Not what you were looking for? Ask our experts!
Reply
Regular Contributor
CalamitySusan
Posts: 43
Registered: ‎07-20-2010
Accepted Solution

Question about Norton Insight

I am easily alarmed about pop ups and other unfamiliar things happening. I am a Comcast customer using Norton 360. I cannot recall how I got this window with heading Norton Insight Network, but I am confused about the numbers displayed in that window.  The window showed the following:

           Norton Community

          File Count 120, 876,834 (from this an arrow pointed to the right and seemingly gave a breakdown)

          Breakdown:

                       Known good files=93,629,107

                      Building a reputation= left blank

                      Known bad files=27,247,679

and then below that:

          Your computer

          Insight Network=104

          Trusted Files=3,442.

 

My question is: Is this only telling me about my trusted files and nothing about possible files that if checked would be "known bad files". I have had some intrusion blocked and bloodhound exploit 387 blocked, which makes me wonder if I have anything on this computer that is bad. I have run Norton in safe mode and found nothing but tracker cookies, MBAM in safe mode found Malware Trace.  I just recently had someone checking my computer out when I had a "unknown network" message---he ran a lot of stuff along with a rootkit check which did not work. Norton 360 was installed then. He said my computer had minor issues, but was fine. The two blocked items came a week later.

 

Thanks for any reply or advise.

Calamity Susan

dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: Question about Norton Insight

The Norton Insight Network screen you saw is just an overview of the Norton Insight Community.  It tells you how many files total have been analyzed by the Symantec Insight Network, how many have been found to be acceptable, how many have been found to be bad (malicious) and how many are still being analyzed.  The report also shows how many times your system has accessed the Insight databases and how many of your files have been found to be good (Trusted).  The Help file for your Comcast security Suite has more information on what exactly Insight is and what Trusted files mean.

 

Your system is fine; this was just a report / information window that comes from clicking on the Insight Network menu choice on the GUI. 

Win7 x32 SP1
Volunteer
yogesh_mohan
Posts: 5,302
Registered: ‎07-29-2008

Re: Question about Norton Insight

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Question about Norton Insight

 I have had some intrusion blocked and bloodhound exploit 387 blocked, which makes me wonder if I have anything on this computer that is bad. I

 

________________________________________________________________________________

 

You are right to be concerned about this sort of notification.  Can you click on that notification or one like it, and then click "More Details."  It would be very useful to have a screen print of the results.  Paste the screen print into Paint, save as a JPEG to your desktop.  You will then be able to insert it using the little green tree in the menu bar of the reply editor.

 

Quite a few of the usual rootkit scans do not find them. 

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Regular Contributor
CalamitySusan
Posts: 43
Registered: ‎07-20-2010

Re: Question about Norton Insight

[ Edited ]

delphinium wrote:

 I have had some intrusion blocked and bloodhound exploit 387 blocked, which makes me wonder if I have anything on this computer that is bad. I

 

________________________________________________________________________________

 

You are right to be concerned about this sort of notification.  Can you click on that notification or one like it, and then click "More Details."  It would be very useful to have a screen print of the results.  Paste the screen print into Paint, save as a JPEG to your desktop.  You will then be able to insert it using the little green tree in the menu bar of the reply editor.

 

Quite a few of the usual rootkit scans do not find them. 


I probably had some other notification of the intrusion, but the picture I was able to come up with was from Norton 360's logs.

As I assumed from the community rules that possibly bad sites should not be posted and that personal information should not be posted either, i have "blackened out" the url and changed my user information to "user name". I am posting the jpg of the Security History Advanced details for the MSIE Java Deployment Toolkit Input Invalidation.

 

As for the Bloodhound Exploit 387, I got the number wrong: it is Bloodhound Exploit 337. I don't know how I mistook a '3'  as an '8'. The info on that exploit is:

c:\users\User name\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\09854aju\exemple[1].htm
____________________________
____________________________
On computer as of
7/11/2010 at 1:14:41 AM
Last Used:
7/11/2010 at 1:14:41 AM
Startup Item: No
Launched: No
____________________________
____________________________
Very Few Users
Fewer than 10 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Detection of a potential threat based on its behavior.
____________________________
Origin

Downloaded from  Not Available
____________________________
URL Not Available
UNTESTED

Source
exemple[1].htm
____________________________
File Actions
File: c:\users\user name\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\09854aju\exemple[1].htm
Blocked
____________________________
File Thumbprint:
19b75641d48ee18044fa60e762fe132b2d2209617c1595a28da38ca1ea920c9e
____________________________

I will post the picture of the log for this one as well.

The check for rootkit was a bit before these events occurred and I changed from Avast to Norton 360 The event of concern then was "network unknown" message and inability to connect to internet or get mail via Windows Mail.

I was double checking how Norton was working when I ran MBAM in safe mode and it found Malware trace:

The log is below:

:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4293

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

7/20/2010 10:37:26 PM
mbam-log-2010-07-20 (22-37-26).txt

Scan type: Quick scan
Objects scanned: 126215
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\User Name\list.txt (Malware.Trace) -> No action taken.

 

I hope you can easily follow what I have posted.

Calamity Susan

6683i157BB798D645C4A5

.6681i1A9EE780792AA5CE

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Question about Norton Insight

CalamitySusan:

 

I would recommend a visit to one of these forums for a check.  They have higher tech tools and a good deal of experience.  It would be good to have it checked out.  Peace of mind is a good thing.  Don't do any banking or other high security actions until checked clean.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Regular Contributor
CalamitySusan
Posts: 43
Registered: ‎07-20-2010

Re: Question about Norton Insight


delphinium wrote:

CalamitySusan:

 

I would recommend a visit to one of these forums for a check.  They have higher tech tools and a good deal of experience.  It would be good to have it checked out.  Peace of mind is a good thing.  Don't do any banking or other high security actions until checked clean.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/


Thanks for the advise; I may just do so if I can figure a way to post without posting any logs as it seems the first step in one of these forums is to post information about what is going on, but without any logs.

I have just found in Comcast forums some information about where Comcast customers who have the free version of Norton should post---Norton Other products forum.  Is there any difference that you know of in the logs of Comcast version of Norton 360(version I am using) and Norton 360 (regular paid version)? The Insight stuff still means the same thing, etc? I think I have posted in the wrong board...

Thanks for any clarification!

Calamity Susan

 

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Question about Norton Insight

The malware removal forums will not require Norton logs.  They will ask you to download certain tools or applications that will provide the logs that they need.  The version of Norton or any other AV won't matter.  They will lead you through it.  Just provide the name of the identified threat and they will go from there.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Regular Contributor
moogy
Posts: 71
Registered: ‎03-01-2010

Re: Question about Norton Insight


dbrisendine wrote:

The Norton Insight Network screen you saw is just an overview of the Norton Insight Community.  It tells you how many files total have been analyzed by the Symantec Insight Network, how many have been found to be acceptable, how many have been found to be bad (malicious) and how many are still being analyzed.  The report also shows how many times your system has accessed the Insight databases and how many of your files have been found to be good (Trusted).  The Help file for your Comcast security Suite has more information on what exactly Insight is and what Trusted files mean.

 

Your system is fine; this was just a report / information window that comes from clicking on the Insight Network menu choice on the GUI. 


GREAT POST....Good work!!!!

SI VIS PACEM PARA BELLUM