do I have a virus?

I'd appreciate any comments regarding a couple strange things that have happened to my notebook recently. Sorry if this is a little wordy, but I don't want to leave anything out.

I have Vista Home Premium, with Symantec Corporate 10 running.

First, a few weeks ago I performed a cleanup of my computer, including defrag and several updates, uninstallation of programs, and I turned off Shadow Copy (not knowing it would destroy previous restore points). After doing this, my hard drive started clicking like mad all the time (writing to some log file). Unable to solve the problem I began to undo any updates I installed. The MS Malicious software tool then automatically discovered a Trojan, deleted it, and the hard drive problems stopped (which is good, because I was ready to format!). What angers me is that Symantec found nothing.

I thought my trouble had gone away until now. Today I received a warning from the Windows Security Center that Avast "Virus Protection" and Symantec "Spywear" were both out of date. I have not had Avast on this computer for months and can find no traces of it (even in the registry). Also, Symantec is up to date and is my main antivirus - not avast. At the same time, I have been logged out of websites I am normally automatically logged into.

Do I have some crazy new virus that can't be detected and is stealing my information? or am I just paranoid?

Thanks.

 

It might be a virus. If you definitely need your system to be clean no matter the cost, i suggest you uninstall Symatec and buy NOD32. If you want powerful protection but don't want to pay, use Avira Antivir. I believe Avira Antivir should be sufficient but you never know.

 

That could actually be spyware; my mom got one that installed itself, kept saying that she had spyware that she needed to remove, and then if you clicked on it, it took you to their site to buy their product.

They wanted her to buy their product to remove their bug. It even disabled task manager which i had to enable from the registry. Personally, i just formatted as i had already done so recently to prepare it for my mom.

 

Thanks for the quick reply. I also forgot to mention that my keyboard language settings have recently been switching from US to French Canadian for no apparent reason. I should probably format to be safe. However, I alway thought Symmantec was supposed to be a good virus program (I hate Norton Antivirus though). I'll definitely look into NOD32 as well, but I do receive a free Symmantec volume license I'm not keen on giving up.
In general, I'm a little rattled as I have not had a virus problem in years (XP before SP2). I'm just not sure if it's vista bugs or a virus.

 

I gonna bet that its Not Vista. Not something like that.

 

I was hoping with vista I could avoid formating, but it looks like it will remain a 6month maintenance routine - I'm starting to hate Macs less at this moment

 

try running other AV/spyware programs see if they get anything...

 

Before formating I'll probably try Avira Antivir as Calvin suggested, and Avast just to test if Symmantec is missing something. I'd also like to do it now so I could provide this forum with anything useful I learn, but unfortunately I am far too busy. I have not slept in 48hrs and may not sleep again until the end of April. But I'll definitely give it a shot then.

 

If you seriously want to avoid a re-install, use NOD32. Download the trial, and use it to clean your system for now. Then buy it later.

 

If you hadn't turned off System Restore, then maybe you could.

(Or maybe not actually... I only seem to have about a week's worth of restore points right now.)

Also, do you have UAC on or off?

 

Yep, that should cut it there.

 

I do have UAC on, and the main reason I turned system restore off was to determine if it was causing my hard drive troubles (constant writing) - I did not know that turning it off would erase all my restore points. I have not yet bothered to familiarize myself with Vista restore, but so far I'm not too happy with the amount of disk space it requires. I have not turned it back on, and am not sure I will.

Thus far, and after many hours, I have taken the following steps:

- I turned on and updated Windows Defender (it is disabled by Symantec Corporate) and performed a scan. After 1 hour the scan froze in a Temp folder. This seemed to stir up something because Symantec suddenly found 7 Bloodhound viruses in the same folder.

- I deleted the viruses and performed another full system scan with Symantec, but was nothing found. I then ran Defender again which got stuck in the same spot, revealing another virus to Symantec.

- I deleted the virus and then tried to use the Windows cleanup tool to clear up the Temp folder - the cleanup tool froze. I tried to restart but Windows failed to shut down.

- I did soft reboot to safe mode to delete the temp folder contents. I then ran Win Defender again. This time it did not freeze, and found nothing after 2 hours of scanning.

- Frustrated with Symantec for allowing these Viruses to enter my computer and then failing to discover them in a scan, I decided to uninstall it and replace it with a trial Version of NOD32.

I performed a full scan with NOD32, which found nothing. I do like the clean look of NOD32, and I know it is a highly recomended program, but I am a little suspicious at how fast it performs a scan (almost twice as fast as Symantec). Hopefully it will be more effective than Symantec was.

Thanks for all the input.

 

Seriously, trust me. Don't laugh at the speeds NOD32 gives you, in fact, be happy. It's well known because of that speed, and power. It's what the others should be, but aren't. That's why people like it.

 

If NOD32 is more effective and twice as fast, I'll only be laughing because of the joke it makes of other AV programs.

An interesting note is the difference in startup between NOD32 and Symantec Corporate - boot time is unchanged, but my ram usage has dropped about 200Mb. With Symantec I would get about 3 additional min after boot where the CPU, HDD, and ram were fluctuating. With NOD32 I get about 5 additional min of CPU, HDD, and ram activity after boot. having used Norton and a few other AV programs, I have never considered Symantec bloat ware.

I do have a couple other questions.
First, is there any reason I should leave Win Defender running? Symantec turned it off but NOD32 allows it to run.
2nd, Windows security center reports that Avast is still turned on, NOD32 is on, and Symantec is off. Why does the security center not know when AV applications have been uninstalled? I have gone through the registry and deleted references to both previous AV applications.

 

1) Not much of a reason, just disable it.
2) It has problems with that, so i leave it off. You might want to also if you don't want to be bothered.

 

Damn you're fast with your responses Calvin - the help is much appreciated.
Security center is no bother if you disable warnings. I had actually forgotten about it until it recently told me Avast was out of date. I'll just ignore it unless it bothers me again. And if it bothers me again, I'll throw my notebook at the wall - my HP printer suffered this fate.

 

It sounds like it could be a virus. I suggest getting Norton Internet Security 2008. It will do a quickscan before installing and probably wipe it out then. If not then do a full scan after installed and it will take it out if it is a virus. Ive used Norton Internet Security for years now and never had one virus. When a few have sneaked in on McAffe on me. I've tried Zone Alarm also, but it didn't have some features Norton did.

 

I hate to break it to you, but Norton Internet Security is one of the worst AV programs I have ever used - and I have tested 03, 05, 06, and 07 versions. Prior to 03, Norton had some credibility. It is possible that you have never caught a virus because Norton was unable to detect it. Until recently I had trusted Symantec Corporate (I have used versions 8 and 10), but as I have demonstrated, it too has allowed my system to become infected.

 

If you wanna bash it, send it to me. But seriously:

 

Calvin, I had actually had security center alerts disabled using the method you described. That was why I was shocked that I received a balloon notification for Avast. it seems that the virus I had triggered an alert even though notification was disabled.

 

That's one nifty virus. But now it's gone right?