RUN THE REMOVAL TOOL, AS WELL!!!
okernytskyy wrote:
> No, I used Uninstall option of NAV2003 and completely removed NAV2003.
>
> "PA Bear [MS MVP]" wrote:
>
>> Did you also run the removal tool?
>>
>> Norton Removal Tool
>> http://service1.symantec.com/SUPPORT...05033108162039
>> --
>> ~PA Bear
>>
>> okernytskyy wrote:
>>> My AV subscription is current. I uninstalled NAV and installed AVG with
>>> all
>>> current updates. So, I do not have 2 AV softwares at the same time. I am
>>> tourlbelshooting problem with Microsoft and I am in the middle of
>>> process.
>>>
>>> "okernytskyy" wrote:
>>>
>>>> I worked with Symantec and found that C:\WINNT\SYSTEM32 i was infected
>>>> with
>>>> Downloader and C:\WINNT\SYSTEM32\svc.exe was infeced with
>>>> W32.SpyBOt.Worm.
>>>> I runned AVG antivirus software and found few more threat
>>>>> IRC/BAckDoor.Sd.Bot3 trojan, Win32/Crypt.exe virus, SHeur.AMXK trojan.
>>>>> I
>>>> was able to clean all this, but still had Programm Error lsass.exe.
>>>> I worke dwith Microsoft and applied suggestion to clean temporary
>>>> folder
>>>> for Window Update from possibly corrupted files. This helped and I was
>>>> able t odownload Windows Update Servie Pack 4. I am still working with
>>>> Microsoft and will update later about situation.
>>>>
>>>> "PA Bear [MS MVP]" wrote:
>>>>
>>>>> Again, if you can't do any of the steps I've posted in Safe Mode with
>>>>> Networking and there are no reputable shops nearby, you MUST format &
>>>>> reinstall. The machine should NOT be connected to the internet or any
>>>>> networks, and you should consider your personal data to be
>>>>> compromised.
>>>>> --
>>>>> ~Robear Dyer (PA Bear)
>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>> AumHa VSOP & Admin http://aumha.net
>>>>> DTS-L http://dts-l.net/
>>>>>
>>>>> okernytskyy wrote:
>>>>>> I have NAV and dial-up built in firewall.
>>>>>> Yes, it is very serious. Basicly, I am unabel to download Windows
>>>>>> Updates
>>>>>> and Norton Antivirus Updates. Also, I have C:\tohel.exe, running
>>>>>> sometime
>>>>>> at
>>>>>> two different windows at the same time with different behaviour: 1.
>>>>>> Blinking
>>>>>> cursor with 1 second period, which changes position every few
>>>>>> minutes.
>>>>>> 2.
>>>>>> Jumping cursor, which change position few times per second. When I
>>>>>> open
>>>>>> this
>>>>>> file with Notepad, it is html program with different links. I am
>>>>>> unable
>>>>>> to run hijack this to post on forum. I contacted Symantec and
>>>>>> informed
>>>>>> about this issue.
>>>>>>
>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>
>>>>>>> What anti-virus application is installed on this machine?
>>>>>>>
>>>>>>> What firewall are you using?
>>>>>>>
>>>>>>> I can find exactly two (2) references anywhere to "tohel.exe"...both
>>>>>>> are
>>>>>>> found in very recent threads (i.e., 24 Jan-08; 30 Jan-08) about
>>>>>>> infected
>>>>>>> computers at www.bleepingcomputer.com/forums. This is not a good
>>>>>>> sign.
>>>>>>>
>>>>>>> You could try rebooting into Safe Mode with Networking, deleting
>>>>>>> C:\tohel.exe <=this file*, scanning with HijackThis (save the log),
>>>>>>> and
>>>>>>> posting the log in an appropriate forum (e.g.,
>>>>>>> http://aumha.net/viewforum.php?f=30). I can assure you that you'll
>>>>>>> need
>>>>>>> assistance from an experienced expert if you're even going to
>>>>>>> attempt
>>>>>>> to
>>>>>>> get this machine cleaned-up.
>>>>>>>
>>>>>>> I can almost guarantee you that a format & reinstall will be a much
>>>>>>> more
>>>>>>> expediant way of resolving these problems. A Repair Install will
>>>>>>> NOT
>>>>>>> help.
>>>>>>>
>>>>>>> Before You Connect a New Computer to the Internet
>>>>>>> (After a format & reinstall, you'll have the equivalent of a "new
>>>>>>> computer"] http://www.cert.org/tech_tips/before_you_plug_in.html
>>>>>>>
>>>>>>> Security FAQ & Checklist
>>>>>>> http://www.dslreports.com/faq/8463
>>>>>>> ====================================
>>>>>>>
>>>>>>> * No guarantees that the file or a similar file won't be recreated
>>>>>>> when
>>>>>>> you
>>>>>>> reboot. It's a certainty that TOHEL.EXE brought "friends" with it
>>>>>>> that
>>>>>>> "protect" the infected files. There's even a good chance that a
>>>>>>> large
>>>>>>> number of your installed applications are no longer functional and
>>>>>>> would
>>>>>>> need to be reinstalled /if/ you manage to get the machine
>>>>>>> cleaned-up.
