|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
LadyL
Lieutenant
Joined: Oct 11, 2002
Posts: 150
Location: USA
|
 Posted: Sun May 23, 2004 3:15 pm Post subject: |
|
|
Thanks...as I have WinME...that doesn't do me any good at all...no access to any other OS either.
Thanks, anyway. 
_________________
Lonnie |
|
| Back to top |
|
 |
ronf
Cadet
Joined: Jun 08, 2004
Posts: 5
Location: USA
|
| Posted: Tue Jun 08, 2004 2:10 pm Post subject: |
|
|
Hi! I'm having the same problem but you guys are speaking greek, and I don't speak greek! 
I have the same problem: c:\\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
The only reason I came across this is because Startup Mechanic picked it up. It says it's harmful and it was added as a result of the ASSASIN D. VIRUS. It gives you the opportunity to disable it, which I've done. I've looked all over the place to get info on how to get rid of this. The info Symantec gives on getting rid of the Assasin d. virus doesn't apply for some reason, can't find any of the values in regedit. Is this something I'm just stuck with? |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Tue Jun 08, 2004 3:28 pm Post subject: |
|
|
| ronf wrote: |
. . . . I have the same problem: c:\\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
The only reason I came across this is because Startup Mechanic picked it up. It says it's harmful and it was added as a result of the ASSASIN D. VIRUS. It gives you the opportunity to disable it, which I've done. I've looked all over the place to get info on how to get rid of this. The info Symantec gives on getting rid of the Assasin d. virus doesn't apply for some reason, can't find any of the values in regedit. Is this something I'm just stuck with? |
Not so fast. Which version of NIS/NPF are you running?
When was LiveUpdate last run?
What operating system are you using?
Find SNDMON.EXE, right-click on it, select Properties ... and note the version/build you are using (typically found on the second tab in the window that pops up).
Search for symids*.* on your machine. For each file found, please go through the same procedure described above: Right-click on the file, select properties and then note down and post the version/build information found.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
ronf
Cadet
Joined: Jun 08, 2004
Posts: 5
Location: USA
|
| Posted: Wed Jun 09, 2004 11:36 am Post subject: |
|
|
I have NAV 2004, Internet Connection Firewall and Windows XP Home Edition. I run Ad-aware, Startup Mechanic, Spyware Blaster every morning. I run NAV once a week. I check LiveUpdate about every three days, last checked this morning.
I should tell you I just upgraded to NAV 2004 about a month ago. I had NAV 2002. Thank you for your help!
This is what I found:
SNDMON- 5.3.1.9
6 entries for symids:
symids.vxd-
symIDSCo.vxd-
symids- 5.2.0.108
symIDSCo- 5.2.0.108
symids- 5.3.1.54
symIDSCo- 5.3.1.54 |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Wed Jun 09, 2004 11:58 am Post subject: |
|
|
| ronf wrote: |
| I have NAV 2004, Internet Connection Firewall and Windows XP Home Edition. . . . |
Acknowledged.
| Quote: |
This is what I found:
SNDMON- 5.3.1.9 |
That's the latest version of which I am aware unless they release something new today.
But, what follows is interesting:
| Quote: |
6 entries for symids:
symids.vxd-
symIDSCo.vxd-
symids- 5.2.0.108
symIDSCo- 5.2.0.108
symids- 5.3.1.54
symIDSCo- 5.3.1.54 |
Where are the two entries with no build information located?
Where are the two entries that are build 5.2.0.108?
Where are the two entries that are build 5.3.1.54 (which should be the most recent)?
While you're doing that, I'll see if I can get Randy Bell on this thread, also.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
| Posted: Wed Jun 09, 2004 12:14 pm Post subject: |
|
|
| ronf wrote: |
| The only reason I came across this is because Startup Mechanic picked it up. It says it's harmful and it was added as a result of the ASSASIN D. VIRUS. |
I have that same thing on son's box {Win98SE, NAV 2002}. This is a misleading and false statement by System Mechanic due to it is matching "SNDMON.exe" with some malware infect-file in its database. 
Last edited by Randy_Bell on Wed Jun 09, 2004 12:22 pm, edited 2 times in total
|
|
| Back to top |
|
|
ronf
Cadet
Joined: Jun 08, 2004
Posts: 5
Location: USA
|
| Posted: Wed Jun 09, 2004 12:14 pm Post subject: |
|
|
6 entries for symids located in C:
symids.vxd- My Documents
symIDSCo.vxd- My Documents
symids- 5.2.0.108- My Documents
symIDSCo- 5.2.0.108- My Documents
symids- 5.3.1.54- System 32\drivers
symIDSCo- 5.3.1.54- System 32\drivers |
|
| Back to top |
|
|
ronf
Cadet
Joined: Jun 08, 2004
Posts: 5
Location: USA
|
| Posted: Wed Jun 09, 2004 12:22 pm Post subject: |
|
|
| So there's nothing to worry about? I can go ahead and re-enable this? Dis-enabling this has not affected anything that I'm aware of. Thank you! |
|
| Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
| Posted: Wed Jun 09, 2004 12:24 pm Post subject: |
|
|
| ronf wrote: |
| So there's nothing to worry about? I can go ahead and re-enable this? Dis-enabling this has not affected anything that I'm aware of. |
Yes, go ahead and re-enable it. Symantec recommends against disabling SNDMON.exe -- I realize Symantec has done many undesirable things with LiveUpdate, but infecting you with Assassin.D is not one of them!
|
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Wed Jun 09, 2004 12:27 pm Post subject: |
|
|
| ronf wrote: |
| So there's nothing to worry about? I can go ahead and re-enable this? Dis-enabling this has not affected anything that I'm aware of. Thank you! |
Agree with Randy, now that I know where the various copies are.
