Hi to everyone,
Please don't have a go at me about this but, i am trying to solve a long standing problem that i have been having with Norton Internet Security 2002.
Below is a copy of an e-mail i have sent to Lavsoft, about this problem, and how maybe due to my stupidity. I made this happen?

Please let me know if anyone has any ideas about this?
Thanks in advance.

-------------------------------------------------------------------------------------------

Dear Sir/Madam,

I am wondering if you can help me please with a small problem I have been having regarding Norton Internet Security 2002, SpywareBlaster and Ad-Aware 6.0? Because when I ran Ad-Aware 6.0, it may have cleared up the problem I have been having with Norton.
But, I would like to ask for your advice on this matter please.

The problem I have been having is that for some months, I have been having some extra files getting added to the main Norton folder. And I can't work out how it is being done. I was running Ad-Aware 6.0 alongside of SpywareBlaster, to make sure that no spyware got into my computer, but somehow these files were still being made inside the Norton folder. I have attached a copy of one of them, along with the log file from Ad-Aware 6.0.
For it wasn't until today, that I decided to delete SpywareBlaster, and then run Ad-Aware 6.0 on it's own for a full scan of my computer.
It was after it had finished that it said that it had found something called a Data Miner?

This is why I have attached the logfile for you inspect please, because while I had SpywareBlaster on my system. This was never picked up by Ad-Aware. And I am wondering if the combination of these two programs running together, maybe disabled one another, and then allowed this Data Miner to do it's work. And allow information out of my computer, by making these files in the Norton folder?
Also bypassing my Norton firewall as well?

I have been in touch with a Norton adviser on this matter, and the impression I get is that they are maybe as stumped as I am about this matter.
In the latest e-mail that I received from them, they advised me to scan all files with NAV, the single folders with NAV, but still it came back with these 'added' files as ok, no viruses found. And if this didn't work un-install/re-install Norton Internet Security.

I have attached below my reply back to the Norton adviser from everything I have tried today.
And it was only that I didn't want to un-install Norton completely and then re-install it again, and go through about 3 hours of updates that I decided to try the spyware approach.
Maybe this will teach me not to mix software.

I thank you in advance for any help that you can offer to me in this matter.

Yours.

Gary Gailey

My computer is an Athlon XP2000+ chipset,
ASUS A7N266-C motherboard,
with a dual boot system of the main operating system of XP Home (SR1 installed),
and Windows 98SE (both with all of the latest updates installed)

-------------------------------------------------------------------------------------------

To Shubhadeepta Panda,

Thank you for the e-mail and the instructions on checking the files that I found in my main Norton Internet 2002 folder.
I have followed the instructions as follows, and the results are:

1. I ran LiveUpdate for both NIS and NAV until received the message that you said about no more updates.

2. I then ran a full system scan of my computer (all files, all folders and all drives)

3. I then ran a separate scan of both the main NIS folder, and the folder that I transferred all of the bogus files into.

The results that I got back after this was, that the full scan showed no viruses present on my computer. In any files, folders on any of my drives.
The results that I got back after doing the individual scans of the folders, also showed nothing was present. Even when I selected each of the bogus files in turn and I had each of them scanned with Norton Anti-Virus.

One thing that has me concerned is if you look at the screenshot I have sent to you of the 'Single bogus file scan'.
On the scan result screen it shows the following:

One bogus file Scanned - Files 1, Master Boot Record 2, Boot Record 8

Compared to the result that I got when I scanned the whole Norton folder on my C:\ drive.

Norton Folder Scanned - Files 77, Master Boot Record 2, Boot Record 8

I think that this bogus file has something to do with Norton itself, because of the results above with the Master Boot Record and the Master Boot.
Which also makes me think this as Norton Anti-Virus has found nothing wrong with the files, because it thinks that they are part of the program itself.
Also I think this because of the first few lines of the bogus file named 70_GsWUbiBhGcutqu8GWFG3aWZ9WH1rU.!!!.
Which I have copied into this e-mail below:

ÿÿÿÿÿÿÿÿ— ÿÿÿÿÿÿÿÿÿÿÿÿ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ–’ T  –ÁÞj¦ Ã
Administrator  
User-Agent: LiveUpdate Engine COM Module http://customer.symantec.com/mysite.txt ’ ® p  ¶1o¦ Ã
Administrator  
User-Agent: Symantec LiveUpdate http://liveupdate.symantecliveupdate.com/liveupdate_1.80_english_livetri.zip ® – X  ª‚o¦ Ã
Administrator  
User-Agent: Symantec

Also to make sure that there is no viruses involved in these files, I scanned the Bogus files and the folder with my AVG Anti-Virus program.
It found nothing in any of the files, but what also I have noticed is the following:

Norton Bogus file folder scan showed 28 files scanned in total.

