Norton issue with Apophysis Uninstaller.

isis44
2009-11-01
2013-04-25
  • isis44

    isis44 - 2009-11-01

    I had decided to uninstall all my Apophysis versions (5) due to 2.08JK and 2.09 constantly crashing. After saving all my .flame files, scripts, gradients etc I tried to uninstall 2.02 but Norton wont allow it after finding gert0.exe in the Apophysis Launcher/Uninstaller. I did the usual and googled it to find it descibed as malware. I tracked it down in my Documents and Settings/username/Local Settings/Temp-gert0.dll.
    Im hoping it is part of the uninstaller for Apo 2.02 because it keeps reappearing after I delete it and try and run the uninstaller for 2.02 again.
    Will I have to disable Norton to proceed with the uninstall? And will Norton block Apophysis when Im ready to reinstall everything again?
    I see in a previous thread 'Trojan in Apophysis' 2009-04-25 windyw may have had a similar situation but with a different AV program. Some confirmation that gert0.dll or exe is used for install/uninstall only would be reassuring. Regards, Catherine.

     
  • Windy

    Windy - 2009-11-01

    From a little bit of reading I would suspect that you have been hit by a Trojan. I would not suggest turning off your AV program yet, but do go through your system with a good Malware/Spyware cleaner. It might take a few goes to get rid of any problems (you will be surprised how many those things turn up).  People here might be able to advise on good programs to use.
    From what I can work out this type of threat installs it into the registry and is not easy to get rid of and uninstalling Apophysis may not get rid of the problem (it has probably put itself in other areas as well).

     
  • Visible Spirit

    Visible Spirit - 2009-11-01

    **Hi Catherine**,

    I don't know about this file Norton AV found, but a quick search produced  results. A link to a forum I followed had . A site called  as well-(first link on the forum post I linked to here). I also did a search on , which is a highly reputable site regarding security threats in the computer world and didn't produce any results. That's not to say it's not a possible threat because it may be a new one not highly documented yet. Seems there is a legitimate Windows library file with the same name and Norton may have produced whats called a 'False Positive' report. Norton and Semantic AV app's are known to do this more so then many other AV app's.

    I personally don't like Norton or Semantic AV app's, and both can be problematic to remove completely from a Windows OS. If you decide to do so, I highly recommend the free home/personal use version of Avast AV. When I bought a Windows loaded PC, it came with Norton AV and gave me nothing but problems with *constant* false positives etc.. I did my homework, ripped Norton AV out, and replaced it with  and haven't had one problem with things since in the last several years I've been using Avast AV. I even use  on my current primary PC and like it very much. It wil run for 60 days from initial installation without a license. The only requirement Avast AV has is to register for a free license which is renewable once a year via an email account. Otherwise it's totally free for home and personal use. Besides, it'll save you $30+ a year for a license fee-(or whatever Norton and/or Semantic costs these days) and is rated as one of the top performing and reliable AV products on the market today.

    I post all this because I had problems out the wazoo with those other AV products-(yep, I tried Semantic as well) and hope this is of some help to you and your seeming problem. It goes without saying that you should resolve the current problem you have first and do a *complete* thorough/deep AV scan of your system before installing any new AV application. If the gert0.dll file replaces itself once you remove it and haven't tried to reinstall any app's, I'd say you have a bonafide Trojan that has placed an entry in your registry file so it can't easily be removed. If that's the case, the forum link I posted is likely your best advice it seems at this point to remove and/or deal with it(?).

    Another application I like for Windows is . It's free also. It *may*-not treat your particular problem of the moment, but it certainly saved my butt more than once and I highly recommend it as well. Others here may have more or better advice, but this is the best I can do to help. Good luck with things.

