Norton Internet Security 2002

Discussion in 'other firewalls' started by astroc, May 17, 2004.

Thread Status:
Not open for further replies.
  1. astroc

    astroc Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    5
    I am running W2k sp4, IE 6.0...Also running Norton Internet Security 2002. My system ran nice and smooth until I use Live Update to download the latest Norton Internet Security Program update and install it....then my system is now running like molasses. I also now have an Error code on my System Event ID 7009...and it says " Timeout (30000 milliseconds) waiting for Norton Internet Security Service to connect." I have since disabled my Norton Internet Security and my system is running fine again when connected to the internet. Any suggestions anyone? Appreciate any inputs. Thanks, astroc

    Here is my Hyjack Log just in case something snuck in there... Thanks again


    Logfile of HijackThis v1.97.7
    Scan saved at 11:36:32 PM, on 5/16/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Norton Internet Security\SymProxySvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Norton Internet Security\NISSERV.EXE
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton Internet Security\IAMAPP.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Bill Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: CTCBridge UTS - https://gw-r6.airline.compuserve.co...lassi/jutsi.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} - http://pcpitstop.com/pcpitstop/diskhealth.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptem...iveSecurity.cab
    O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} - http://getdway.com/dwayready/dpcsysinfo.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - http://pcpitstop.com/mhLbl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7577.8495138889
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2D3C34-4BB0-4159-9BE6-F61118955CEC}: NameServer = 205.171.3.65 205.171.2.65
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi astroc,

    You should get this one fixed:
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptem...iveSecurity.cab

    I will move this thread to the other firewalls forum, since I think we can not resolve this here.

    Regards,

    Pieter
     
  3. FanJ

    FanJ Guest

  4. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Oops, sorry, just picked up on your similar post at Computer Cops! :)
    No need to repeat all that here. FanJ has pointed you to the threads at BBR/DSLR that contain everything we know about this at the moment.

    Hoping for a fix from Symantec . . . . :cool:
     
  5. FanJ

    FanJ Guest

    Hi,

    As has been written in that second DSLR thread, the error messages are looking more or less similar as the ones you might get when you're using a big block-list.
    Eric Howes describes those error messages in his Readme file for AGNIS:
    http://www.staff.uiuc.edu/~ehowes/res/agnis.txt

    It is not completely sure however whether it is the same situation.
     
    Last edited by a moderator: May 17, 2004
  6. astroc

    astroc Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    5
    Hello Everyone, just went back to the Symantec Site via Live Update and downloaded the latest NIS Security as well as the Redirector...after reboot...everything was back to normal....guess Symantec did come back from their weekend retreat and got on the ball right away. I am running NIS 2002 4.0....all ahead full speed at this point...Thanks everyone for your inputs. Regards, Astroc :) :D
     
  7. astroc

    astroc Registered Member

    Joined:
    Mar 30, 2004
    Posts:
    5
    Sorry for the moment of excitment....it did work for awhile and then it acted the same after reboot....I was being an optimist and hoping that Symantec would get on the ball on this issue. So I am back to running my system by disabling NIS totally and it is working just fine that way until there is a good permanent fix for it... :mad: regards, astroc
     
  8. tanviry

    tanviry Registered Member

    Joined:
    May 18, 2004
    Posts:
    1
    I am having the same probelm as uand it seems that you have sorted yours out.

    I am still having problems. Can you post exactly what you did and what web site you visited and how your problem got fixed.

    I really apperacite any help you give me please.
     
  9. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    It appears that Symantec may now have fixed this problem. See http://www.dslreports.com/forum/remark,10312609~mode=flat , which apparently came out late on Friday evening.

    Have any of the NIS/NPF 2002 users that experienced the problem after the 12 May LiveUpdate applied this patch; does it solve the problem?

    Next question: Does this fix, primarily for NIS/NPF 2002 users, still provide a solution to the eEYE vulnerabilities that started all this? (Anyone checked using eEYE's Retina scanner?)

    And finally, by way of feedback, just what files are changed by this update?
     
  10. Charlesvar

    Charlesvar Guest

    I'm a NAV2002 user only - the May 12 Redirector update gave me a "burp" and the new startup - Symantec NetDriver Monitor - which I disabled from the get-go. I did keep track of what new executes were added to my system here http://www.windowsbbs.com/showthread.php?t=30524 if its of any help to anyone. Otherwise I've been following this issue via the threads you've been part of at the Computer Cops Symantec forum.

    For the time being, I'm holding off on the latest Redirector Symantec update.

    Regards - Charles
     
  11. essenbee

    essenbee Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    I had serious issues with net connectivity after downloading the May 12th Live Update. I only had connectivity about 10% of the time. Now, after the most recent update to Redirector, my net connectivity is incredibly s l o w :mad: .

    Does anybody know if a new fox is due from Symantec? If not, is there a way to diable just the redirector program?

    Thanks
     
  12. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    It is beginning to look like there may well be two, distinct problems affecting NIS/NPF users since the 12 May LiveUpdates. :eek:

    AplusWebMaster, in his thread regarding Akamai just pointed out this little tidbit over at SANS (see http://isc.sans.org/diary.php?date=2004-05-26 )

     
  13. SamVimes

    SamVimes Registered Member

    Joined:
    May 27, 2004
    Posts:
    4
    I'm running NIS 2002 on a Windows 2000 box - all patches applied.
    I updated using LiveUpdate some days ago and since then the firewall
    rules are getting updated around four times a second and are bringing the machine to a halt ....

