Just got a brand new machine(Windows XP Home). Installed Norton Antivirus 2003 and ran Live Update. Instead of the normal update window a Symantec message appeared saying that an intruder has changed some settings. This message won’t go way, and any attempt to use Norton again closes it down. Symantec advises running Live Update but it won’t let me ! Uninstalled and reinstalled Norton but same thing happens. Uninstalled again and tried to install AVG instead. AVG also closed down after a few seconds. Tried in safe mode but same again. Noticed that when on line I am sending as much as receiving…odd surely? Presumably a virus but since can’t use a virus checker I don’t know which one. Anyone any ideas how to get out of this mess ? Thanks. Ken

Ken, I had a similar problem with a friend's laptop. This is what I found: 1. He had many viruses (virii) in his machine. Namely, Nachi worm, Gaobot.A.; Gaobot.B, and some others cannot remember. 2. Gaobot (or some variation of this) was causing the antivirus (norton)to be disable as soon as boot up time. My solution: 1. Detach machine from Lan/internet 2. use any other antivirus(other than norton) or use the free tool "stinger" from network associates 3. Clean the machine using the above tool 4. Install a firewall (sygate personal is free) 5. Install your antivirus 6. connect to lan/internet and download all security patches for ms xp. notes: some of these viruses are pretty nasty with some replacing files such as svchost for SCVHOST (NOTICE THE SWITCHED V AND C). For some of the variants you might have to go to the registry and delete some entries manually. Good luck! Post back if more help needed. GIS_tech

Ken, GIS_tech gave you good advice. You may also want to follow the instructions under "Do this first: Step 1: Check a Windows file" for Windows XP at the link below because I'd be willing to bet that your hosts (no extension) has been altered and is the reason you can't update your Norton AV program. Norton Live Update Problems The hosts (no extension) file you want to check is located in your C:\Windows\System32\drivers\etc directory (folder). Below is what it should look like. ____________________________________________ # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ____________________________________________ Open it in notepad and remove any entries below 127.0.0.1 localhost DO NOT REMOVE THE 127.0.0.1 localhost Close notepad and save the changes. Hope This Helps, Tufenuf

hi ken, all the above is good advice and should be followed. try this also if you wish: disable your system restore to flush out your system. go to www.hauriusa.net and install the VIrobot anti-virus, get the latest defs. reboot into safe mode, scan with hauri anti-virus, also if you have spybot, adaware and a trojan scanner such as a free 30 day trial of trojan hunter, it would be a good idea to scan with them also. delete all files that they come up with, clean your cache, temp files, history and cookie folder and recycle bin. reboot your computer into normal mode, and re-enable your system restore. all the best, murve

Resources: STINGER http://vil.nai.com/vil/stinger/ PANDA QUICK REMOVER: http://www.pandasoftware.com/download/utilities/ good luck!!! GIS_tech

Trojans that kill AV programs and Firewalls use a cyclic process killer. They look for the av process every 10 seconds or so and kill any found. You need to kill the trojan process, i would suggest using a good process killer like winpatrol. Once the trojan process has been killed, reinstall your av software and it will be able to remove the trojan for more help on trojans visit http://www.anti-trojan.org

Thanks all. In the event nothing worked. It was the Gaobot virus. So resorted to format c and started over. Why oh why do people do this !!!!!