Spy Axe Blues!!!

[Average Joe]

Spy axe is back!

Having thought that spy axe was dead and buried it has once again risen from the depths of my p.c but this time with avengence. It now appears to posess the power to disable my norton anti-virus.

Will I have to run all the standard scans again (smitrem and ewido).

 

[LonnyRJones]

Hi

Start with that Blacklite and fresh Hiajckthis log's, an alternative program is rootkillrevieler from system internals

Download unzip then scan with RootkitRevealer
http://www.sysinternals.com/utilities/rootkitrevealer.html
when its done go file > save, attach or post the log back here in your next reply
Not to worry, normal there are a few of item shown.
It's an intensive scan, I suggest you disconnect from the internet and leave the PC alone until its finished.
Since the log might be very large, Please edit out items in
C:\RECYCLER\NPROTECT if there.
c:\windows\temps
documents and settings\your name\---- temporary internet files.
And C:\System Volume Information, before posting

 

[Average Joe]

Hey,

Just ran the Blacklite scan and it found nothing. I have posted my latest HJT LOG below and will post the system internals log later.

Logfile of HijackThis v1.99.1
Scan saved at 19:28:13, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Documents and Settings\User\Desktop\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\User\Desktop\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\User\Desktop\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Documents and Settings\User\Desktop\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - http://etalk.epson.co.uk/netagent/objects/custappx3.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126436943719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Cheers!

 

[Average Joe]

Below is the scan log of system internals. I have omitted C:\RECYCLER\NPROTECT\ entires as requested.


HKLM\S-1-5-21-220523388-1682526488-1957994488-1004\RemoteAccess\InternetProfile 12/07/2005 17:29 21 bytes Data mismatch between Windows API and raw hive data.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023 03/02/2006 17:35 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\CATALOG.DAT 02/02/2006 15:34 2.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\DEFINST.EXE 02/09/2004 00:49 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\ECBOOTIL.VXD 16/11/2005 09:00 6.74 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\ECMSVR32.DLL 16/11/2005 09:00 281.62 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\HH 11/01/2006 09:00 3.54 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVENG.EXP 26/08/2005 08:00 99.86 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVENG.SYS 14/12/2005 09:00 76.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVENG.VXD 16/11/2005 09:00 86.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVENG32.DLL 14/12/2005 09:00 121.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVEX15.EXP 14/12/2005 09:00 843.92 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVEX15.SYS 14/12/2005 09:00 733.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVEX15.VXD 14/12/2005 09:00 886.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NAVEX32A.DLL 14/12/2005 09:00 769.66 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\NCSACERT.TXT 15/06/2005 06:16 6.38 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\SCRAUTH.DAT 20/12/2005 09:00 94.80 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\SYMAVENG.CAT 12/10/2005 08:00 14 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\SYMAVENG.INF 14/12/2005 09:00 901 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TCDEFS.DAT 02/02/2006 09:00 40.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TCSCAN7.DAT 02/02/2006 09:00 886.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TCSCAN8.DAT 02/02/2006 09:00 247.60 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TCSCAN9.DAT 02/02/2006 09:00 488.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TECHNOTE.TXT 15/06/2005 06:16 875 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TINF.DAT 02/02/2006 09:00 453 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TINFIDX.DAT 15/06/2005 06:16 148 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TINFL.DAT 02/02/2006 09:00 1.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TSCAN1.DAT 02/02/2006 09:00 46.56 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\TSCAN1HD.DAT 15/06/2005 06:16 1.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\V.GRD 02/02/2006 15:34 5.39 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\V.SIG 02/02/2006 15:34 2.19 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN.INF 11/01/2006 09:00 103.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN1.DAT 02/02/2006 09:00 920.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN2.DAT 02/02/2006 09:00 547.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN3.DAT 02/02/2006 09:00 141.95 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN4.DAT 02/02/2006 09:00 312.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN5.DAT 02/02/2006 09:00 1.93 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN6.DAT 02/02/2006 09:00 377.78 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN7.DAT 02/02/2006 09:00 2.96 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN8.DAT 02/02/2006 09:00 1.41 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCAN9.DAT 02/02/2006 09:00 2.90 MB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\VIRSCANT.DAT 02/02/2006 15:35 32 bytes Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\WHATSNEW.TXT 02/02/2006 09:00 27.77 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060202.023\ZDONE.DAT 15/06/2005 06:16 224 bytes Visible in Windows API, but not in MFT or directory index.

:bigthumb: :bigthumb: :bigthumb:

 

[LonnyRJones]

Having thought that spy axe was dead and buried it has once again risen from the depths of my p.c but this time with avengence. It now appears to posess the power to disable my norton anti-virus.

Is the only symtom norton problems ?
Try starting it's uninstall via addremove programs and see if it offers an option to repair, if not (while dissconnected) uninstall the program reboot then install again.

 

[Average Joe]

Well everything was fine until norton informed me that my virus scan needed updating even though I had run an update check and installed some stuff a few days before. So I downloaded the items it recommended and all of a sudden I'm getting warnings of a spy axe infection. I then run a scan with norton which found nothing, then I ran a microsoft anti spyware scan which found nothing and also ran a spybot scan which detected nothing. I then ran an ad-aware scan which found some spy axe objects so I deleted them. Next thing I know is that norton is disabling itself and the computer is running particularly slow.

Is it possible that spy axe could have attached itself to norton in some way asking for updates and downloading spyware?

 

[LonnyRJones]

Its always possible something corrupted norton, did you try the repair or re-install yet ?

 

[Average Joe]

Ther wasn't an option to repair norton and I am now coming to the conclusion that norton has become corrupt. Everytime I start certain programs a norton installer tries to start up and a message regarding the repairing of norton or unistalling the software appears.

I'm going to unistall norton and get myself a 2006 version and see if things sort themself out.


Thanks very much LonnyRJones your help is very much appreciated!!!


:bigthumb: :bigthumb: :bigthumb:

 

[tashi]

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me or Lonny a pm and provide a link to the topic.

Hope it worked out for you with Norton.