    Then tried LiveUpdate, both manual and Interactive, and there are no updates available. Ran the Virus checker and there are no infections ...

    I've emailed Symantec twice - with no reply. I asked them why I
    am bothering paying them a subscription for such horrendous service .....

    Can anyone suggest what to next - this is making this box unusable.

    Ahhh - symantec are now saying that it is a known(but not understood) error... Well that helps...

    Andrew
     
  14. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Andrew,

    Can we have a URL or quotation on just what Symantec is now saying? It would be most appreciated. I've seen absolutely no feedback whatsoever.
     
  15. SamVimes

    SamVimes Registered Member

    Joined:
    May 27, 2004
    Posts:
    4
  16. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
  17. SamVimes

    SamVimes Registered Member

    Joined:
    May 27, 2004
    Posts:
    4
    just to make my cup runneth over I know get this from LiveUpdate...
     

    Attached Files:

  18. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Sam,

    Now tell me you didn't just fabricate that screen! :D Well, it had to happen to someone at some point, I suspect.

    What I find extremely odd, however, is the specific updates it crashed on! I've never heard of anyone having problems downloading those (specific) updates.

    What version of LU (LUCOMServer.exe) do you find yourself running? I've seen different people showing everything from 1.6.x to 2.0.x .
     
  19. SamVimes

    SamVimes Registered Member

    Joined:
    May 27, 2004
    Posts:
    4
    I'm trying to check but the box is being a "little" uncooperative :(
     
  20. charlesvar

    charlesvar Guest

    A coda to this issue:

    I originally posted here - post #10 - about a new startup generated by the Redirector update of May 12 - SNDMon.exe (Symantec NetDriver Monitor).

    I stumbled on to what Norton was up to with this. This adds auto scheduling to LiveUpdate - adds this entry to Task Schedular:

    check for updates "starting at 12.05 AM for 24 hours every day, starting 05/14/2004"

    There is a number two which is start looking at log in.

    The TS entries are disabled because I don't allow SNDMon.exe to run.

    My AV version is 2002. While I'm not certain, I think this was added to 2000, 2001, and 2003.

    The help file entry on frequency for LU:

    From the LU help file: [/QUOTE]
    Note: (ISDN users only) By default, automatic LiveUpdate checks for updates to Norton AntiVirus every four hours, when your computer is connected to the Internet. If you have an ISDN (Integrated Services Digital Network) router that is set to "Automatically Connect," you could be incurring connection and phone charges every time automatic LiveUpdate runs. If this is a concern, you can disable automatic connection on your ISDN router, or disable automatic LiveUpdate.

    Copyright© 2000-2002 Symantec Corporation. All rights reserved.[/QUOTE]

    Regards - Charles
     
  21. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Charles,

    Good to see you back! :) I see you've found the thread (and presumably the fix for NIS/NPF 2002 users on both Win NT/2K/XP and Win 9x/ME buried therein) from browsing the other thread, so I won't bother to reference it again.

    But, what you say below is very interesting, nevertheless:

    Now, I'm running NIS 2002 FE on Win 98 SE at the moment, and I don't have that entry in Task Scheduler (but I do have SndMON.exe running, just for the heck of it).

    So, here's what I'm wondering: Could it be related to the version of LiveUpdate in use? (Or possibly to LiveReg?) I have not updated LiveUpdate and my version of LUCOMServer.exe is still 1.6x. (Indeed I wasn't offered an update to LiveUpdate itself.) There's also a LU 1.8x out there and a LU 2.x was released in Jan 2004, as I recall. So, which are you running?

    I'm wondering (again in the NIS/NPF 2002 context) if maybe I'm running an unexpected version of LU and if this is what's causing the roll-back that's giving us so much grief on the re-boot?

    The other possibility involves the LiveReg updates, which I did not install (at all), whereas I notice that you apparently did.

    Any thoughts?
     
  22. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello Joseph,

    As per your request:

    My version of LU: v2.0.39.0
    Date modified: Jan 02,2004

    Want to reiterate that I'm running NAV2002 only, so the NIS issue I think is probably seperate.

    On another forum, there was a post from a NAV2000 user - also sans NIS -asking what/why of SNDMon.exe, which is why I'm making the assumption about pre NAV2004 users getting this LU scheduling option. I'm thinking of asking via a thread for general confirmation of this on that forum.

    Regards - Charles
     
  23. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    That's what I expected to see! :)
    Yes, the NIS/NPF 2002 problem is an entirely different issue as far as I can tell. Randy Bell also has NAV 2002 (alone) on a machine and had no problems, but I believe he already had LU 2.x installed. Auto LiveUpdate is actually listed on the options menu in LU 2.x, IIRC. In the old version I have, one would have to do it manually.
    Yes, Charles, please follow up on that. I hadn't run across that situation to date.

    Interestingly, I was still running NIS 2001 (3.x) FE on this Win 98 SE box when I installed LU 2.x. It immediately blew out the NAV component and I could not get it re-installed. (I've got a long and very heated dialog about that over at BBR/DSLR.)
     
  24. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello Joseph,

    I've asked others running pre NAV2004 Symantec AV's to confirm whether the May 12th update gave them the scheduling option:

    So that you can monitor the responses if you wish: http://www.windowsbbs.com/showthread.php?t=31813

    Also feel free to make suggestions or add additional questions.

    Regards - Charles
     
  25. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Keep an eye peeled for sndupdater.exe in the near future from Liveupdate.
     
Loading...
Thread Status:
Not open for further replies.