processes are bound to particular ports. BTW if you've been infected with on of the newer trojans that use "cloaking technology" via the use of API-hooks, I have to say you're fucked and re-format unless your some kind of computer engineer. heh. -good luck |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Problem with Anti-Virus and PE-Protector | Fred | General Discussion | 2 | 07-02-2003 08:18 |