>>>>>>> --
>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>> DTS-L http://dts-l.net/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> okernytskyy wrote:
>>>>>>>> Thanks - I know about this option - to reformat hard drive and to
>>>>>>>> reinstall
>>>>>>>> operational system. I already did this few times.
>>>>>>>>
>>>>>>>> Anyway, this time I received next message during installing of
>>>>>>>> Windows
>>>>>>>> SP4:
>>>>>>>>
>>>>>>>> 16 bit MS-DOS Subsystem
>>>>>>>> c:\tohel.exe
>>>>>>>> The NTVDM CPU has encountered an illegal instruction. CS:050a
>>>>>>>> IP:0283
>>>>>>>> OP:63
>>>>>>>> 6f 6c 72
>>>>>>>> Choose 'Close' to terminate the application
>>>>>>>>
>>>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>>>
>>>>>>>>> Malware Removal: When to flatten and reinstall
>>>>>>>>> http://aumha.net/viewtopic.php?t=28580
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>>
>>>>>>>>> okernytskyy wrote:
>>>>>>>>>> Thanks, but this did not help:
>>>>>>>>>> 1. Was unable to run Ad-Aware, because newer Installer was
>>>>>>>>>> necessary.
>>>>>>>>>> 2. Was unable to run hijacksthis.exe on this computer - it showed
>>>>>>>>>> license
>>>>>>>>>> agreement only and did not move further.
>>>>>>>>>> 3. Did not find any malicious software with Microsoft Windows
>>>>>>>>>> Malicious
>>>>>>>>>> Removal Tool.
>>>>>>>>>> 4. No local PC rescue shops available.
>>>>>>>>>> 5. Still was unable to perform Windows Update and had Program
>>>>>>>>>> Error
>>>>>>>>>> "lsass.exe has generated errors and will be closed by Windows. An
>>>>>>>>>> error
>>>>>>>>>> log
>>>>>>>>>> being created".
>>>>>>>>>>
>>>>>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>>>>>
>>>>>>>>>>> Unexplained computer behavior may be caused by deceptive
>>>>>>>>>>> software
>>>>>>>>>>> http://support.microsoft.com/kb/827315
>>>>>>>>>>>
>>>>>>>>>>> Run a /thorough/ check for hijackware, including posting your
>>>>>>>>>>> hijackthis
>>>>>>>>>>> log to an appropriate forum.
>>>>>>>>>>>
>>>>>>>>>>> Checking for/Help with Hijackware
>>>>>>>>>>> http://aumha.org/a/parasite.htm
>>>>>>>>>>> http://aumha.org/a/quickfix.htm
>>>>>>>>>>> http://aumha.net/viewtopic.php?t=5878
>>>>>>>>>>> http://wiki.castlecops.com/Malware_R...:_Introduction
>>>>>>>>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>>>>>>>>> http://inetexplorer.mvps.org/data/prevention.htm
>>>>>>>>>>> http://inetexplorer.mvps.org/tshoot.html
>>>>>>>>>>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>>>>>>>>> http://defendingyourmachine2.blogspot.com/
>>>>>>>>>>> http://www.elephantboycomputers.com/...moving_Malware
>>>>>>>>>>>
>>>>>>>>>>> When all else fails, HijackThis v2.0.2
>>>>>>>>>>> (http://aumha.org/downloads/hijackthis.exe) is the preferred
>>>>>>>>>>> tool
>>>>>>>>>>> to
>>>>>>>>>>> use.
