Jump to content
Sign in to follow this  
hcmpls

Potential Rootkit?

Recommended Posts

I need help... I dont know a lot about these things but after browsing this forums for potential issues I think I have a rootkit. Here's what's happening. There are a few websites that just dont load. For example, www.linkedin.com. When I try to access this website I get "internet explorer cannot display this page". Another webpage that gets the same message is www.allrecipes.com. A local radio station, www.kqrs.com, redirects to www.comcast.com and has "www.kqrs.com" in the search bar with the results for that search. Does this soung like a rootkit? How do I take care of it? I've downloaded the trial version of SAS so far (I have Norton 360 and Malwarebytes and neither found anything). Sorry for any ignorance on my part... Thanks for your guys help in advance.

Share this post


Link to post
Share on other sites

Another piece of information, when I open a new IE and start browsing, in the norton safe browsing search box on the top task bar it says "enter location". I assume this has something to do with my problem as well and might help with diagnosing the problem...

Share this post


Link to post
Share on other sites

I need help... I dont know a lot about these things but after browsing this forums for potential issues I think I have a rootkit. Here's what's happening. There are a few websites that just dont load. For example, www.linkedin.com. When I try to access this website I get "internet explorer cannot display this page". Another webpage that gets the same message is www.allrecipes.com. A local radio station, www.kqrs.com, redirects to www.comcast.com and has "www.kqrs.com" in the search bar with the results for that search. Does this soung like a rootkit? How do I take care of it? I've downloaded the trial version of SAS so far (I have Norton 360 and Malwarebytes and neither found anything). Sorry for any ignorance on my part... Thanks for your guys help in advance.

What, if any, other signs of infection do you have? Have you tried surfing with Firefox (as a test)?

Share this post


Link to post
Share on other sites

What, if any, other signs of infection do you have? Have you tried surfing with Firefox (as a test)?

Yes, I've tried Firefox with the same issues I experience on IE. Browsing seems slower for the most part on some other websites but not all. Some websites dont load completely or do so very slowly. For example, on facebook, certain icons dont load and have a graphic in their place. This seems sporadic though. A local newspapper website takes about 2 minutes to fully load, whereas in the past its loaded as soon as I hit enter. Even though the stories load completely, it seems that some of the ads on the page dont load as theres a message in the place of the ads that says "page could not load" similar to www.linkedin.com or even www.aol.com. There may be other symptoms I am just not seeing. Anything in particular I should be looking for?

Share this post


Link to post
Share on other sites

There is no reputable computer tech that would work on a computer that runs Norton. A quote in the industry is, "I'd rather have a virus than use Norton".

IMO, rid yourself from Norton using the following tool, then go with ESET NOD32.

http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

I've had Norton on my computer for about a year and a half, which is how old my computer is. I've never had any issues whatsoever. So I would then believe it was doing its job. Are you implying Norton is the issue? If so, why, and could you also explain what ESET NOD32 will do better? Thanks for your input

Share this post


Link to post
Share on other sites

I've had Norton on my computer for about a year and a half, which is how old my computer is. I've never had any issues whatsoever. So I would then believe it was doing its job. Are you implying Norton is the issue? If so, why, and could you also explain what ESET NOD32 will do better? Thanks for your input

Norton is a P I G- hog hog hog

Every computer i ever worked on Norton slowed the computer down to a crawl. Remove Norton and computer is a warm humming puppy :)

robin

Share this post


Link to post
Share on other sites

Norton is a P I G- hog hog hog

Every computer i ever worked on Norton slowed the computer down to a crawl. Remove Norton and computer is a warm humming puppy :)

robin

So you're the second person to recommend getting rid of Norton however I am looking to see if anyone is familiar with the issue I have. Is it a rootkit? Is it something else? Any ideas on how to fix it? I have had Norton for a year and a half. I have had my computer for a year and a half. I have had no problems until this week so I am pretty sure its not Norton causing the problem...