You should be good to go.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
ronf
Cadet
Joined: Jun 08, 2004
Posts: 5
Location: USA
|
| Posted: Wed Jun 09, 2004 1:45 pm Post subject: |
|
|
Thank you very much for the help!!  |
|
| Back to top |
|
|
LadyL
Lieutenant
Joined: Oct 11, 2002
Posts: 150
Location: USA
|
| Posted: Thu Jun 24, 2004 6:30 pm Post subject: |
|
|
Very slow IE, etc.
Decided to re-read this entire thread.
Last LUdate was today...Norton Internet Security security updates (1188.7kb) > rebooted.
Have to say that when I had to wipe my HDD and re-install everything last night/this morning (MAJOR crash - don't ask  ), did ALL the updates for Symantec products (SW2002 & NPF2002)...installed the SNDMon.EXE again....gawd...I'm just crawling in IE...and I have cable, too!
Anyway, I decided to find those goodies listed above...and here's what I found:
Symredir.dll 5/13/4 5.3.1.54 C:\WINDOWS\SYSTEM
Symdns.vxd " " "
Symredrv.vxd " " "
Symtdi.vxd " " "
Symidsco.vxd " " "
Symfw.vxd 5/18/4 5.3.1.55 "
Symids.vxd 0 0 0
SNDMon.EXE 5/21/4 5.3.1.9 C:\Program Files\Symantec
Remember, I'm running WinME
Any help with this data for you, jvmorris?
_________________
Lonnie |
|
| Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 52
Location: USA
|
| Posted: Thu Jun 24, 2004 7:02 pm Post subject: |
|
|
| LadyL wrote: |
Very slow IE, etc.
Remember, I'm running WinME |
See Gwellin's post at BBR for the possible fix for your O.S. -- http://www.dslreports.com/forum/remark,10388846 -- {you might want to wait for jv's input/approval before you follow Gwellin's fix for 9X systems}. I assume WinME is more like 9X than like 2K/XP -- as, although it is a "hybrid" between 98SE and 2K, it still uses a 9X kernel {someone correct me if wrong but I think this is right, WinME is still based on 9X and not NT kernel}. Whatever you do, it might also be good to image your system {with Norton Ghost, Acronis True Image, etc.} if you can, before making any changes -- or at the least, you can rename files being replaced to *.old or something, and make backups, so you can restore those files if something goes wrong. Good Luck!
|
|
| Back to top |
|
|
LadyL
Lieutenant
Joined: Oct 11, 2002
Posts: 150
Location: USA
|
| Posted: Thu Jun 24, 2004 9:26 pm Post subject: |
|
|
Randy...I will wait for jv's yea/nay as to the 'fix' . I am actually scared s***less right now about attempting anything like that... I'm a 'fraidycat' when it comes down to trying 'fixes' on stuff I really don't comprehend! 
I'm having such a hard time even typing this and posting replies anywhere on Forumsites I am a member...sooo slow and new batteries/updated drivers too!
I hate baddies of any kind...hackers and crappy Product updates! I also dread having to uninstall my firewall and reinstalling it!
HELP...just got another alert from Norton that the Trojan horse Sokets de Trois v1 attempted access...shoot all those baddies that think up this crap! 
As to doing an image of my stuff...I can only do a 'system restore point'...but if I do that and have to use it, that actually makes my NAV defs get fubared!
_________________
Lonnie |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 152
Location: USA
|
| Posted: Thu Jun 24, 2004 10:33 pm Post subject: |
|
|
| LadyL wrote: |
Randy...I will wait for jv's yea/nay as to the 'fix' . . . .
|
My apologies; I didn't get an autonotification that the thread was active again. (thanks, Randy)
Go with the symids.vxd fix (I think that's in Gwellin's post, but if not I'll find it for you) for Win 9x/ME. Works just fine, as long as you follow the directions, as sonofjay subsequently confirmed and I myself have applied after reinstalling NIS 2002. (Also have other confirmation.)
Now, due to the presence of sndmon.exe and sndsrvc.exe, you may find that system boot-up and switching accounts takes more time, but your basic browsing and e-mail should go back to what you were accustomed to pre-12 May.
Oh, something is happening in general this evening. I've noticed it on several sites; things are running much slower than normal, but that's not related to NIS/NPF 2002.
Today's LiveUpdate should have been almost exclusively updates to the auto-configuration templates, not to program code for rules. (And I'm not exactly sure why that what necessary as they just put one out about a week ago.)
| Quote: |
| HELP...just got another alert from Norton that the Trojan horse Sokets de Trois v1 attempted access...shoot all those baddies that think up this crap! |
Go into Default Trojan rules and turn off Alert for Sokets de Trois in the tracking tab; there are so many baddies out there hitting Port 5000 at the moment, it will drive you nuts. (Everything still works the same; you just don't get your teeth rattled.)
Will check settings to ensure I am still following this thread.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