>>>>>>>>>>> It will help you to both identify and remove any
>>>>>>>>>>> hijackware/spyware
>>>>>>>>>>> with
>>>>>>>>>>> assistance from an expert. **Post your log to
>>>>>>>>>>> http://forums.spybot.info/forumdisplay.php?f=22,
>>>>>>>>>>> http://castlecops.com/forum67.html,
>>>>>>>>>>> http://forums.subratam.org/index.php?showforum=7,
>>>>>>>>>>> http://aumha.net/viewforum.php?f=30, or other appropriate forums
>>>>>>>>>>> for
>>>>>>>>>>> expert
>>>>>>>>>>> analysis, not here.**
>>>>>>>>>>>
>>>>>>>>>>> If the procedures look too complex - and there is no shame in
>>>>>>>>>>> admitting
>>>>>>>>>>> this isn't your cup of tea - take the machine to a local,
>>>>>>>>>>> reputable
>>>>>>>>>>> and
>>>>>>>>>>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>>>>>>>>>> --
>>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since
>>>>>>>>>>> 2002
>>>>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>>>>
>>>>>>>>>>> okernytskyy wrote:
>>>>>>>>>>>> I have Windows 2000 Professional. When I run windows Updates
>>>>>>>>>>>> via
>>>>>>>>>>>> Dial-Up,
>>>>>>>>>>>> I
>>>>>>>>>>>> was able to Install SP4 and IE6. I had pop-up messges that
>>>>>>>>>>>> Windows
>>>>>>>>>>>> had
>>>>>>>>>>>> 55
>>>>>>>>>>>> critical system errors and I shoul go to www.regfixit.com,
>>>>>>>>>>>> www.helpfixpc.com
>>>>>>>>>>>> and some other web-site to fix thos problem. I runned WinDoctro
>>>>>>>>>>>> from Norton
>>>>>>>>>>>> Utilities 20001 and did not find any errors. Later I was ubable
>>>>>>>>>>>> to
>>>>>>>>>>>> gat
>>>>>>>>>>>> any
>>>>>>>>>>>> further updates, because message "The site cannot continue
>>>>>>>>>>>> because
>>>>>>>>>>>> one
>>>>>>>>>>>> or
>>>>>>>>>>>> more of thes Windows services is not running". I try alll
>>>>>>>>>>>> troubleshooting
>>>>>>>>>>>> tips from Windows Update newsgroup and found that both services
>>>>>>>>>>>> are
>>>>>>>>>>>> running.
>>>>>>>>>>>> I try different tips, but was unable to resove problem. As a
>>>>>>>>>>>> last
>>>>>>>>>>>> options,
>>>>>>>>>>>> I
>>>>>>>>>>>> installed fresh copy of Windows 2000 Professional and started
>>>>>>>>>>>> Windows
>>>>>>>>>>>> Update. This time I desided to skip latest updates and went to
>>>>>>>>>>>> old
>>>>>>>>>>>> Update
>>>>>>>>>>>> Web site. When I runned "Search for Updates", I received
>>>>>>>>>>>> programm
>>>>>>>>>>>> error
>>>>>>>>>>>> message "lsass.exe has generated error and will be closed by
>>>>>>>>>>>> Windows.
>>>>>>>>>>>> An
>>>>>>>>>>>> error log being created" with radio button "Cancel". Later I
>>>>>>>>>>>> received
>>>>>>>>>>>> pop-up Messenger Service "Message from FROM to TO on 2/1/2008
>>>>>>>>>>>> 9:06:59
>>>>>>>>>>>> AM
>>>>>>>>>>>> STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. Windows has found
>>>>>>>>>>>> 55
>>>>>>>>>>>> Critical
>>>>>>>>>>>> System Errors. To fix the errors please do the following:
>>>>>>>>>>>> 1. Download Registry Update from www.helpfixpc.com.
>>>>>>>>>>>> 2. Install Registry Update.
>>>>>>>>>>>> 3.Run Registry Update.
>>>>>>>>>>>> Reboot your computer.
>>>>>>>>>>>> FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE"
>>>>>>>>>>>> I was unable to stop Messenger Service by Wndows Task Manager.
>>>>>>>>>>>> When
>>>>>>>>>>>> I
>>>>>>>>>>>> closed
>>>>>>>>>>>> Messenger Service pop-up window, I had blue screen AKA death.
>>>>>>>>>>>>
>>>>>>>>>>>> Any idea or suggestions ?
>>>>>>>>>>>> Any idea or suggestions ?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "PA Bear [MS MVP]" wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> You may receive an error message that contains the
>>>>>>>>>>>>> "0x8DDD0018"
>>>>>>>>>>>>> code
>>>>>>>>>>>>> or
>>>>>>>>>>>>> the
>>>>>>>>>>>>> "0x80246008" code when you try to download updates from the
>>>>>>>>>>>>> Microsoft
>>>>>>>>>>>>> Windows Update Web site or from the Microsoft Update Web site:
>>>>>>>>>>>>> http://support.microsoft.com/kb/910337
>>>>>>>>>>>>>
>>>>>>>>>>>>> More:
>>>>>>>>>>>>> http://groups.google.com/group/micro...coring=d&hl=en
>>>>>>>>>>>>> --
>>>>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since
>>>>>>>>>>>>> 2002
>>>>>>>>>>>>> AumHa VSOP & Admin http://aumha.net
>>>>>>>>>>>>> DTS-L http://dts-l.net/
>>>>>>>>>>>>>
>>>>>>>>>>>>> okernytskyy wrote:
>>>>>>>>>>>>>> Error number: 0x80672EE2 or 0x8DDD0018.
Reply With Quote
Bookmarks