Share this post


Link to post
Share on other sites

- Are you running the latest version of Norton 360? And if not, you should upgrade to the latest version. Normally if your subscription to Norton is current, you can upgrade free of charge. You should also check the Norton Community Forum to see if other users are having similar issues.

http://community.norton.com/t5/Norton-360/bd-p/Norton_360

The latest version of Norton 360 is defined on the link below:

http://community.norton.com/t5/Norton-360/NEW-UPDATE-Norton-360-4-3-0-5-Updated-September-21st-2010/td-p/296840

- Do these links work if you temporarily turn off the Norton firewall?

- Reset the settings of IE8 back to the default settings and see if that clears up the issue. To do this, close down IE8, go to Control Panel>Internet Options>Advanced tab. Then under "Reset Internet Explorer settings", click on Reset, and confirm that you want to reset. Close the Internet Options window, the Control Panel window, and try IE8 to see if it responds better.

- Do these links work if you temporarily turn off Safe Web Search?

I doubt seriously if you have a rootkit. This sounds more like a setting corruption or your system needs some general cleanup. If SAS, Malwarebytes, and Norton 360 are showing no infections when you do full scans with each of them, I doubt that you are infected. Of course, this is assuming that you have updated each of these security programs to the latest detection rulesets/defintions.

- Go to the link below and download/install the SLIM version of CCleaner. Leave the settings in CCleaner at the default level. Run the Cleaner component and let it clean out all the temporary and junk files. DO NOT run the Registry component of CCleaner.

http://www.piriform.com/ccleaner/builds

ALSO, in your next post, please state which Windows operating system (with Service Pack number) you are running and whether it is 32-bit or 64-bit. You can find this information by going to Control Panel>System.

Share this post


Link to post
Share on other sites

Norton is a P I G- hog hog hog

Every computer i ever worked on Norton slowed the computer down to a crawl. Remove Norton and computer is a warm humming puppy :)

robin

Robin

Your response seems to be in contradiction to to every independent report I have read on the subject, AV comparatives for instance rates NIS as one of the 'lightest' suites available as does PC Pro amongst other leading magazines in the UK, along with feed back on the Amazon site.

No personal experience of the product or axe to grind just trying to restore some balance.

Share this post


Link to post
Share on other sites

It's unlikely that your system is infected.

It's most probable that IE is corrupt, or Norton is blocking those sites. Have you tried the reset as siliconman suggested? If so and the problem persists, see if you can open those sites via Safe Mode With Networking.

RE Norton:

Magazine and Internet site reviews are basically useless. Think about where such gets their revenue.

I've been repairing computers for almost 15 years, and can write a book about all the problems that Symantec software has caused.

Share this post


Link to post
Share on other sites

- Are you running the latest version of Norton 360? And if not, you should upgrade to the latest version. Normally if your subscription to Norton is current, you can upgrade free of charge. You should also check the Norton Community Forum to see if other users are having similar issues.

http://community.norton.com/t5/Norton-360/bd-p/Norton_360

The latest version of Norton 360 is defined on the link below:

http://community.norton.com/t5/Norton-360/NEW-UPDATE-Norton-360-4-3-0-5-Updated-September-21st-2010/td-p/296840

- Do these links work if you temporarily turn off the Norton firewall?

- Reset the settings of IE8 back to the default settings and see if that clears up the issue. To do this, close down IE8, go to Control Panel>Internet Options>Advanced tab. Then under "Reset Internet Explorer settings", click on Reset, and confirm that you want to reset. Close the Internet Options window, the Control Panel window, and try IE8 to see if it responds better.

- Do these links work if you temporarily turn off Safe Web Search?

I doubt seriously if you have a rootkit. This sounds more like a setting corruption or your system needs some general cleanup. If SAS, Malwarebytes, and Norton 360 are showing no infections when you do full scans with each of them, I doubt that you are infected. Of course, this is assuming that you have updated each of these security programs to the latest detection rulesets/defintions.

- Go to the link below and download/install the SLIM version of CCleaner. Leave the settings in CCleaner at the default level. Run the Cleaner component and let it clean out all the temporary and junk files. DO NOT run the Registry component of CCleaner.

http://www.piriform.com/ccleaner/builds

ALSO, in your next post, please state which Windows operating system (with Service Pack number) you are running and whether it is 32-bit or 64-bit. You can find this information by going to Control Panel>System.

