Social Networking Forum·363 discussions

Norton Corp Client Disabling itself.

Locked

I had a client computer get infected with several trojans. I think this computer had been infected by another cumputer upstream in the workflow. That computer got infected from MySpace while the operator was in working on a Saturday. By Monday afternoon, I had his computer cleaned up. Now, this second computer is cleaned, I think, as I can find no more evidence of virii/trojans with trend Housecall, calm av, asquared, hijackthis, or the local Nortan Corporate client. But, the Norton clien keeps diableing the auto-protect feature. I uninstalled the client and reinstalled it, thinking that one of the trojans may have damaged the cliet, and the auto-protect stayed up for about 48 hours. When I attempt to go in and manually turn on “Enable auto-protect” there is a big (Disabled) beside the option, no matter how many times you check or uncheck the selection box. This is version 10.1.5 for the Symantec client. Any suggestions on fixing the AV and/or confiming I actually am virii free, as wiping the computer is not an option im afraid.

Topic

Clarifications

In reply to Norton Corp Client Disabling itself.

Clarifications

We had the same

In reply to Norton Corp Client Disabling itself.

thing a month ago in our office. It affected 3 machines, the culprit being one used by part-time staff that infected 2 others. I’ll be honest, we worked on them for 2 solid days. Googled like mad, 3 of us working hard; more than anything to try and find out WHAT had infected them and how to clean it/ prevent it. We also run Symantec Corporate Edition 10.1 We looked for root kits, spyware, you name it. Nada. Symantec would find stuff, say it was cleaned, and the first hint of a problem was loss of internet. Then, when the computer was logged on, it would throw up an error trying to connect to the Domain server. We wound up rebuilding all three. Thankfully, we all had our important stuff on the server.

Only

In reply to We had the same

symptom I have on it atm is that the norton client will not enable auto-protect. I guess I will keep googleing and hope to get lucky.

That was

In reply to Only

another of our symptoms; Symantec being disabled, and not being able to update the definitions. The updates would fail, we even tried updates downloaded directly from Symantec. Tried to install them/run scans in Safe Mode. No luck… hope yours goes alot smoother…:)

Well

In reply to That was

so much for clean. I installed antivir personal, rebooted, and found another trojan. I had to boot off of knoppix to delete the files from system32, it refused to release access even in safe mode. I guess Ill try another brand of scanner tomorrow, I have other stuff to get done atm. Eventually, I will make this work.

i had the same

In reply to Norton Corp Client Disabling itself.

i had also faced the problem
and i had to format my hard disk and reinstall.

virus name : “Data Administrator”

We also

In reply to i had the same

ran ‘online’ antivirus scans (such as HouseCall from Trend Micro). We tried to clean up using Linux discs, we pulled the infected hard drive out, placed it in a known good system, scanned from the clean drive… in every instance the scans turned up something, removed it, but it stil lcame back.

That seems to be

In reply to We also

where this si headed. We are going over his machine to find out what is essential, what we have, what we need to get, etc. I am preparing to do a wioe/reload, but it just chaps my ass to have to.

I hear ya…

In reply to That seems to be

we had three out of 70 in our LAN that this happened to (we had to rebuild). The most troubling part is in not knowing what it was, how to get rid of it, and how to PREVENT it! I was hoping there would have been more of a response to your question, especially a known fix/prevention.

Just thought I

In reply to I hear ya…

would update this. Okay, short story: virii gone, Norton works, no format/reloading windows. What I did: 1) Full scan with local Symantec AV Client. It found and deleted several items. 2)Safe Mode no Networking Scan with local client. 3) Trend On-Line scan, found and removed several items. 4) Antivir personal edition installed and updated. Scaned and found/removed several NEW trojans. Note: Box has been offline this whole time. Except to go to Trend Online direct.(Portable firefox on a flash drive.) 5) Rescaned with trend Online. Clean report. 6) Uninstalled and reinstalled Symantec client and ran update. Auto protect would not stay running. 7) Ran another antivir scan (uninstalled symantec first) and found several files (evil dlls in system32), had to boot off a knoppix cd to delete them from the disk. 8)Reinstalled service pack 2 to attempt to fix damage to explorer from dlls removed/deleted by trojans/virii. 9)Reinstalled Symantec client, updated, and all Golden.
I know, this process took nearly 2 days to complete because of waiting on full scans on a slow computer, as well as manaing my time, but, I was in a position of not being able to loose the information on that machine. Needless to say, I have sat down with the user and figured out what is actually important and made backups of that data, and am tracking down install copies of some old software. Next time I see this problem on any machine, I will aim for the delete and wipe from the work go.

Currently Having this same problem

In reply to Just thought I

would you say that the removal of SAV and the running of an alternate AV while it was off was what did the trick?

In reading through your description that is what it sounds like.

There were really 2 parts

In reply to Currently Having this same problem

First, the alternate AV product. Second, manual removal of infected .dlls, and third, reinstall sp2 to repair damage to XP base system.
The symantec was compromised and as such was only seeing a few pieces. Using Antivir or Avg or Avast! to clean up after removing the Symantec client was step 1. Next, scan again with a third AV client. Trend Housecall is one of my favorites, free, online, but slow. Seems to have decent detection, and heck, its free.
Second the manual clean up:
Manually removing the root .dlls in c:\Windows\system32 prevented re-infection (these were discovered on my third scan of the box, I kept a list of their names (there were three of them for the record). I had to use a live Linux cd to delete them because a) I had not made a PartPE disk (or UBCD for Win) yet, b)I do not own a Winternals disk, c) files would not delete from system even under safe mode d)I happened to have a Knoppix CD handy.
Registry tidy:
Running Ccleaner and RegscrubXP once or twice each to clean out any registry junk. I also manually checked the run, runonce entries.
Reinstall SP2:
At this point, winXP was broken from the virus and trojans replacing various random system files. I did not feel like throwing in the towel and formatting and re-installing, so I tried re-installing SP2. Worked like a charm. Re-installed Norton corp client, updated, all good.

In short: 1)Uninstall Norton. 2)Scan with several different AV products. 3) Clean registry 4) Install Sp2 for Xp (if using Xp, if on Vista, I have no clue). 5)Re-install Norton (this part made me sad, I have been lobbying for a different product for over a year now).

Maybe more info then you wanted, but I hope it helps. Feel free to pm if you want.

[Author]

Replies