Jump to content
exile360

***False positive Trojan.Downloader.ED***

Recommended Posts

Both computers have this entry in the Event Logs

5/1/2013 2:00:37 PM, Error: Service Control Manager [7030]  - The Symantec Management Client service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Please review the following article and remove the interactive portion.

Then restart the service and run the following please.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Thanks

Share this post


Link to post
Share on other sites

Attached log from PC #1. I must have this resolved on all 3 PCs today. This cannot stretch to Monday. I will be going through there this afternoon. Please advise. Thank you.

-Will

Result.txt

Share this post


Link to post
Share on other sites

It appears that this is a 64-Bit version of Windows 7 and the files in the x64 catalog are still missing.

x64-Catalog5 01 H:\Windows\System32\NLAapi.dll [File Not found] ()
x64-Catalog5 02 H:\Windows\System32\napinsp.dll [File Not found] ()
x64-Catalog5 03 H:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 04 H:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 05 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 06 H:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog9 01 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 06 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 07 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 08 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 09 H:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 10 H:\Windows\System32\mswsock.dll [File Not found] ()

Please see if you can compare these files from a working computer and then copy them from the working computer to this one that is not working.

If you have a list from the original issue with the quarantined files it should show you what files were removed that still need to be replaced.

Thanks

Share this post


Link to post
Share on other sites

Hi Will,

That is a bit odd that it would scan that as a location then. I wonder if there is some type of GPO that has that as a redirect location.

You can try this from an elevated command prompt and see if that corrects but I doubt that is the real cause here and probably will not make any real change.

netsh winsock reset catalog

The winsock registry keys are located here:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

I'm really sorry Will, but if you have to have this fixed by Monday then unfortunately you're going to need to back up the data and format the drive and reinstall or re-image the boxes. If I knew specifically what was wrong I'd certainly tell you but you're seeing an odd issue that has not been reported before and if you have no other signs of an issue that makes it pretty hard to diagnose what's really going on here in your specified time frame.

Share this post


Link to post
Share on other sites

I've been having an email conversation (Malwarebytes Support ticket #332015) with your "help desk" regarding this issue and the last response I got was on May 1st. I have since replied a few times since then and nothing. The person I am/was dealing with is "Tom Mercado". So far this "help desk" has been of no help regarding this issue. This was your guys screw up, now I need to know how YOU GUYS are going to replace the three DLL files which need to be replaced in order for Windows 8 to function as it did before your software decided to quarantine them.

Share this post


Link to post
Share on other sites

@jrhawk9

I'm sorry that you're having issues contacting the Help Desk. It's possible that your email provider or ours is blocking the mail due to a high volume of emails or code in email that often trigger spam blockers.

Please send me a private message and I'll see if I can assist you with your issue.

Thank you

Share this post


Link to post
Share on other sites

I just wanted to extend my Thank Yous to your support staff team, especially Chris, Pete and anyone else who listened in on the 4+ hour long conference call between me and Symantec's support team. I have just finished curing the other two systems at this one client. Again, Thank you for all of your help with helping to get this resolved.

-Will

Share this post


Link to post
Share on other sites

I've been having an email conversation (Malwarebytes Support ticket #332015) with your "help desk" regarding this issue and the last response I got was on May 1st. I have since replied a few times since then and nothing. The person I am/was dealing with is "Tom Mercado". So far this "help desk" has been of no help regarding this issue. This was your guys screw up, now I need to know how YOU GUYS are going to replace the three DLL files which need to be replaced in order for Windows 8 to function as it did before your software decided to quarantine them.

Just an update that I was able to help jrhawk9 and his system should now be operational.

If anyone is still having issues fixing their computer from this FP then please make sure to open a ticket on the Help Desk so that someone can assist you.

Thanks

Share this post


Link to post
Share on other sites

id hate to see a good program badrepped because of a glitch that was unforseen ( but is Clearly being looked at in a hurry now that they know.) Good Gods guys have a lil patience for these guys here at MBM . after all theyre only Mortal like we are .all in good time will these things get fixed. till then . quit getting nasty with these poor hardworking guys. theyre doing a whole hell of a lot more than just sitting around . and the amount of people they have to help out here with this unexpected issue is going to take TIME and TIME requires PATIENCE so. IF you please..fellow users.. give these guys a bit of breathing space? they ARE doing their level best in this sitch. and will get to those of us who still need help.in a timely fashion. ( I'm fine on my end btw. running windows 7 ultimate x64 along with mbm , sas and avast)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.