07-02-2008 12:56 PM
Fixcamera.exe is a widely known piece of malware. I found that it was running on my system when I investigated why my VMware software won't start anymore. I could't re-install VMware.
Just killed the processes one by one until VMware started again. Fixcamera was the badguy. Googled it up and found dozens of pages with explanations.
Version 184.108.40.206 will kill any process where the executable name contains "DOMINO", "VM" or "BIGDOG" - prevented running VMware on my computer.
Why doesn't Norton detect this?
BTW How do I get symantec's attention? Sending e-mail and uploading the exe as in the old days, where is it?.
07-02-2008 02:48 PM
Is the Threat still on your system?
Do you keep your Product up-to-date, via LiveUpdate, e.g. do you Run LiveUpdate every-few-hours?
Do you Run Full System Scan at least twice-a-week?
07-02-2008 05:37 PM
https://submit.symantec.com/retail is the link to submit malware to Symantec for review.
I would also recommend that you follow the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement. This post provides many steps to help detect malware on your system. Thanks!
07-02-2008 10:01 PM
Tony Weiss there is a typo error in the "How To Troubleshoot...".
It reads: - In the Open box, type msconfig and then click OK. The Registry Editor appears.
It should read type regedit and then click OK.
Just wanted to bring this to your attention.
07-03-2008 11:46 AM
I run all Norton Security components as adviced. That's not the issue.
Should Norton Internet Security 2008 detect the behavior of fixcamera or find it during a scan?
If not please put it in there. Want a copy? Just ask, but I reckon it is already available.
07-03-2008 11:52 AM
07-03-2008 11:55 AM
07-03-2008 12:38 PM
IMHO: E- and Snail-mail are the worst way to communicate
The only thing I wanted is to trigger you on the issue.
I found the issue, killed the process, saved the file by renaming it to *.sav
Removed the Registry value :
In the meantime I sent the file and the symptoms to the security response center
Dear Bas Blaauw,
We have analyzed your submission. The following is a report of our findings for each file you have submitted:
result: See the developer notes
C:\WINDOWS\FixCamera.exe.sav performs nuisance actions on your system. It is safe to delete this file.
Isn't this the wrong way around? If this is known why couldn't I find the word FixCamera anywhere on Symantec.com?
07-10-2008 11:51 AM