A Nurse with a Gun

Thursday, November 20, 2008

Virtuemonde Update

Last night I went to the Kaspersky website and downloaded a trial version of Kaspersky Internet Security 2009. When I started to install it, I recieved a dialog box telling me it would uninstall my then present version of Norton Internet Security 2007. Kaspersky also required that I uninstall SpyBot Search & Destroy. I decided that if the Kaspersky suite was that powerful, I would hold it in reserve.

I browsed to the Symantec website to download a trial version of Norton Internet Security 2009. Installing Norton Internet Security 2009 vaporized my previous version of the program. To make matters worse, after installing it I was dismayed to find that because I already had Norton Internet Security on my computer, I would have to subscribe at a cost of $49.99 to activate the trial version. I decided to contact tech support via chat and cry foul. Here is the transcript of my chat session.
Mr. Xavier Breath has entered room.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

We are experiencing higher than usual service times. Please wait and an analyst will be with you shortly.

Rajmohan P has entered room.

Rajmohan P(Wed Nov 19 21:13:30 CST 2008)>You are being transferred to Rajmohan P.

Rajmohan P(Wed Nov 19 21:13:33 CST 2008)>Welcome to Norton Support, my name is Raj Mohan. Can I please have a minute to go through the information you have provided?

Mr. Xavier Breath(Wed Nov 19 23:13:48 CST 2008)>sure

Mr. Xavier Breath(Wed Nov 19 23:14:06 CST 2008)>I decided to upgrade my internet security today and Norton's product was looking good in the reviews I have read.

Rajmohan P(Wed Nov 19 21:14:53 CST 2008)>Hi Xavier, I see that activating your Norton AntiVirus.

Mr. Xavier Breath(Wed Nov 19 23:15:46 CST 2008)>I downloaded your 15 day free trial version of Norton Internet Security 2009 from the symantec website and am unable to start the product because I am a prior customer of Norton. My last version was Norton's IS 2007. The trial version of Norton Internet Security 2009 uninstalled the 2007 version that came with my computer. I do not have a disc to reinstall what I previously had. I cannot start the 15 day trial version because it requires me to pay for a $49.99 subscription renewal.

Rajmohan P(Wed Nov 19 21:17:06 CST 2008)>Thanks, your case number is 081119-005742, please write this down.

Rajmohan P(Wed Nov 19 21:17:15 CST 2008)>If we get disconnected for any reason, please follow these instructions to reconnect this chat (we recommend that you to note down the link and code). You'll need to do this within a couple of minutes of being disconnected:

1) Open up Internet Explorer and then go to www.norton.com/connectme
2) Enter the [Connection Code] 293493 3) Click on [Submit]

Rajmohan P(Wed Nov 19 21:17:18 CST 2008)>Are you chatting with me from the computer that has the issue?

Mr. Xavier Breath(Wed Nov 19 23:17:32 CST 2008)>Yes.

Rajmohan P(Wed Nov 19 21:18:07 CST 2008)>Do you have your 25 digit product key?\

Mr. Xavier Breath(Wed Nov 19 23:19:28 CST 2008)>No, I do not. Your product has now changed my home page.

Mr. Xavier Breath(Wed Nov 19 23:19:46 CST 2008)>It is tossing up pop-ups right and left.

Mr. Xavier Breath(Wed Nov 19 23:20:52 CST 2008)>I cannot remove the pop-ups because I do not know if they are from your product or more malware.

Rajmohan P(Wed Nov 19 21:21:32 CST 2008)>May I know if you have purchased CD version of Norton program or download version?

Mr. Xavier Breath(Wed Nov 19 23:21:58 CST 2008)>Is aniti-virusproccan.com one of your sites?

Mr. Xavier Breath(Wed Nov 19 23:22:18 CST 2008)>I downloaded your 15 day free trial version of Norton Internet Security 2009 from the symantec website and am unable to start the product because I am a prior customer of Norton. My last version was Norton's IS 2007. The trial version of Norton Internet Security 2009 uninstalled the 2007 version that came with my computer. I do not have a disc to reinstall what I previously had. I cannot start the 15 day trial version because it requires me to pay for a $49.99 subscription renewal.

Mr. Xavier Breath(Wed Nov 19 23:22:47 CST 2008)>Are you reading what I have written?

Rajmohan P(Wed Nov 19 21:22:47 CST 2008)>No, aniti-virusproccan.com is not one of our sites.

Rajmohan P(Wed Nov 19 21:22:53 CST 2008)>Yep.

Rajmohan P(Wed Nov 19 21:23:04 CST 2008)>You have to purchase renewal.

