Various windows programs aren't loading
May 21, 2004 4:45 PM Subscribe
Help a brother out- my MSN messenger, Outlook Express, and Norton AV are all on the fritz [more inside]
Response by poster: So, it was all of a sudden, one day, boom- it all stops working. MSNM and OE don't work at all, and NAV functions decently, but can't update common client files. I'm thinking it's some kind of virus, and have tried scanning with the online McAfee tool, but no dice. I've tried new service packs, going back to a previous backup, etc. What gives? Anyone else having this problem?
posted by moonbird at 4:50 PM on May 21, 2004
posted by moonbird at 4:50 PM on May 21, 2004
Response by poster: Also, when I try installing the IE6 service pack, it won't connect to the download server, and is telling my proxy settings may be askew. I don't use proxy.
I've scanned for and removed spyware using XoftSpy.
No poressure here, I'm just looking for ideas to try as a last ditch effort before I raise the red flag and take it into the shop (the other option is a Dell tech support call to India.... years on hold).
posted by moonbird at 4:59 PM on May 21, 2004
I've scanned for and removed spyware using XoftSpy.
No poressure here, I'm just looking for ideas to try as a last ditch effort before I raise the red flag and take it into the shop (the other option is a Dell tech support call to India.... years on hold).
posted by moonbird at 4:59 PM on May 21, 2004
I would bet that it's a sasser variant. Sasser and its associated pals can, among other things, fool around with your hosts file and interfere with norton av, which does a poor job of blocking it. I recommend downloading mcafee's free "stinger" tool if you can get to it, or for the short term, any other sasser-specific virus protection tool. One tell is to check your task manager and see if microsoft.exe is running (there's another executable ending in 2 that also runs but I can't recall its name).
posted by Sinner at 5:19 PM on May 21, 2004
posted by Sinner at 5:19 PM on May 21, 2004
This isn't exactly a direct solution, but I would highly recommend upgrading Outlook Express to Outlook, and switching NAV to AVG, which takes up far less system resources. Oh, and unless you frequently run programs from untrusted sources, you don't need to have the "resident shield" turned on (or whatever they call the scan-everything-that-loads). Just set your antivirus program to scan once a night a few common areas with the task scheduler (root dir, Program Files, Documents & Settings and your Windows directories).
Occasionally NAV updates can be buggy, but this sounds more like something nasty is feeding on your system (Sasser, etc.)
posted by Civil_Disobedient at 5:30 PM on May 21, 2004
Occasionally NAV updates can be buggy, but this sounds more like something nasty is feeding on your system (Sasser, etc.)
posted by Civil_Disobedient at 5:30 PM on May 21, 2004
Stinger.
Other things to look out for in the task manager are listed in this article: among them are "avserve.exe", "avserve2.exe" and skynetave.exe," but other variants have more.
posted by Sinner at 5:41 PM on May 21, 2004
Other things to look out for in the task manager are listed in this article: among them are "avserve.exe", "avserve2.exe" and skynetave.exe," but other variants have more.
posted by Sinner at 5:41 PM on May 21, 2004
... and interfere with norton av, which does a poor job of blocking it [sasser].
This is this first I've heard of Norton having trouble with sasser. Is there a basis for this?
posted by RavinDave at 2:13 AM on May 22, 2004
This is this first I've heard of Norton having trouble with sasser. Is there a basis for this?
posted by RavinDave at 2:13 AM on May 22, 2004
Purely anecdotal, but yes. I spent hours on a friend's machine with Norton installed and relatively recent definitions (not sure offhand exactly how recent, but certainly within the " current" range). If I recall correctly, after several hours of screwing around, I had happened upon several articles noting that Norton had proven ineffectual. Of course, YMMV, but I saw this with my own eyes.... I'm interested to hear whether I was on the right track - moonbird?
posted by Sinner at 2:32 AM on May 22, 2004
posted by Sinner at 2:32 AM on May 22, 2004
If your norton can't update, it's probably because a virus has written to your HOSTS file.
do a search of your hard drive for HOSTS, and remove any lines (other than localhost) that point to 127.0.0.1. You may have to scroll down a bit to find the offending entries, but most likely you will see something to the effect of: "symantec.com 127.0.0.1" preventing you from updating your virus scanner
posted by PWA_BadBoy at 11:58 AM on May 22, 2004
do a search of your hard drive for HOSTS, and remove any lines (other than localhost) that point to 127.0.0.1. You may have to scroll down a bit to find the offending entries, but most likely you will see something to the effect of: "symantec.com 127.0.0.1" preventing you from updating your virus scanner
posted by PWA_BadBoy at 11:58 AM on May 22, 2004
On the machine I was referring to, the hosts file had in fact been modified and was password-protected. Using stinger helped fix that problem (incidentally, my AV product of choice has always been Norton/Symantec, not McAfee). Just make sure you're rid of Sasser and agobot variants (I believe there are several, and that my spelling may be wrong).
posted by Sinner at 12:03 PM on May 22, 2004
posted by Sinner at 12:03 PM on May 22, 2004
Response by poster: so far, stinger hasn't found anything. still sorting through all these other recommendations... thanks all!
posted by moonbird at 3:05 PM on May 24, 2004
posted by moonbird at 3:05 PM on May 24, 2004
sasser is resistant to NAV because you need a firewall to block it more than you need a AV scanner. AV will find it if you run a scan, but it won't actively monitor your ports, I believe.
posted by Hackworth at 10:05 AM on May 25, 2004
posted by Hackworth at 10:05 AM on May 25, 2004
This thread is closed to new comments.
1.) Do the programs fail to load?
2.) If they do load, do they fail shortly after the program starts?
3.) Could it be because you're running too many programs at once?
Etc...
posted by whoshotwho at 4:49 PM on May 21, 2004