• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Get many pop up warnings, but no detection in scans.

I started getting a pop-up warning about every 2-3 minuites from Norton thursday afternoon. It said the following:

Auto-Protect blocked security risk Trojan Horse Your computer is secure.

If I hit the details link Norton opens up with the following:

File Insight
Details: Many Users, High Risk
Origin: up.new.exe
Activity: File Action, Blocked c:\windows\syswow64\drivers\up.new.exe

I looked in this location and noticed that the up.new.exe would vanish then return in a few moments over and over. Like something was installing it to run it and then removing it to hide it.
I also found some files that are unknown to me. There are 2 apps named Safesurf and Safeguard. Both seem to come from a Jetswap. There are also some txt files named auth, block, log and state and there is a folder called f. Inside the f folder there is a app named jet and a txt file named sfa.
I believe all of these files and folders are connected to the up.new.exe

I done several searches for the terms Jetswap, Safesurf and up.new.exe. All I could find were refernces to the fact that jetswap at one time ran a up.exe as part of their safesurf program.
This program uses what windows considered "safe and normal" file and coding types to run. This may be why Norton is not detecting it is scans. It seems that it is installed under the radar in a malicious way through banner adds on "default" pages for sites that no longer exist, free ringtone sites and free mini game sites and it is used to make the person installing it money by causing your browser to surf the web in a unseen silent mode and click on adds and then give credit for the clicks to the person that slipped it into your system.

In my searches I found one reference to a solution to get rid of it at soybot s&d forums, but they were dealing with Jetswap, Safesurf, up.exe not up.new.exe. I assume that the up.new.exe is a "new" form of the up.exe.

Is there a way to get this set of Trojan Horse files added to Norton's detections so it will find and recognise it as a threat and remove it? Also any help with getting rid of this from my system would be a great help.

Thanks.

Replies

Kudos0

Re: Get many pop up warnings, but no detection in scans.

I started getting a pop-up warning about every 2-3 minuites from Norton thursday afternoon. It said the following:

Auto-Protect blocked security risk Trojan Horse Your computer is secure.

If I hit the details link Norton opens up with the following:

File Insight
Details: Many Users, High Risk
Origin: up.new.exe
Activity: File Action, Blocked c:\windows\syswow64\drivers\up.new.exe

I looked in this location and noticed that the up.new.exe would vanish then return in a few moments over and over. Like something was installing it to run it and then removing it to hide it.
I also found some files that are unknown to me. There are 2 apps named Safesurf and Safeguard. Both seem to come from a Jetswap. There are also some txt files named auth, block, log and state and there is a folder called f. Inside the f folder there is a app named jet and a txt file named sfa.
I believe all of these files and folders are connected to the up.new.exe

I done several searches for the terms Jetswap, Safesurf and up.new.exe. All I could find were refernces to the fact that jetswap at one time ran a up.exe as part of their safesurf program.
This program uses what windows considered "safe and normal" file and coding types to run. This may be why Norton is not detecting it is scans. It seems that it is installed under the radar in a malicious way through banner adds on "default" pages for sites that no longer exist, free ringtone sites and free mini game sites and it is used to make the person installing it money by causing your browser to surf the web in a unseen silent mode and click on adds and then give credit for the clicks to the person that slipped it into your system.

In my searches I found one reference to a solution to get rid of it at soybot s&d forums, but they were dealing with Jetswap, Safesurf, up.exe not up.new.exe. I assume that the up.new.exe is a "new" form of the up.exe.

Is there a way to get this set of Trojan Horse files added to Norton's detections so it will find and recognise it as a threat and remove it? Also any help with getting rid of this from my system would be a great help.

Thanks.

Kudos2

Re: Get many pop up warnings, but no detection in scans.

Interesting that Programs are just being installed and  chucked at the infection when it is not really known what the infection really is.  Like asking a user to use Malwarebytes on TDL3 and above

Norton may detect the Kaspersky Removal Tool while it is running and the McAfee tool is getting useless.

To the poster is this your thread on http://forums.spybot.info/showthread.php?t=59646

There are trained malware removal people on that forum and it's best to stick with them

Quads

Kudos0

Re: Get many pop up warnings, but no detection in scans.

By the way how affective is the Kaspersky virus removal tool and McAfee stinger?

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva EdisonI'm not a Symantec employee and my posts do not represent the views of Symantec.
Kudos2

Re: Get many pop up warnings, but no detection in scans.


Tywin7 wrote:

By the way how affective is the Kaspersky virus removal tool and McAfee stinger?


Well, seeing as you have recommended the tools to the user you must know how they work, the dangers, If they are old, effective for what types of Malware they are good for or what specific families.

Quads

Kudos0

Re: Get many pop up warnings, but no detection in scans.

I assume they are pretty good. Kaspersky virus removal tool is from Kaspersky, a reputable malware removal company, and Stinger is from McAfee. The tech guys at LBJ hospital in American Samoa use Stinger to remove viruses.  I am scanning with Kaspersky to get a second opinion with a different virus removal engine.

Edit: Kaspersky removal tool is taking more than 4 hours 30 minutes (and counting).  It currently on 99%.  Norton took about 40 min without skipping.

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva EdisonI'm not a Symantec employee and my posts do not represent the views of Symantec.
Kudos0

Re: Get many pop up warnings, but no detection in scans.

 Kaspersky virus removal tool is not a realtime AV like having NIS and KIS installed at the same time. You don't have to uninstall Norton.

At least I am getting laughs, classic thread for showing the forums danger.

UPDATE, this reply was to what a user said in the last message, which they have now deleted via editing.

Quads

Kudos0

Re: Get many pop up warnings, but no detection in scans.

I wonder why most people recommend malwarebytes' antimalware. I came across the kaspersky tool when scanning my computer with the tdds killer (clean). I was just worried whether I might have unknowingly contracted the tdds. Better safe than sorry! What will happen if you scan the tdds killer on a clean computer? What are the benefits? It only takes a few minutes so I run that tool once a month.
Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva EdisonI'm not a Symantec employee and my posts do not represent the views of Symantec.
Kudos2

Re: Get many pop up warnings, but no detection in scans.

This is the OP's thread.  Can we please focus on that without wondering off on a different topic?

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Get many pop up warnings, but no detection in scans.

Try to run Norton Power Eraser tool:

http://www.symantec.com/norton/support/DIY/index.jsp


Check if it detects any threats and if it does, please provide us the filename and other details. Don't fix any files now, you can fix those after getting confirmation in this thread. You can also try creating Norton Bootable Recovery tool in CD, and use it:

http://security.symantec.com/nbrt/nbrt.asp?lcid=1033

Let us know if you get any detections using any of the above tools.


Yogesh

Kudos0

Re: Get many pop up warnings, but no detection in scans.

If you have a Norton cd, try booting from the cd and run full scan from there. It might work. Also try running malwarebytes' antimalware and kaspersky virus removal tool. Another virus removal tool I've heard is McAfee stinger.  A different engine might catch the malware?

Norton Internet Security 2011 , Windows 7 Home Premium 64 bit (Check if you are eligable for a FREE Norton upgrade)Success is 10 percent inspiration and 90 percent perspiration.”--Thomas Alva EdisonI'm not a Symantec employee and my posts do not represent the views of Symantec.

Replies are locked for this thread.