    **Visible Spirit**

      : http://clusty.com/search?input-form=clusty-simple&v%3Asources=webplus&query=??=gert0.dll
      : http://forums.flightsim.com/vbts/showthread.php?t=275819
      : http://www.threatexpert.com/files/gert0.dll.html
      : http://secunia.com/
      : http://www.avast.com/eng/avast_4_home.html
      : http://www.avast.com/eng/avast-for-linux-workstation.html
      : http://www.safer-networking.org/index2.html

     
  • isis44

    isis44 - 2009-11-02

    Thanks so much for all your help Visible Spirit and Windyw.  Im not really sure which road to take as yet until I (hopefully ) hear back from Zueuk (I thought it may be possible that the legitimate 'gert0.dll' may be used in the Uninstaller for Apophysis 2.02 and Norton is picking it up as a false posiitve.). I run full system scans daily and this 'gert0.dll' doesnt show up in any scan results-it only shows up in my temp file when I try and uninstall Apophysis 2.02.I then ran a custom scan on my temp file only and 'gert0.dll is NOT picked up as a threat or a security issue.  Which is why Im hoping it may be the legit part of the uninstaller package that Visible Spirit  mentioned. Norton picks it up as soon as I run the uninstaller through its SONAR feature.
    All my versions of Apophysis have been obtained from Sourceforge so I know they are all clean.
    I will certainly look into the additional protection measures you've mentioned-I might add another to your list-McAfee SiteAdvisor is free and pops up beside any Google search to advise if any security issues have emerged from that particular site, in addition to the similar one that comes with Norton if they're BOTH any other colour than a green tick I just dont visit that site.
    I will continue to check back here and update when I've found an answer or solution. Many thanks, Catherine.

     
  • Visible Spirit

    Visible Spirit - 2009-11-03

    **Catherine**

    Your welcome.

    My apologies for overlooking this obvious tool.  is a great tool, but I don't take it 100% literally anymore without checking the report page for a particular site in question. To avoid any site it lists other than green is to leave yourself out of many good sites. Reading the report page of *any* site in question and understanding why they've listed it as such is highly recommended. Then judge from there whether or not it's a site you want to avoid parts-of, certain user activities within, or the entire site all together. SiteAdvisor lists sites as yellow and even red that later are changed to a green status. The various reasons they list a site as risky doesn't always mean it is.

    Example: A web site is listed as red. Reason: Bad dangerous downloads or links to other red sites. My reaction: I'll go there anyway to read what I'm interested in but I won't dwnld anything or click on any links directly. If I'm interested in a link I r-click it, choose "Save link location…" , paste it into a text editor and extract the actual link to the site of interest, go to SiteAdvisor and again see what the report page for that site is and go from there. Extracting the link serves two purposes. 1)It eliminates a tracking click-through from site 'A', 2) lets me see that it's actually linked to site 'B'. This isn't always fool-proof because some links are encoded and you can't extract the actual site link. In this case, look at the link/adv on to see a link within or under the adv on the current page your on. Copy/paste or type it into the URL bar of your browser Once there, search the site manually for whatever iot was that got your interest in the first place.

    =====

    Another great tool I very highly recommend and trust more than SitAdvisor is . This is a user community controlled rating system which each person that has installed can register and rate every site they go to if desired. Users over time become more reputable such as with SiteAdvisor the more they rate sites. Registration is not required to benefit from WOT. It also works on the Green Yellow, Red color rating system via what looks like a ring or donut on your browsers toolbar. As well, it places colored rings next to your search engine results regardless of the major search engine of choice. i.e… Google, Yahoo, MSN, Bing, and last but not least …my personal favorite bar none - =(a meta search engine that queries *all* the other search engines at once, offers category tabs, custom settings, and a remix button if the results aren't exactly what you expected).

    Both SiteAdvisor and WOT are available for the  and IE browsers.

    Note: <u>Clusty</u> was originally designed as an internal company research search tool which was later released to the public and is very popular. I usually find what I'm after faster than I ever did on Google and I *rarely* go past the first page of returned results. Definitely worth a look and the time to .

    **Regards, Visible Spirit**

      : http://www.siteadvisor.com/
      : http://www.mywot.com/
      : http://clusty.com/
      : http://www.mozilla.com/en-US/firefox/upgrade.html
      : http://clusty.com/about

     
  • isis44

    isis44 - 2009-11-03

    **Visible Spirit**
    Im very grateful for the additional security information.
    In the years that I've been using the internet this 'gert0.dll' is the only suspicious thing that has ever made it into my computer. I'm obsessive to the point of being anal which is why I'm still hopeful that it's part of  the 2.02 installation package.
    I miss my Apophysis and would like it up and running soon.
    Thanks again, Catherine.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks