Could this be a virus?

[vaughan]

I'm not sure what has happened to my notebook computer but ...

AVG 7 Pro (registered) No virus detected.
Norton System Works Pro 2003 antivirus: No virus detected.
AdAware SE 1.05 Personal Edition, latest updates - no spyware.
SpywareBlaster 3.4 (home edition) latest updates - no additional blocks required.
Spybot Search & Destroy latest updates and immunzation applied - no malware.
Windows XP Pro SP2 fully patched.
Intel P4 2.66GHz, 512 MB DDR 333 RAM, 40 GB HDD. 50% unused.

When I try to open a Word document using Office XP (SP3)I get two errors. First says: Word cannot open this document template
and it gives a partial folder path to PDFmaker.dot
This is part of Adobe Acrobat version 5.05 which I updated to V 6.0 and patched to 6.0.3 - all licensed.

Second, when I try to exit from Word I get a dialogue box:
The file Normal.dat already exists. Do you want to replace the existing file?

If I say Yes, it exits OK. If I say No, it goes around in circles until I say yes. I even tried killing word using Ctrl-Alt-Del and stopping the running process.

In addition to this, my NAV gave an error and was shut down. When I re-boot or try to re-start it I get a warning to uninstall NSW and to re-install.

I have done this:
Repair install of Office XP
Repair install of Adobe Acrobat v6.
Uninstall NSW 2003 and re-installed it. Now get a message that says :
Some Symantec product stteings have been changed by an unauthorized program.This can indicate that an attacker or a virus is attempting to disable your protection.
To avoid problems, settings will be reverted to the previous configuration and your system will be restarted. Click OK to continue.

If I OK this, it cycles and repeats itself. The error is 1004,1 and Symantec's advice is "known bug, run Live Update". I have run LU 3 times now. It is stuck installing file 3 or 4 in NAV now. If I hover over it the cursor turns into an hour glass.

HELP :!: :!: :!:

[AMDave]

Office has a config setting somewhere to "Save settings on exit" which it does in "normal.dot", that could be where the prompt was coming from. You can trun that off and do it manually whenever you make a change that you want to keep.

The uninstall and reinstall of NAV could have triggered the response that it detected that it had been "tampered" with.

If you you have mutliple versions of Adobe Acrobat (check Program Files folder) you can get some odd behaviours due to the combinations of registry settings this can result in.

If this doesn't match what is going on and you are still having problems or have concerns, you could do an XP rollback to a point before the problem came up. You took a snapshot recently I hope.

Otherwise you could try a scan for registry errors and see what turns up.

I have to say that I am not a NAV user anymore so hopefully someone else will be able to help. It used to be my favourite but the last two versions gave me headaches so I don't use it anymore.

I too have experienced the failed LU update several times, investigated the error messages, found a described "solution" wich failed to fix anything even after talking with support, although I am aware that it has worked for some. You can find it on their website somewhere.

In the end I quit wasting time and moved to another purchased AV package.
There is a degree of comfort in the bought packages with the frequency of pattern updates.

[Empty_5oul]

run live update on another machine and remember what the downloaded ifles are called/ where they are going. Then manually put these onto a CD, go back to the virus machine and do an update from CD. This usually gets round the update snot working as the online bit is blocked.

Also try in safe-mode opening your doc as this stops all process opening on boot other than the vital ones - if it is a virus then it would be stopped. If it still fails here see what error you get, i imagine it would be different.

[vaughan]

Resolved with a complete removal of Norton System Works Professional 2003 and its associated detritus - LiveUpdate and so forth.

AVG Pro 7 Network Edition (registered) - no viruses detected.

Word XP and Adobe Acrobat 6.0.3 (registered) both behave themselves now.

[Ototero]

I also fell out of love with Norton System works. Long live AVG.

[Empty_5oul]

lol.
Norton use to be the best but it has also fallen out of favour with me. I stopped using it in 2002 though when it was up for renewal, i find AVG to be the best anyway.

[Lagu]

Hello!

I will warn for a virus called Trj/downloader.DCK. :shockingzap: I have got this virus on my Intel win 98. My Panda antivirus have neutralise this virus but, something have happen because, when I open the Internet, a page appeared called “About Blanc”. No http or https is following first.

When I tried to set www.amdusers.com as the start page into Internet options, this page is changed by “About Blanc” every time I try to change start page. Zone Alarm is lurked and can’t prevent me from this damn site. I have tried to stop it from loading by setting all alternative in Zone Alarm to enable, but nothing help.

I got this virus because I connected to Internet without antivirus software. I was blind and didn’t notice I don’t have load a virus program. I have tried to run Windows Update and there were a lot of secure patches. However all programs failed to install. I know Microsoft has stop support Win 98. Only Internet sp1 can be used, not sp2 as it is for XP.
To get rid of that, perhaps I must reinstall Windows and instead for 98 install Win Me as I have on a disc for upgrade.

My firewall has this URL on the site lists: 195. 225. 177. 22. I don't know what this is, but I have remove it, but as far I load Internet it comes back. :?

Take care!
Lagu :shock: :cry:

[Empty_5oul]

try adaware / spybot. I believe there are sweedish versions of both of these.
It would appear you have removed the bulk of the problem but you also got some form of hijacker which still has control of your browser.

[Ototero]

Lagu, I've just read about this.

Try http://derbilk.de/SpSeHjfix109.zip. This is the Win 9x version.

Or try http://cwshredder.net/bin/CWShredder.exe

Good luck

[Empty_5oul]

if you use CW shredder be sure to check the version number, there are many around the net.