• STOCKTALK
• POLITICS
• PASTIMES

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

---

To: MulhollandDrive who wrote (37145) 10/1/2003 11:16:50 PM From: mr.mark   Respond to of 110655   "he says that for now he cannot run NAV to (getting an "nmain.exe" error)" Norton AntiVirus Document ID:2002051609330106 Last Modified:07/21/2003 Problems with Symantec software may be caused by a virus infection Situation: You encounter at least one of the following problems with Norton AntiVirus (NAV), Norton SystemWorks (NSW), or Norton Internet Security (NIS): -The icon for your Symantec product no longer appears on the desktop. -When you start your Symantec product, the program window appears briefly and then disappears. - You cannot complete LiveUpdate successfully. - You cannot install or run Symantec products. - You receive an email message that indicates your computer is infected with the W32.Klez virus. - You see "out of memory" error messages. - Your computer stops responding during virus scans. - Your Internet connection is much slower than usual. - Your firewall software detects that "Wink???.exe" is accessing the Internet. - You see error messages that indicate your computer is low on disk space. - You see the message "Nmain caused an error in Nmain.exe." - You see the message "Nmain caused an invalid page fault in Nmain.exe." Solution: These symptoms are known to occur on computers that are infected with one of the following viruses or worms: W32.Bugbear.B@mm a W32.Klez variant W32.Bugbear@mm Follow the procedure in each section in the order listed to determine whether your computer is infected and, if so, to remove the infection. W32.Bugbear.B@mm To determine whether your computer is infected with W32.Bugbear.B@mm, download and run the W32.Bugbear.B@mm removal tool. After the worm has been removed, restart the computer, download the latest virus definitions and scan the computer again to make sure the virus has been completely removed. W32.Klez variant: To determine whether your computer is infected with a W32.Klez variant, download and run the W32.Klez removal tool. Carefully review the removal instructions before you run the W32.Klez removal tool. An online demonstration of how to download and run the tool is available with audio and without audio. Because the virus will infect NAV when it infects your computer, it is important that you restore NAV to functionality by following the instructions in the document How to restore Norton AntiVirus after removing a virus. After NAV has been reinstalled, download the latest virus definitions and scan the computer again to make sure the virus has been completely removed. W32.Bugbear@mm To determine whether your computer is infected with W32.Bugbear@mm, follow the instructions in the W32.Bugbear@mm write-up. If the worm is detected and then removed, then run LiveUpdate to download the latest virus definitions and scan the computer. If the removal tool or a virus scan does not detect a virus infection, then the problems that you are encountering are not likely the result of a virus infection. To continue searching the knowledge base for a solution to your problem, click the KNOWLEDGE BASE link at the bottom of this page. Select your product and version, and then click Continue. On the "search the knowledge base" page, follow the instructions to enter your search criteria, and then click search. Technical Information: For detailed information about a particular W32.Klez variant, click the appropriate write-up: W32.Klez.H@mm W32.Klez.gen@mm W32.Klez.E@mm W32.Klez.D@mm W32.Klez.A@mm service1.symantec.com

To: MulhollandDrive who wrote (37145) 10/1/2003 11:29:23 PM From: mr.mark   Read Replies (1) | Respond to of 110655   and it's a good bet he has a trojan on his machine too, one like this... F-Secure Virus Descriptions : Delude NAME: Delude ALIAS: Trojan.BAT.Startpage.a Delude is a trojan that is available on a web page. The web page contains a code that uses a vulnerability in the Internet Explorer (MS03-032) to execute. More information about the vulnerability, including a fix, is available from Microsoft at: microsoft.com VARIANT: Delude.A The HTA code available on a web page downloads a file "partyboy.exe" from an ftp site and runs it. This file is is packed with UPX. It is a batch file which was compiled to executable binary (".exe") using a BatToExe tool. When executed, it changes the Internet Explorer start page to find-now.info. It prevents access to the most major search engines such as Google, Yahoo, Lycos, MSN and AltaVista. To do this it replaces the following file: %windir%\system32\drivers\etc\hosts where %windir% is the Windows installation directory. Detection in F-Secure Anti-Virus was published on September 10th, 2003 in update: [FSAV_Database_Version] Version=2003-09-10_0_03 Technical Details: Katrin Tocheva and Sami Rautiainen, 10th of September, 2003; F-Secure Corporation europe.f-secure.com

Home

Mail

Hot

SubjectMarks

PeopleMarks

Keepers

Settings

Terms Of Use

Contact Us

Copyright/IP Policy

Privacy Policy

About Us

FAQ

Advertise on SI

© 2026 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News