Fixcamera.exe not detected

babltje · ‎07-02-2008

Fixcamera.exe is a widely known piece of malware. I found that it was running on my system when I investigated why my VMware software won't start anymore. I could't re-install VMware.

Just killed the processes one by one until VMware started again. Fixcamera was the badguy. Googled it up and found dozens of pages with explanations.

Version 1.0.0.9 will kill any process where the executable name contains "DOMINO", "VM" or "BIGDOG" - prevented running VMware on my computer.

Why doesn't Norton detect this?

BTW How do I get symantec's attention? Sending e-mail and uploading the exe as in the old days, where is it?.

Floating_Red · ‎05-30-2008

Is the Threat still on your system?

Do you keep your Product up-to-date, via LiveUpdate, e.g. do you Run LiveUpdate every-few-hours?

Do you Run Full System Scan at least twice-a-week?

Tuesday, May 21, 2013: The Symantec THREATCON was Changed to Level 1: Normal | Tuesday, May 14, 2013: Microsoft "Patch Tuesday" | Sunday, May 05, 2013: Microsoft Internet Explorer 8 Zero-Day Vulnerability (Update Released)

Tony_Weiss · ‎04-07-2008

https://submit.symantec.com/retail is the link to submit malware to Symantec for review.

I would also recommend that you follow the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement. This post provides many steps to help detect malware on your system. Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

johna · ‎07-01-2008

Tony Weiss there is a typo error in the "How To Troubleshoot...".

It reads: - In the Open box, type msconfig and then click OK. The Registry Editor appears.

It should read type regedit and then click OK.

Just wanted to bring this to your attention.

babltje · ‎07-02-2008

I run all Norton Security components as adviced. That's not the issue.

Should Norton Internet Security 2008 detect the behavior of fixcamera or find it during a scan?

If not please put it in there. Want a copy? Just ask, but I reckon it is already available.

Thanks

Tony_Weiss · ‎04-07-2008

Thanks johna! I'm glad someone is reading the document closely enough to spot that error. Let me know fi you see any others. Thanks again!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

Tony_Weiss · ‎04-07-2008

I apologize, babltje. What I meant was that I would recommend following ALL the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement. There is some advanced information that could help you remove this from your system, not just running all the Norton Internet Security Components. In the document, there is a link to submit the malware to us. If you still have the infection after running all the steps, I would recommend submitting it to us though the site listed. Thanks, and I'm sorry for the earlier miscommunication.

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

babltje · ‎07-02-2008

IMHO: E- and Snail-mail are the worst way to communicate

Once more

The only thing I wanted is to trigger you on the issue.

I found the issue, killed the process, saved the file by renaming it to *.sav

Removed the Registry value :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
FixCamera"="C:\\WINDOWS\\FixCamera.exe"

****

In the meantime I sent the file and the symptoms to the security response center

****

Answer:

Dear Bas Blaauw,

We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: C:\WINDOWS\FixCamera.exe.sav

machine: Machine

result: See the developer notes

Developer notes:

C:\WINDOWS\FixCamera.exe.sav performs nuisance actions on your system. It is safe to delete this file.

Isn't this the wrong way around? If this is known why couldn't I find the word FixCamera anywhere on Symantec.com?

Sincerely disappointed,

Bas

Tony_Weiss · ‎04-07-2008

I'm sorry for the delay. From your submission, our team has found that the file is malicious and has added detection as Trojan Horse. The reason you won't find it on the site is that it's a pretty generic Trojan. Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation