Kansas Tech Consultants Blog

I have two servers at the same library with the exact same symptoms. When I try to do Windows Updates, IE stops responding. Symantec Corporate Edition has realtime protection disabled even though it is enabled in the settings. If I try to do a manual scan, it aborts before the window even opens, with the message aborted by user. When ever I try to go to an anti-virus website, IE stops responding. I downloaded the latest version of Stinger on another computer, copied it to the servers and ran it, it found nothing. Ad-aware and spybot have not found anything.

Booting into safe mode w/ network support, I was able to get the Panda online scanner to run, but it did not find anything. I was also able to do a Windows update, but it did not solve any problems. The hosts file only has one entry for local host - 127.0.0.1, I believe that is correct. The Symantec manual scan works in safe mode, but finds nothing. I tried to install baseline security analyzer in safe mode, but it will not run with out MS Installer, and in normal mode, it freezes when you try to open it.

Hijack this, doesn't find anything alarming. Is there something I am overlooking? Everything is working so far, but I just don't trust the system. I have a feeling that it may have been zombiefied, but I can't get any information out of it. Also, HKLM, and HKCU show only NAV products loading at startup.

Thanks for any suggestions.