I am running the latest version of Norton 360 and do regular updates (multiple times/week). I have a 2 year subscription and have 197 days remaining on that subscription. Thanks for listing the link to the Norton forum. I’ll do a search there as well.

I tried turning off the Norton firewall and anti-virus auto protect to see if I could access the websites, but with no luck.

I actually found an article that talked about re-setting the IE settings back to default so I had done that, again without any change in the problem.

One thing I did do that allowed me to access the problem websites (which I am hoping did not, or will not cause any issues) is use website www.the-cloak.com. Posts I found made it seem that this was a legitimate website. I hope it is. Doesn’t a website like the-cloack.com simply mask an IP address? Does this help narrow what the problem could be?

Will the CCleaner accomplish something Norton 360, SAS and Malwarebytes will not? Just curious before I install the program.

Also, I am using Vista Home Premium, service pack 2.

Share this post


Link to post
Share on other sites
Will the CCleaner accomplish something Norton 360, SAS and Malwarebytes will not? Just curious before I install the program.

CCleaner is not a security program that scans and cleans out malicious malware. It is a program that removes all the unneeded junk/temporary files such as Temporary Internet Files and files in TEMP folders...all of which slow down your system as these build up. It also cleans out cookies...including Flash Cookies. It not only cleans up Windows junk but also various third party applications junk and caches. Below is the link to the user forum for CCleaner.

http://forum.piriform.com/

And the home page

http://www.piriform.com/

One thing I did do that allowed me to access the problem websites (which I am hoping did not, or will not cause any issues) is use website www.the-cloak.com. Posts I found made it seem that this was a legitimate website. I hope it is. Doesn’t a website like the-cloack.com simply mask an IP address? Does this help narrow what the problem could be?

the-cloak.com does appear to be a legit website. The fact that it works to access the problem website does sound to be indicative of needing to flush DNS on your system or to rebuild your Winsock file. It could also be indicative of your ISP have problems with its DNS servers...which would warrant a phone call to your ISP to see if they are having problems. Is your Vista SP2 32-bit or 64-bit ?

http://www.tech-faq.com/how-to-flush-dns.html

http://www.mydigitallife.info/2007/06/18/repair-and-reset-windows-vista-tcpip-winsock-catalog-corruption/

Share this post


Link to post
Share on other sites

In addition to the above post,

1. Make sure that your Java is up-to-date which is Version 6 Update 22

http://www.java.com/en/download/manual.jsp

And be sure that all older versions of Java have been removed from your system. Look in Control Panel>Programs and Features and uninstall versions older than Update 22.

2. Also examine your HOSTS file and ensure that it is okay.

http://support.microsoft.com/kb/972034

Share this post


Link to post
Share on other sites

Might want to confirm that an IE reset was done (not "restore advanced settings").

The proxies should be checked as well as a test from Safe Mode With Networking.

With that being said, the OP is running Norton 360...that computer will never run right.

Share this post


Link to post
Share on other sites

Do you have a router connected? I, and others have been hit with router hijack - computer behaviour for me was some websites loading normally, others loading pathetically slowly or not at all, websites such as microsoft, facebook for example would not load at all.

This was fixed in my case (with help from a competitor's forum) by:

- changing the admin password on the router

- disconnecting all computers from the router

- resetting the router

- then on each computer normally connected to the router, reset TCP/IP, reboot then flush the DNS, reboot, reconnect router.

Then do a full scan with your AV and SAS to see if anything residual.

Share this post


Link to post
Share on other sites

There is no reputable computer tech that would work on a computer that runs Norton. A quote in the industry is, "I'd rather have a virus than use Norton".

IMO, rid yourself from Norton using the following tool, then go with ESET NOD32.

http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

You can say that again. As a tech. I remove that bloated jumk off of computers I service ASAP. Go with ESET (as he mentioned) or Microsoft Security Essentials.

But please rid yourself of Norton .. Forever... Install Malwarebytes anti-malware too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×