AVG Bogus file folder scan showed 38 files scanned in total.

This really has me confused and worried, because of the difference in the amount of files in the scan total?

So I think that deleting the temp files on my C:\ drive will do no good in this matter.
Also deleting and re-installing the whole of Norton Internet Security and the Norton Anti-Virus, may have no effect either. Especially, if Norton itself is making these files up itself, and they are being stored in the actual C:\Windows\Program Files\Norton Internet Security folder.

I will wait for your reply to this e-mail, before I un-install NIS 2001/2002 and NAV 2001/2002.

I have tried to send a copy of some of the bogus files to the Symantec Security Response department, including the file named above for their inspection. But, after following the instructions in the link to the Scan and Deliver instructions, I tried to sent a copy of the files.
But I got the following screen information come up and I cannot send them for analysis:

"The file does not seem to be infected" (this came up after I selected the files, and pressed Next).

"None of the files you selected in this session qualified for submission to SARC" (this information came up on the next screen, from the screen above,
and I could only Finish or go Back on the Scan and Deliver program).

Can you please tell me if I need to submit these files please, as I have at the moment 22 files (total size zipped for the files 2,994KB)
The files I have in the NAV Quarantine folder is 6 files (zipped total size is 744KB)

Well first, let me just emphasize that SpywareBlaster and Ad-Aware 6.0 do not and cannot conflict in any way, and using both won't cause problems with one blocking or the other detecting. It sounds like something got detected that was just added to the Ad-Aware database. (I highly recommend using both programs.)

Perhaps someone familiar with Norton Internet Security would like to take a go at the rest of this? (I know there are at least a few people here who are familiar with NIS ;))

Best regards,

-Javacool

Hi Johkaz,

I'm sorry about what I'm going to say now, but it has to be said. NIS is a very bad firewall actually. The inside-ouside protection of it is terrible. I was using this firewall myself for quite a while. There's nothing worse than having the feeling of being safe even though you aren't at all. If I were you I would consider of changing the firewall software. There are good firewalls you can test like Look'n'Stop, ZoneAlarm or Sygate.

Concerning to your tricky problem, I suggest that you also try out Spybot once. It's a very nice spyware tool as well. ;)

Best regards,

Patrice

Hi,

I did not mean offence when i said about the combination of programs.
But, it is just that as i said above a problem that has been bugging me for months. And while i was using SpywareBlaster, Ad-Aware found nothing on my computer, but when i deleted it.

Then Ad-Aware then found this Data Miner thing, but i am sure it was because SpyWareBlaster was stopping it being seen by Ad-Aware.
Because it blocked it in the Registry, if i understand it right?

But, it is still annoying me that the files keep appearing in NIS, and i keep removing them. But still they come from somewhere, i have read about other people having the same problems as me with Norton.
Also it annoys me as to what they are?

Any ideas?

No offence taken. :)

But I should make another minor point: SpywareBlaster would not prevent Ad-Aware from seeing or detecting spyware, even if SpywareBlaster disabled it.

Most likely it was just a coincidence - either that Data Miner was installed right after you removed SpywareBlaster (which is possible) or Ad-Aware's latest update finally detected it.

Best regards,

-Javacool

Hi,

Thank you for being so understanding about all of this.
I followed the advice of Patrice and installed SpyBot, and this surprised me with the results of:

An Alexa related link
Codename Alwin (keylogger i believe)
5 x DSO Exploits (even though i have all of the latest Windows Updates)
5 x Windows Media Player: Client ID

And on top of all that (crossed fingers) no extra files have been added to the Norton folder.