I have been getting random virus warnings from Norton, and am having trouble sorting it out. Here is my log :



Thanks!
Brandon

Hi Brandon,

Welcome to PCHF. We have a very expert team of techs on this site, and I am sure that we will be able to get your PC cleaned up.

In future, please make sure to post all logs as attachments, infected HJT logs can be a danger to others. I have already converted yours for you.

However, I need you to carefully follow the instructions in PreWork from my signature. It appears that you have an older version of HJT (HijackThis) and doing the prework will actually take care of some of your infection. Please make sure to save the ewido log, and unzip the new version of HijackThis into its own folder.

Then we will be able to further troubleshoot your issues.

Looking forward to your reply,

TTFN

LGW

Thanks for the help. I've done all as you said, and am attaching my new log.. Thanks for any help you can give me, this is driving me nuts. My main problem is internet explorer won't load pages, just hangs. Outlook does the same thing. I can reboot and its good for a few pages, then it does it again.

Thanks
Brandon

Hya Brandon.

Looks pretty good , but i would disable the windows messenger service;


Then boot in safemode again and fix this entry with hijackthis:

Reboot , see if you are still redirected , and post a new hjt log please.

Hey Guys,

@Joe, haven't seen this as a service before, O23 - Service: winupd - Unknown owner - C:\WINDOWS\winupd.exe, is it legit? Only coming up with slightly different names under services.

@Brandon, other than the item I am asking Joe about, your log looks clean. However, if you ran Shoot the Messenger, it didn't take.

I would however, highly recommend that you upgrad to SP2, it really is the best way to keep up on all of the security patches.

Also, I didn't see a firewall listed, you really must use a firewall if you want to protect yourself. In the article PCHF Protect Your PC, in my signature, you will find a section on free firewalls. They are all good, just depends on personal taste.

After you upgrade, try running Shoot the Messenger again, and see if we can't get that thing shut off. It leaves you vulnerable to Popup attacks.

Once Joe gives us an answer on the 023 entry, you should be clean.

Let us know if any of the symptoms are persisting.

Look forward to your reply,

TTFN

LGW

Yup , thats a bad one for sure , and that also shows the importence of updating windows and installing a firewall because this is a new infection again. It wasn't present in youre previous logs.


Click Start>Run and type in: services.msc
Click OK
In the Services window find: winupd
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Open HJT and click config > misc tools > “delete an NT service”
Copy and past: winupd
Click OK.


After that i would install a firewall , we have free ones in our download section , and then its time to update windows.

When done , post a new hjt log to check please.
(out of regular mode , not safemode)