Mr. Xavier Breath(Wed Nov 19 23:23:21 CST 2008)>For a "free" trial version?

Rajmohan P(Wed Nov 19 21:23:25 CST 2008)>Yes.

Mr. Xavier Breath(Wed Nov 19 23:23:47 CST 2008)>I would like to try your trial version of Norton Internet Security 2009 prior to purchase or renewal of any subscription.

Mr. Xavier Breath(Wed Nov 19 23:24:00 CST 2008)>I had planned to purchase it at retail if I decided to keep a Norton product on my computer. The previous version was slow, unweildy, inefficient, and it missed a good bit of malware. I want to know the effectiveness of Norton Internet Security 2009 before I lay down any cash.

Rajmohan P(Wed Nov 19 21:24:02 CST 2008)>Okay

Rajmohan P(Wed Nov 19 21:24:45 CST 2008)>Okay

Mr. Xavier Breath(Wed Nov 19 23:25:01 CST 2008)>Is that possible?

Rajmohan P(Wed Nov 19 21:25:57 CST 2008)>Yes.

Mr. Xavier Breath(Wed Nov 19 23:26:12 CST 2008)>How?

Rajmohan P(Wed Nov 19 21:27:08 CST 2008)>Xavier, I can connect to your computer and work to resolve the problem from here, while you sit back and watch.

This is a secure connection, and I won't access any personal information on your computer. If at any point you are concerned, you can disconnect me by clicking on the [End] button. I'd encourage you to view the troubleshooting from your end.

If for any reason you need to leave your computer, let me know via the chat window and we'll disconnect the remote session and resume once you're back.

Shall we go ahead with the remote connection?

Mr. Xavier Breath(Wed Nov 19 23:27:55 CST 2008)>Be my guest

Mr. Xavier Breath(Wed Nov 19 23:28:17 CST 2008)>One quick question....... Will Norton Internet Security 2009 efficiently and thoroughly eradicate the virtuemundo trojan?

Rajmohan P(Wed Nov 19 21:28:20 CST 2008)>To set up a connection:
1. Please click on the link http://www.norton.com/link
2. Enter in the 6 digit pin code 570632 and click [Connect to technician].
3. You will now see a prompt to accept the connection. Please click on [Yes]. It may take a few minutes for me to connect.

Rajmohan P(Wed Nov 19 21:28:32 CST 2008)>Yes.

Mr. Xavier Breath(Wed Nov 19 23:29:37 CST 2008)>I'm getting a pop-up that says the current chat session will end if I navigate away is that normal?

Rajmohan P(Wed Nov 19 21:29:54 CST 2008)>No.

Rajmohan P(Wed Nov 19 21:30:08 CST 2008)>Please open a Internet explorer webpage and type www.norton.com/link

Let me know when you are being asked for a 6-digit pin code.

Mr. Xavier Breath(Wed Nov 19 23:31:44 CST 2008)>Ok, it's asking........

Mr. Xavier Breath(Wed Nov 19 23:32:00 CST 2008)>Same one?

Rajmohan P(Wed Nov 19 21:31:59 CST 2008)>Use the pin given below 570632 and click on "Connect to Technician".

Next you will be prompted for Run, Save or Cancel. Click on Run to start the remote session

Rajmohan P(Wed Nov 19 21:32:05 CST 2008)>If you get a any prompts to block or unblock the program from Windows, click on "Unblock". On further prompts, click on Yes or Continue if you are being asked for.

Mr. Xavier Breath(Wed Nov 19 23:33:15 CST 2008)>logmeinrescue.exe is that you?

Rajmohan P(Wed Nov 19 21:33:24 CST 2008)>Yes.

Mr. Xavier Breath(Wed Nov 19 23:34:53 CST 2008)>Is this you? http://anti-virusproscan.com/2009/1/en/_freescan.php?nu=770522169011

[11:33 PM] Connecting to Rescue Gateway: control.app04.logmeinrescue.com...
[11:33 PM] Connected to Rescue Gateway. A support representative will be with you shortly.
[11:34 PM] Chat session established with Rajmohan.
[11:34 PM] Remote control started.

Rajmohan P(Wed Nov 19 21:34:49 CST 2008)>Now, I can access your computer and we will check for the issue.

Rajmohan P(Wed Nov 19 21:35:03 CST 2008)>No.

[11:52 PM] Rajmohan has ended the session.
[11:52 PM] Remote control ended.

Rajmohan P(Wed Nov 19 21:48:40 CST 2008)>We have activated your Norton Internet Security.

Rajmohan P(Wed Nov 19 21:48:57 CST 2008)>May I know the home page you want to set?

