Norton 360 analysis not working

Question

Hello everyone
I've been having issues with my Norton 360 antivirus for about a fortnight.
Whenever I start a scan (full or quick), it says 'in progress' but no files are being scanned, the scan runs but no files are being analyzed. To try to fix this, I reinstalled it but I'm still experiencing the same problem. I also tried the "Symantec Security Check" and that scan doesn't work either. It says "Preparing for the virus scan Scanned(s) 0 Detected(s) 0".
That's my problem. If you have a solution for my issue, I would be grateful to know it.
Thank you in advance

Configuration: Windows Vista Firefox 3.0.10

Open Soul · Answer

Hello, I advise you to uninstall Norton  https://sebsauvage.net/safehex.html http://www.commentcamarche.net/faq/topic 2432 security protect a computer against internet malware

loloetseb · Answer

Disable User Account Control before using this tool:

* Go to "Start" then Control Panel.
* Double click on the User Accounts icon and on "Turn User Account Control on or off".
* Uncheck the box Use User Account Control (UAC) to help protect your computer.
* Confirm with OK and restart.

Image guides (UAC)

*****************************************************
*************** Option 1 (Search) ***************
*****************************************************

Download FindyKill (from Chiquitine29) to your desktop:

! Log out and close all running applications!

* Double click on "FindyKill.exe" to start the installation and leave the installation settings as default.

* Connect your external data sources to your PC (USB stick, external hard drive, etc...)

* Double-click on the FindyKill shortcut on your desktop to launch the tool.

* In the main menu, choose the option "F" for French and press [Enter].

* In the second menu, choose option "1" (search) and press [Enter].

Let the tool work and do not touch anything...

--> Post the report that appears at the end on the forum...

(The report is also saved under C:\FindyKill.txt)
(CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

Note: "Process.exe," a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.

Image guides (Installation)
Image guides (Search)

sherminator83 · Answer

re
here is the Findy Kill report

############################## [ FindyKill V4.728 ]

# User : Félix (Administrators) # FÉLIXPC
# Update on 01/05/09 by Chiquitine29
# Start at: 01:25:02 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
# Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled

# C:\ # Local disk # 176.23 Go (61.58 Go free) [HDD] # NTFS
# D:\ # Removable disk
# E:\ # Removable disk
# F:\ # CD-ROM
# Z:\ # CD-ROM

############################## [ Active processes ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Félix\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Infectious Files / Folders ]

################## [ Infected Temp Files ]

################## [ Registry / Infectious Keys ]

################## [ Search in removable media]

Found ! C:\autorun.inf

################## [ Registry / Mountpoints2 ]

Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbb28e8-c2fc-11dd-815f-001a8016f867}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbb28e8-c2fc-11dd-815f-001a8016f867}\Shell\open\Command

################## [ ! End of report # FindyKill V4.728 ! ]

before doing it, I uninstalled Norton with software provided by Symantec and installed Avira which deleted 3 trojans

loloetseb · Answer

Ben stop downloading cracks and keygens

*****************************************************
************* Option 2 (Deletion) *************
*****************************************************

! Disconnect and close all running applications (including browser) .

* Connect your external data sources to your PC, (USB key, external hard drive, etc...)

* Relaunch "FindyKill": from the main menu, choose option " F " for French and press [enter] .

* In the second menu, choose option 2 (deletion) and press [enter]

* The PC will restart automatically ...

--> the program will be working, do not touch anything ... , your desktop will not be accessible, that's normal!

* Post the report that appears at the end (the report is also saved under C:\FindyKill.txt )

/!\ If the desktop does not reappear, press Ctrl + Alt + Del, Tab "File", "New task", type explorer.exe and confirm

Help with images (Deletion)

loloetseb · Answer

You need to complete the removal step; you are still infected there.

sherminator83 · Answer

Here it is, I have done the deletion
but by the way, what am I infected with???

Here is the report

############################## [ FindyKill V4.728 ]

# User : Félix (Administrators) # FÉLIXPC
# Update on 01/05/09 by Chiquitine29
# Start at: 14:52:10 | 03/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
# Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled

# C:\ # Local Disk # 176.23 GB (61.55 GB free) [HDD] # NTFS
# D:\ # Removable Disk
# E:\ # Removable Disk
# F:\ # CD-ROM Drive
# Z:\ # CD-ROM Drive

############################## [ Active Processes ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## [ Infected Files \ Folders ]

################## [ Infected Temp Files ]

################## [ Registry / Infected keys ]

################## [ Cleaning Removable drives ]

Deleted ! C:\autorun.inf

################## [ Registry / Mountpoint2 ]

Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbb28e8-c2fc-11dd-815f-001a8016f867}\Shell\AutoRun\command
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbb28e8-c2fc-11dd-815f-001a8016f867}\Shell\open\Command

################## [ States / Restarting of services ]

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.

