My Norton internet security warned me of two files in my hosts list

127.0.0.1 om.symantic.cm

and

127.0.0.1 tc.symantic.com

as it needs those to update :rolleyes:

so with my permission it removed those from the list


whiteknight :D

It would be a good idea to download then run RogueRemover and Update its latest definitions then run a Scan:
http://www.malwarebytes.org/rogueremover.php

Also, it would be a good idea to download then run MBAM and Update its latest definitions then run a Quick scan and post the results back here for me:
http://www.malwarebytes.org/mbam.php

Edit: I removed incorrect information

127.0.0.1 om.symantec.cm

and

127.0.0.1 tc.symantec.com

are part of the MVPS update. It's symantec, not symantic. :huh:

As I don't use Norton, I have no idea why those two entries are added.

Have a look here:
http://msmvps.com/blogs/hostsnews/archive/...hosts-file.aspx

Apoligies for my bad spelling, symantec I should have wrote ;)

As requested

Malwarebytes' Anti-Malware 1.25
Database version: 1080
Windows 5.1.2600 Service Pack 3

11:20:24 24/08/2008
mbam-log-08-24-2008 (11-20-24).txt

Scan type: Quick Scan
Objects scanned: 63013
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\Log\2007 Dec 06 - 07_47_30 PM_016.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\Log\2007 Dec 06 - 07_47_31 PM_922.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.

My PC was just recovered using PC recovery after a bad attack

as my DNS was hijacked as well :angry:

I was using AVG & Threatfire antivirusus at that time :angry:


AD-Aware 2008 photo



after recovery I installed Norton internet security

security risks were > web media player...resolved

and threats were trojan, backdoor trojan and trojan Virantix.C>resolved :ph43r:
(I had to switch off system restore first then
I had to download an unhook file called unhook.exe from Norton use it first
and then reset regestry values manualy and delete an addition to win.ini then
Norton antivirus removed some other junk to resolve them :) after several
clear scans with Norton and AD-Aware 2008 then switch system restore back on)

I thought maybe the host entries were from past setup

but if silicon man is right maybe there was some error with mvps hosts update ;)

whiteKnight

I'm glad you got your situation sorted out.

I don't recommend Ad-Aware anymore as it has outlived its usefulness and not kept up with the times.

I also recommend CCleaner to remove left over junk that gets left on Windows systems:
http://www.ccleaner.com

The CCleaner forum is a good place to discuss keeping your system in tip top shape:
http://forum.piriform.com

Thanks for the info and advice.

Yes I have CCleaner and used it in the past, I think it wise though
to run chkdsk after it has been used, as I found it orphans and looses
files sometimes ......whiteKnight

In all the time I have used CCleaner I have never come across this situation.

Have you checked in the CCleaner forum for similar situations or to report a problem?
http://forum.piriform.com/index.php?showforum=8

Well when removing temp files, there are some temp files that are neeeded
by windows opperating system and i have watched chkdsk refind the files.

Have you ever used chkdsk immediately after running CCleaner? ....WhiteKnight.

I just did a complete chkdsk and it did not find anything.

If there was a situation like you are saying then none of the almost 23,000 Members of CCleaner forum nor any of the millions of happy CCleaner users that have downloaded and run the application are complaining of the situation you describe.

I do remember someone asking about why their system would not boot up sometimes and they were asked to run chkdsk and they found out that their hard disk was failing and luckily they were able to salvage the important information from the hard drive before it completely failed but I don't remember where I read it.

Well I thought I'd better try it again :)

Here is a screen snapshot of chkdsk before CCleaner :)


Shot at 2008-08-26

and here again after CCleaner :angry:


Shot at 2008-08-26

It's just runs a little bit quick to screen snap chkdsk at the very end as it

disappears very quickly.............whiteKnight

Please review all of the following document:
Beginners Guides: Diagnosing Bad Hard Drives
--------------------------------------------------------------------------------
Know... before your hard drive kicks the bucket, taking all your data with it. Clickity-click, time to defuse that dying hard disk! - Version 1.0.0
http://www.pcstats.com/articleview.cfm?articleid=1583

Yes you could be right <_< luckily I have all I need backed up on dvd's :rolleyes:

but why it should misbehave after a progam is run and not otherwise

and why all these related files vid, ci, dir etc

is food for thought.................whiteknight

ps. I found this happening on two PC's one of them from new.

CCleaner opens up the files it wants to be cleaned in Write mode then makes the modification then closes the files.

Video files are huge and usually quite fragmented so I guess when CCleaner looks at the file then the fragments could be moved around:
http://filext.com/file-extension/wid
http://filext.com/file-extension/VID

As I am not familiar with the internal workings of CCleaner, please continue to discuss this situation in the CCleaner forum but insure that you have the latest CCleaner v2.11.636 application installed:
http://forum.piriform.com/index.php?showforum=8

MVPS Hosts author blogs (again) about this well-known false-positive detection by Symantec products: http://msmvps.com/blogs/hostsnews/archive/...30/1646253.aspx