Mr. Xavier Breath(Wed Nov 19 23:49:05 CST 2008)>I see the virtumonde trojan is still active

Rajmohan P(Wed Nov 19 21:49:16 CST 2008)>Please run full system scan.

Mr. Xavier Breath(Wed Nov 19 23:49:44 CST 2008)>my homepage is correct now, that was it.

Rajmohan P(Wed Nov 19 21:50:05 CST 2008)>Okay

Mr. Xavier Breath(Wed Nov 19 23:50:20 CST 2008)>I'm impressed

Rajmohan P(Wed Nov 19 21:50:26 CST 2008)>Before I go, can I check that you're ok with the resolution I've provided?

Mr. Xavier Breath(Wed Nov 19 23:51:02 CST 2008)>Yes. I'd like to publish this chat on my blog to inform other people who might be considering your product. I have a readership of close to 4000 users per day. Customer service is often a factor in the choice of products purchased. Do I have your consent for publication?

Rajmohan P(Wed Nov 19 21:51:26 CST 2008)>Yes.

Mr. Xavier Breath(Wed Nov 19 23:51:47 CST 2008)>You did a fantastic job sir. Kudos.

Rajmohan P(Wed Nov 19 21:52:00 CST 2008)>You may receive a survey by email regarding this support
session and we'd really appreciate it if you could take a few moments to respond once it arrives. If you'd like to take up a specific issue with my manager you can send an email to Symantecmanagement@e4e.com

Rajmohan P(Wed Nov 19 21:52:02 CST 2008)>Thank you for contacting us. It's been my pleasure to assist you.
Of course, once the trial version of Norton Internet Security 2009 had been activated, I did a full system scan.

Nothing.

I went back to SpyBot Search & Destroy. I updated, immunized and scanned. Virtuemonde was still present, malicious as ever. I surfed a bit. Pop-ups galore. Every webpage rendered a pop-up window. I tried Mozilla. Pop-ups. Opera. Pop-ups. I scanned with Advanced Windows Care V2. Virtuemonde. tuzivard.dll and uganwerd.dll. f-monde gave me no joy. Dr. Delete committed malpractice. After a bit of research, I decided to try VundoFix V7.0.0 as suggested by one of my anonymous readers. VundoFix did not even see the trojan. It said all was well.

All was not well. I could not do squat without another pop-up window.

After work today, I decided to take a look again. As soon as I went to my desktop, Norton Internet Security 2009 popped up a window informing me I was infected with Vundo. No shit.

At least Norton Internet Security 2009 saw it. Click to enlargeThen, it showed me how to corner it, quarantine it, and kill it. This evening, I am surfing free.

I want to thank everyone, anonymous or not, who took the time to offer suggestions. I wasn't about to purge my hard drive and start from a clean slate again. I had done that several times years ago. In fact, I have been known to shotgun a PCU or two. I wasn't tossing in the towel that easily.

Norton Internet Security 2009 does not seem to be slowing down my web surfing or the use of my computer. It allows me to use SpyBot Search & Destroy, as well as other programs to agument it's capabilities. Perhaps the Virtuemuno trojan had to wiggle a little bit and try to morph into something new before Norton could spot it. Perhaps Norton updated with new data specific to my infestation. I'm not sure why it slipped through the cracks initially, but I have a feeling there is Virtuemundo blood on the walls of my hard drive.

Sometimes I think that personal computing is a lot like guns. There is a lot of well intentioned opinion of what is best, of which method is superior. Often times there are many paths and what is best for one person may not be for another. In the next week or so, I will decide if Norton's new Internet Security Suite meets my needs without impeding my productivity or my enjoyment of the web.

In related news, I'm back to watching Jodi Miller on You Tube as well. I guess the Vundo trojan was screwing that up too.

Labels: ,

14 Comments:

Anonymous Travlin said...

Don't you just love their corporate arregance when they trashed your currently installed version? That was not an accident. I didn't even realize I had no protection for two days after I deleted the "free trial". I got on the phone and chewed them out thoroughly.

12:03 AM  
Anonymous Anonymous said...

There are two free products that I use. One is AVG (the free version) and the other is WinPatrol. What I like about WinPatrol is that is blocks any program from hijacking your start up page.

Those two programs (along with using Firefox) have reduced my virus related problems to zero.

Did I mention all three programs are free?

Good luck!

1:24 AM  
Anonymous Anonymous said...

X, please keep us advised on this. I, for one, am in the market for a better anti-virus solution and from your experience so far it sounds like Norton 2009 might be a good investment.

