Not what you were looking for? Ask our experts!
Reply
Regular Contributor
Hammer_Bro
Posts: 252
Registered: ‎12-21-2010

Variant of Trojan.BHO which N360 allowed access.

Interesting, although Norton 360 could not establish a trust level for 99445.62289273737.htm it still allowed it access.  Now, from what I was reading here: http://www.symantec.com/connect/forums/symantec-endpoint-protection-and-missed-malware-download  Trojan.BHO’s code is re-written so frequently, it is virtually impossible to keep up with.  Luckily, Malwarebytes’ recognised the aforementioned .htm as such and quarantined it immediately.  The path where this item attempts to lodge itself at least on Win XP Professional is as follows: C:\, Documents and Settings, folder of the account to which you are working under, Local Settings, Temp NOT to be confused with Temporary Internet Files folder.  [Please note:- if some folders are not visible, you will have to adjust view properties under Folder Options from the Tools menu]  Therefore, if you navigate to where I have directed you and find that numeric combination ending in .htm delete immediately!  Despite Norton’s acquiescence on this, if MBAM took such decisive action, it is a safe bet that this had the potentiality for all kinds of mischief if not thwarted.  I know Symantec employees will be angered that I did not “zip” this file and submit it directly to them.  Sorry, but after MBAM sent up the red flag, the most I was going to do was deny then delete it from quarantine.  If it is any consolation, in my Symantec security logs under “Norton Community Watch Feedback” it recorded this occurrence and that the “trust” level was unproven.  From this segmentation of the Norton 360 programme maybe this was submitted to them and they will be working on it?  I can only introspect.  I have, subsequently, cleared my Norton history logs, however, under “Performance” it still has the .htm recorded.  Again, because of Malwarbytes’ immediate action, the full damage (or lack thereof if this component was left on the system) is hard to assess - - and no Quads, I will NOT be attempting to recreate this situation to find out.  You sir, are a braver soul than I! (laughs)  As always, after confronting situations like these I have that much more respect for Mr. Stevens.  Frankly, I just don’t know how he provides technical support so steadfastily - - God bless.  My patience for these things is limited.  In total, moving forward, is there any possibility that updates can pick up on this numeric pattern ending in .htm and block it outright or afford more protection to the file folder where it attempts to dwell? 

 

Regards,

 

H.B.