You are here: Home > Norton Internet Security 2009 Review

Norton Internet Security 2009 Review

Hi Everyone!  I uploaded the 8 part Norton Internet Security Review to YouTube.  You can watch any of my reviews  by going to YouTube.com/mrizos.

NIS2009 performed pretty well!  It removes a lot of serious malware, however it leaves behind a little adware (vundo) and a few trojan downloaders (the exe’s).  Here is the HiJackThis log after a FULL scan and removal.  Items bolded are malware files or malware based registry entries that NIS2009 did not detect:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:40 AM, on 9/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe
C:Program FilesJavajre1.6.0_04binjusched.exe
C:Program FilesVMwareVMware ToolsVMwareTray.exe
C:Program FilesVMwareVMware ToolsVMwareUser.exe
C:WINDOWSsystem32regsvr32.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesVMwareVMware ToolsVMwareService.exe
C:Program FilesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSSoftwareDistributionDownload66b1d8e81a20b4b541ab3e558f2fd638updateupdate.exe
C:Program FilesJavajre1.6.0_04binjucheck.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
O2 – BHO: (no name) – {01BA2111-5518-D0C8-A667-01E739079356} – C:WINDOWSsystem32tnxqilzf.dll (vundo)
O2 – BHO: (no name) – {182C7ED7-E56D-4509-9D9B-AC49318D9895} – C:WINDOWSSystem32urqqrsr.dll (file missing)
O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:Program FilesNorton Internet SecurityEngine16.0.0.125coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:Program FilesNorton Internet SecurityEngine16.0.0.125IPSBHO.DLL
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre1.6.0_04binssv.dll
O2 – BHO: (no name) – {7C109800-A5D5-438F-9640-18D17E168B88} – (no file)
O2 – BHO: 717305 helper – {963916CD-6311-485D-93DC-3BD1B9E2D2CB} – (no file)
O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:Program FilesNorton Internet SecurityEngine16.0.0.125coIEPlg.dll
O4 – HKLM..Run: [SunJavaUpdateSched] “C:Program FilesJavajre1.6.0_04binjusched.exe”
O4 – HKLM..Run: [VMware Tools] C:Program FilesVMwareVMware ToolsVMwareTray.exe
O4 – HKLM..Run: [VMware User Process] C:Program FilesVMwareVMware ToolsVMwareUser.exe
O4 – HKLM..Run: [wofgrqls] C:WINDOWSsystem32wofgrqls.exe
O4 – HKLM..Run: [apadibub] regsvr32 /u “C:Documents and SettingsAll UsersApplication Dataapadibub.dll”
O4 – HKCU..Run: [MSMSGS] “C:Program FilesMessengermsmsgs.exe” /background
O4 – HKLM..PoliciesExplorerRun: [rTwrdHqj21] C:WINDOWSwpopejyl.exe
O4 – HKLM..PoliciesExplorerRun: [J286hthVnp] C:WINDOWSwpopejyl.exe
O4 – Startup: LimeWire On Startup.lnk = C:Program FilesLimeWireLimeWire.exe
O7 – HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:Program FilesMessengermsmsgs.exe
O15 – Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 – DPF: {2F0E7094-51A2-ECEB-8CF6-EF32B5ECD15E} – http://virusremover2008.com/VRM_Free.exe
O16 – DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) – http://www.av-xp2008.com/tools/virusremover.dll
O16 – DPF: {C931FDF3-0319-0CAE-6DFD-8D061EABF08D} – http://virusremover2008.com/VRM_Free.exe
O21 – SSODL: zip – {177ab526-6b94-4cc2-b303-c1b6a4070316} – C:WINDOWSInstaller{177ab526-6b94-4cc2-b303-c1b6a4070316}zip.dll (file missing)
O21 – SSODL: CheckMon – {b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b} – C:WINDOWSInstaller{b62df42a-0f78-46d6-81d0-3f0ae0d8dc6b}CheckMon.dll (file missing)
O22 – SharedTaskScheduler: frowardness – {b0fdc513-46b9-46fc-8e70-d575ee546dae} – (no file)
O23 – Service: Norton Internet Security – Symantec Corporation – C:Program FilesNorton Internet SecurityEngine16.0.0.125ccSvcHst.exe
O23 – Service: VMware Descheduled Time Accounting Service (vmdesched) – VMware, Inc. – C:Program FilesVMwareVMware Toolsvmdesched.exe
O23 – Service: VMware Tools Service (VMTools) – VMware, Inc. – C:Program FilesVMwareVMware ToolsVMwareService.exe


End of file – 4441 bytes

Over all, that’s not too bad.  The malware left behind could easily be removed with a combination of mbam and sas (or it could be removed manually).