################## [ Searching Other Infections ]

# -> Nothing found.

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! End of Report # FindyKill V4.728 ! ]

loloetseb · Answer

Print these instructions because you will need to close all windows and applications during the installation and scanning.    Download: Malwarebytes or: Malwarebytes  * Install it (make sure to choose "French"; do not change the installation settings) and update it.   (Note: If you are missing "COMCTL32.OCX" during installation, download it here: COMCTL32.OCX  * Study the Tutorial to familiarize yourself with the program:    (That said, it is very easy to use).  Restart Malwarebytes by strictly following these instructions:  ! Disconnect and close all running applications!  * Launch Malwarebyte's.  Perform a "Full" scan.  --> Let the program work (and do nothing else with the PC during the scan). --> At the end, click on "results." --> Check that all infected objects are checked, then click on "delete."  Note: If you need to restart your PC to finish the cleaning, do it!   Post the saved report after deleting the infected objects (in the "report/log" tab of Malwarebytes, the most recent one)

loloetseb · Answer

You have a USB port infection, as well as an autorun that launches malware. Run Malwarebytes and post the report; it will tell us more.

dark · Answer

It's certain that if you download a lot of cracks, you're going to get infected! Even with antivirus, it would have been the same with Kaspersky...

sherminator83 · Answer

re
the link you suggested for Malwarebytes is unavailable....
I found it on this site https://download.cnet.com/Malwarebytes/3001-8022_4-10804572.html?spi=aa3646f78e476f03ffe76683efe1c65e can I trust it??

loloetseb · Answer

Have you managed to download Malwarebytes? If not, I'm afraid you have a rootkit, keep me updated.

sherminator83 · Answer

Well, I downloaded Malwarebytes from CCM, I installed it, and now a scan has been running for over two hours. P.S. I'm writing this post from an iPod ^^

sherminator83 · Answer

it's finished the malwarebytes analysis

report:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1

10/05/2009 17:04:36
mbam-log-2009-05-10 (17-04-36).txt

Scan type: Full scan (C:\|H:\|)
Items scanned: 252756
Time elapsed: 2 hour(s), 22 minute(s), 29 second(s)

Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 2
Infected registry value(s): 1
Infected registry data item(s): 12
Infected folder(s): 0
Infected file(s): 1

Infected memory process(es):
(No malicious items detected)

Infected memory module(s):
(No malicious items detected)

Infected registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Infected registry value(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.0.370.0 (Adware.Zango) -> Quarantined and deleted successfully.

Infected registry data item(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1dcf4499-04f7-4b72-a782-db77fa010c94}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{521a35d9-d5ff-4197-9c45-3ec7128385dd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b9f6d60f-dc18-47c1-abfb-7b23751ffd37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1dcf4499-04f7-4b72-a782-db77fa010c94}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{521a35d9-d5ff-4197-9c45-3ec7128385dd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b9f6d60f-dc18-47c1-abfb-7b23751ffd37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1dcf4499-04f7-4b72-a782-db77fa010c94}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{521a35d9-d5ff-4197-9c45-3ec7128385dd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b9f6d60f-dc18-47c1-abfb-7b23751ffd37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.165,85.255.112.216 -> Quarantined and deleted successfully.

Infected folder(s):
(No malicious items detected)

Infected file(s):
H:\XP SP3\Vista.exe (Trojan.VB) -> Quarantined and deleted successfully.

before the analysis I had connected a hard drive that I do not use alone.

loloetseb · Answer

You have a DNS hijacking as well

(on Vista, be sure to disable UAC first)

Download Smitfraudfix by S!RI:

* ! Disconnect from the internet, close all running applications, and disable your defenses!
* Extract the archive to the desktop.
* Run Smitfraudfix (For Vista: right click on the icon / "Run as administrator...")
* Press a key to continue.
* When you reach the command prompt, type the letter f to switch the fix to French
* In the menu, choose option 5: Search and remove DNS hijacking
* Let the tool work.
* Once finished, a report is saved on the PC here > C:\Rapport.txt

Then

Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.

! Disconnect and close all your running applications!

Double-click on "RSIT.exe" to launch it.

-> A first window opens with the title: "Disclaimer of warranty".

* In front of the option "List files/folders created ...", choose: 2 months

* then click on "Continue" to start the scan...

-> let the scan run and do not touch the PC...

When the scan is finished, two text files will open (probably with Notepad).

Post the content of "log.txt" (the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps...

Important: post one report, then the other in the next response
If you try to post both at the same time, it may take too long for the forum

(Note: the reports will also be saved in this folder -> C:\rsit)

Norton 360 analysis not working

14 réponses

Texture issues in enshrouded

Driver his

Peritel to hdmi conversion

How to access the bios on a compaq notebook

Dsi won't turn on anymore

Search for a song with the lyrics

Left mouse click, touchpad click inactive

Codes stronghold crusader

Stuck computer system repair

Disable write protection mp3 player