5:35 AM  
Anonymous Anonymous said...

Your experience with Norton is much like mine two months ago, when I had downloaded a virus program called--Are you ready for this? Norton 2009!. But yeah, the tech helped a lot, working on my computer via long distance.

6:10 AM  
Anonymous Bob@thenest said...

Very happy to hear of your success and of Symantec's support. Given my experiences with Symantec I find their currect version of support pleasantly surprising.

FYI, I've been runnning Kaspersky for over 2 years on two different machines and just recently loaded Spybot S&D on one of them. The two are running together quite well; it may be that Spybot must be loaded after Kaspersky -- at least that was the sequence in my case.

6:29 AM  
Blogger MedicMatthew said...

Hey Xavier, love the blog. Long time listener, first time caller.

I've been following your computer woes here and figured I'd offer up my own practice. Since using this practice I have had zero computer virus & malware related issues.

I despise Windows Internet Explorer with the burning passion of a thousand suns and as such with any computer as soon as I have installed Firefox I remove IE as much as it is possible to remove a native program that is embedded in to the Windows operating system. I then install the free version of AVG.

That is it.

While one might think that keeping multiple anti-virus and anti-malware programs will keep with the "one is none, two is one" theory this is not advisable practice in terms of computer protection where sometimes less is more.
My reasoning for choosing AVG over Norton or McAffe is simple. AVG is free and powerful and it has a much simpler interface. I won't say one is better or more powerful or more effective than the other, I just know what I like and I find that AVG is super simple to use.

7:30 AM  
Anonymous OrangeNeckInNY said...

The tech should have told you you needed to reboot the computer before running a full scan, since the malware was already TSRed when you first booted up before installing SIS 2009. I personally prefer Symantec Endpoint Security, but that's just me. I have qualms about Spybot S&D in that I think it has it's own spyware bundled with its install.

8:27 AM  
Blogger MaddMedic said...

AVG Free, Spyware Blaster (also free and Spybot(free).
I have four computers on my home network and all use these programs.
I have no problems at all and have two teenagers whom game, surf etc online and still no problems. You can have all those "suites" they are POS's!!

8:37 AM  
Anonymous Anonymous said...

Vundo arrives in your happy home via an Sun Java 1.5.0_7 (aka Version 5.0 release 7), and earlier versions so I'm not surprised that it messes up your java install too and consequently the movies in youtube if it uses that.

I was thinking that it's possible you did clear vundo before and just re-infected if you visited the same website that infected you the first time without patching java... remember how you thought you beat it and it re-emerged?

So anyway, keeping things patched is a good idea. :)

9:06 AM  
Blogger Xavier said...

Good to hear KIS09 and SB-S&D are compatible, at least if installed in a different order Bob!

12:40 PM  
Anonymous Mark said...

X,

Norton 2009 isn't perfect, but SYMC really tried hard. After the mess that was the 2005 - 2007 product and what was essentially a holding action in 2008, the right folks in management finally "got religion" for 2009. Make no mistake, these problems were a management problem.

I write/maintain some of the drivers in the product. This is the first year in a long time that I'm not embarassed with the product.

7:58 PM  
Blogger James said...

One great product I've found is NOD32 from Eset. It's not free but very affordable. You can get the OE version from Newegg.com for about $30. This subscription is good for one year and the program doesn't hog your system much like Norton, McAffe, etc. Just go to eset.com and check it out. They also offer a 30 free trial.

12:12 PM  
Anonymous Anonymous said...

AVG slaps Trojan label on Adobe Flash
Third false alarm follows upgrade offer AVG, the popular anti-virus package, has falsely identified Adobe Flash as potentially malicious. The snafu comes just days after AVG slapped a bogus Trojan warning on a core Windows component.… ...
http://virtualreview.org/tech/zoom/816994/avg-slaps-trojan-label-on-adobe-flash

AVG slaps Trojan label on core Windows file
Second false alarm creates consternation Some users of AVG were left with unusable Windows systems after the popular AVG security scanner software slapped a Trojan warning on a core Windows component.… ...
http://virtualreview.org/tech/zoom/812303/avg-slaps-trojan-label-on-core-windows-file

Great stuff that AVG.

10:26 PM  
Anonymous Anonymous said...

AVG virus scanner removes critical Windows file (Martin/Security and the Net)
Martin / Security and the Net: AVG virus scanner removes critical Windows file — An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses... ...
http://virtualreview.org/tech/zoom/812354/avg-virus-scanner-removes-critical-windows-file-martinsecurity-and-the-net

10:27 PM  

Post a Comment

<< Home

Links to this post:

Create a Link