I have to really hand it to Symantec, their products are getting better and better these days!!!  …com’on you’ve got to admit it…





, , , , , , , ,

  • James

    personally, I still hate all the norton products, because they always seem bloated and slow. I much prefer Symantec Corporate, it’s alow faster and lighter.

  • robin

    Im using nis right now too and it works great. Fast reboots, works fast, and is pretty light on system resources. Good dectection rate too^^. Ow and this is the info i found about sonar on there site:

    NEW! Real-time SONAR (Symantec™ Online Network for Advanced
    Response) helps prevent bots from taking control of your PC

  • Jimmy

    I always find the easiest way to clean up infected computers it first, run the Avira Rescue CD (the boot cd), then run avast linux edition in Ubuntu (to detect the stuff avira misses (it’s not much but meh)), and then I run Spyware Doctor + AV in safe mode. Its generally alot quicker to start with teh boot CD’s as they remove the malware without it slowing scans or slowing the PC. If the computer is still infected then it’s time to take off the gloves and run everything on my memory stick…..

  • Justin Bundy

    Yeah, I have got to admit I was a long time Norton Basher and it still isnt my favorite AV. But NAV09 is ALOT better than previous versions, seems faster and also seems to clean alot more detected malware.

  • Justin

    Yeah, I have to admit I was along time Norton basher and it still isn’t my favorite AV. But NAV09 is ALOT better than previous versions, alot faster, and also seems to be able to clean alot more of detected malware

  • knicksfan3

    Latest AV-Comparatives REPORT

    Total detection rates:
    1. AVIRA 99.2% (99.6%)
    2. GDATA 99.1% (99.5%)
    3. Symantec 97.9% (99.0%)
    3.• McAfee+Artemis (Enterprise) 97.8% (99.0%)
    4. Avast 97.3% (98.7%)
    5. TrustPort 97.2% (98.7%)
    6. Kaspersky 95.1% (97.6%)
    7. AVG 94.3% (97.3%)
    8. ESET 93.0% (96.6%)
    9. BitDefender 92.4% (96.4%)
    10. F-Secure 91.1% (95.8%)
    11. eScan 91.0% (95.7%)
    12. Sophos 90.1% (95.3%)
    13. Norman 88.5% (94.5%)
    14. Microsoft 84.6% (92.6%)
    15. McAfee (Home User version) 84.4% (92.5%)
    16. VBA32 71.9% (86.5%)

  • juraj

    hey matt,

    I know that AVG failed to install when you tried it but just to make sure try out a new download from download.com. Also try to use avast and scan it with a full scan and not just a boot time scan.

    sincerely,

    Juraj

  • VJ

    Hi Matt,
    Nice touch of adding the HijackThis! logs. Really helps pro users. The rest have the videos.

  • robin

    damn gdata is realy good, especialy now it uses the avast and bitdefender engines

  • Jonas

    Hey Matt, Good Review about MBAM. Can i use Mbam with other Anti-Malware solutions like Panda, Kaspersky or F-Secure?
    Or will my computer collapse ? :P

    I hope you will Review the new version of F-Secure =)

    Jonte

  • malwarekilla

    @ everyone – thanks for the comments. Currently I’m working on:

    -improving testing procedures and results
    -how I clean malware video
    -FSecure review
    -GDATA review

  • Dvader

    Very good site and good work. I wonder why AV’s still have a lot of trouble in fixing vundo-infections?

  • malwarekilla

    @ Dvader – thanks so much! I’m not sure, but if other malware adopts the same technology that the vundo malware uses to stay undetected then we are in a world of hurt.

  • dany

    Why has norton 5 stars? He couldn’t clean all malware!!!4 stars and that’s it!!I know it’s an U.S product but i realy don’t care about that, he doesn’t diserve to be in the Major league.

  • Dave

    Adding &fmt=18 at the end of the youtube URLs for this review makes the text on the recording readable.

  • Collin

    Remember that those supposedly infected files were only detected by 4/32 antivirus engines as infected, with Sophos being the only major one.


Remove-Malware Traffic Stats