Virus ied.exe

[karenb]

Good morning everyone. I am helping a friend try to remove a virus from his computer. He uses a dial-up connection. XP, Norton internet security 2005, spybot, adaware and msantispyware are used on this machine.
The identitfied threat is called downloader.trojan and the infected file is identified as ied.exe. It's location is specifed as c:/ieds_7m.cab.

So, here is what we've done. Tried to run Norton in safe mode. It froze, and appears to have disappeared. It is not in program files, no icons, a search cannot find anything. We went through and manually were able to delete the file in c:. Rebooted, file was still gone, rebooted in regular mode. Still gone. Tried to reinstall Norton, failed. No error, just won't run the disc. Auto run isn't working, tried... start, run e:, browse, setup. Won't run. The disc drive is working fine for other purposes. Checked the back of the norton disc, all looks fine, no scratches no smudges. Next step I suggested was an online Mcaffee and Norton scan. Every time the scan reaches a certain point, the scan locks and he is bumped offline. I assume that Norton won't reinstall becuase of a virus, however this .cab file was the only thing showing infection. I found some registry changes that should be made from the symantec site. Could these registry changes be why Norton won't reinstall? If anyone has had any experience with something like this, I would appreciate your suggestions. Also, I think his internet connection is always questionable. Slow, knocked off a lot. I use a cable modem and have suggested that he bring his tower over for me to try and run the scan from my connection. Sensible?

[genesis]

Internet connection has nothing to do with that problem. Although I've experienced NAV refusing to reinstall, that is because the previous installation is still there, partially or in registry. One thing is to install a newer version but that may not be possible at all times. Try looking in the add/remove to see if it's there, if it is, remove it and then reinstall it.

[karenb]

Hey there,
just spoke to my buddy and he said Norton is in the control panel, but every time he tries to remove it just locks up.
Is it ok to just delete from "program files" and try to reinstall?
He was able to run the online scan of norton and mcaffee, both are clean. He is complaining of his computer running very slow.Spybot is showing dso exploit. It seems unable to remove this, as is antispyware.
any further suggestions?

[headshock]

you would need to delete the reg files that come with it otherwise it will still think it is installed
download rescrub or regcleaner to remove the reg fiels
but be careful

[genesis]

like headshock said, if registry entries are still there, deleting the physical files won't do any good, only harm. Try looking up this issue on symantec's site, they will certainly have a solution to it. Of course, also post it here so we all know too.

[genesis]

Double post, maybe this will help
http://www.symantec.com/techsupp/nis...005_tasks.html

[karenb]

Ok -- I got it installed again. Here is what I did.
In the registry key.....

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec

In the left pane, right-click Symantec, and click Rename.
Type the following, and then press Enter to save the change:

Symantecold

There was another key symantec suggested changing but the key was not present on my buddies computer.

Went to add/remove, where we were still unable to remove the rest of the program. We received an error similar to " we can't do that...."

The fix I found on symantec's site was the following....

Start, Run.... type msconfig. Under the general tab, select SELECTIVE STARTUP with Load system services checked and Use original boot.ini selected. Restart.

Put in the cd and it autoran. Symantec has info on what to do if autorun isn't working.... but we didn't need it. Restarted in normal startup and away we went!

Thanks for all the help!

[genesis]

That's the right way, glad you got it fixed.