Unable to update Windows critical patches, Norton Antivirus

Discussion in 'other security issues & news' started by phduffey, Nov 4, 2003.

Thread Status:
Not open for further replies.
  1. phduffey

    phduffey Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    34
    Since I had a new hard drive, within 24 hours Norton found Welchia worm. I tried the Welchia removal tool but still had problems. Took it back to the computer store, and they said Welchia hides in
    CAB files. They said they removed Welchi and MS Blaster, ewven though I had the Blaster patch downloaded and installed. Got it back working okay and downloaded all the critical patches. After downloading 3 of the other patches, I was again unable to update Norton Antivirus or Windows update critical patches. Norton, AVG, and TDS-3 find no viruses, worms, or trojans on my computer. Frequenmtly Generic Host Services attempts to access the Internet and so does Windows Explorer.EXE, blocked repeatedly by Norton Firewall. Here is my Hijack This log:
    Logfile of HijackThis v1.97.3
    Scan saved at 4:43:13 PM, on 11/4/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Evidence Eliminator\ee.exe
    C:\Old Drive\Program Files\America Online 7.0a\aoltray.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Parsons Technology\Screen Shot\Sshot.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\Old Drive\Program Files\America Online 7.0a\waol.exe
    C:\My Download Files\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\nad9xqgu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\nad9xqgu.slt\prefs.js)
    O1 - Hosts: 203.161.127.141 www.dcsresearch.com
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 4.0\FpLaunch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\HP CD-Writer\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
    O4 - Startup: Screen Shot.lnk = C:\Program Files\Parsons Technology\Screen Shot\Sshot.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Old Drive\Program Files\America Online 7.0a\aoltray.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1067378770109
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37921.4630671296
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A14FA33-E85F-45B0-AF53-748B873E3536}: NameServer = 64.12.106.4

    Thanks for your help! Paul
     
    phduffey, Nov 4, 2003
    #1
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Hi Paul,

    While we wait for the various experts to come by an analyze your HijackThis Log, can you describe in a little more detail the nature of the current problem?

    The first problem was prompted when Norton alerted you of the Welchia worm. That one was fixed by a combination of the removal tool and help from the computer shop. But now...

    What errors do you see or how exactly does this problem show itself? Since your Norton, AVG, and TDS-3 don't find any problems, it may very well not be related to an infection, so the details might be helpful to figuring out the problem.

    Actually, depending upon your configuration, you may need to allow one or both of these the rights needed to connect outbound. Many people with WinXP do. For myself, I have to allow Generic Host Process (svchost.exe) access out to the Internet in ZAP in order to have everything work properly (network-wise) on my system. I don't have to allow Windows Explorer out, but then I've disabled many features on my XP system and tweaked a number of things. I know many people that do allow Windows Explorer out as well.

    Edit: I'll probably move this thread to a different forum section a little later as this is not actually a "privacy software" issue. Perhaps "other security issues" or "Software & Services" depending upon how you answer the question regarding the exact nature of the problem you are seeing.
     
    LowWaterMark, Nov 4, 2003
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...