Not what you are looking for? Ask the experts!
Get many pop up warnings, but no detection in scans.
I started getting a pop-up warning about every 2-3 minuites from Norton thursday afternoon. It said the following:
Auto-Protect blocked security risk Trojan Horse Your computer is secure.
If I hit the details link Norton opens up with the following:
Details: Many Users, High Risk
Activity: File Action, Blocked c:\windows\syswow64\drivers\up.new.exe
I looked in this location and noticed that the up.new.exe would vanish then return in a few moments over and over. Like something was installing it to run it and then removing it to hide it.
I also found some files that are unknown to me. There are 2 apps named Safesurf and Safeguard. Both seem to come from a Jetswap. There are also some txt files named auth, block, log and state and there is a folder called f. Inside the f folder there is a app named jet and a txt file named sfa.
I believe all of these files and folders are connected to the up.new.exe
I done several searches for the terms Jetswap, Safesurf and up.new.exe. All I could find were refernces to the fact that jetswap at one time ran a up.exe as part of their safesurf program.
This program uses what windows considered "safe and normal" file and coding types to run. This may be why Norton is not detecting it is scans. It seems that it is installed under the radar in a malicious way through banner adds on "default" pages for sites that no longer exist, free ringtone sites and free mini game sites and it is used to make the person installing it money by causing your browser to surf the web in a unseen silent mode and click on adds and then give credit for the clicks to the person that slipped it into your system.
In my searches I found one reference to a solution to get rid of it at soybot s&d forums, but they were dealing with Jetswap, Safesurf, up.exe not up.new.exe. I assume that the up.new.exe is a "new" form of the up.exe.
Is there a way to get this set of Trojan Horse files added to Norton's detections so it will find and recognise it as a threat and remove it? Also any help with getting rid of this from my system would be a great help.