Thanks for the reply to my query about your system.

I'm sorry you have reached to conclusion that it is all Norton's fault before the facts are properly established.

For me the far more important question is why are these files still on your computer inside Microsoft ./cab files and how long have they been there? 

Also does not Windows clean out such dump files after a period? I know that if you run DiskClean which is on the Properties / General tab of each drive one of the options is to delete error reports and dumps -- now that I see your experience I must remember to check that box and not take the attitude "I'm sure Microsoft wants them there for some reason so I better not delete them in case ...." which has been my attitude in the past. 

And perhaps how did they get on your computer in the first place?

But I hope you will suspend your jumping ship until you have a chance of learning what is actually going on -- please bear in mind that not every AV program at VirusTotal identified the files as dangerous.

And I'm glad to see that you are wrong about no-one from Symantec joining in -- it's begun even if it's the middle of the weekend so please be patient and give us all a chance to learn from your experience, as I just have about dump files!

BTW Would you check the Computer / Settings and see if Compressed Files Scanning is ON or OFF ? If it is OFF (and you will see here the logic of that) it will explain why NIS had not flagged them.

So please help us all to learn from all this.

I think it's good that Trdo has discovered what what might be a weakness in the areas that are considered unimportant by Norton.  Perhaps the scans should be more intensive for better detection.  It seems to me that the length of scanning time would be increased to the point that users might not want to wait for those scans to complete.  It is perhaps a balance between detection and usability.

It also bothers me that so many real-time scanners are running.  More real-time scanners, even if apparently compatible, are going to be less secure than one good one and an on demand scanner.  If the programs can't determine who is taking action first or at all, perhaps no action is being taken.

All of those real-time quality anti-virus programs have some form of tamper protection which prevents a great many files from being scanned at all, or causing false negatives or false positives.

I think there is a lot here that warrants further investigation. It would be of interest if someone had enough equipment to see what happens to detection when two antivirus programs are running at the same time an infection is introduced.

Also, nothing is perfect.  While KL picked up these infections, there will be some that it misses, that the others will find.

To Shidhar:  You know I value your opinion and your contribution to the Norton Community forums.  I would appreciate though if you bear with me in this specific thread, that relates to my issue, please.

It goes without question that I would like you to contribute your opinion , but in as much as it relates to the issue raised by me.  This way you would help me and others who want to help me, to focus at this specific incident.  So please keep posting here, but do not open new issues with other files.  Thank you very much in advance for that.  I really appreciate it.

To huw: These files are there from some time now with the last created at the 25/3 and the first at 12/08.  So they range in their time creation.  They are not dump files, since at any time in Vista you can always look for solutions to the problems created by Windows, so I guess Windows is keeping them there to communicate each time someone wants to create a report.  I have about 240 of these files and I'm curious as to why Kas7 chose these 4 files, out of 240.  In fact, it finds the same files in the Users Directory, as having infection.

In as much as the "Compressed files" option goes, it's off, not only due to the fact that it took ages to Full System Scan, but also the last time I raised this issue in a thread here, I was advised by Symantec or an expert in this forum, to keep this option "Off", since compressed files cannot spread and the speed would improve.  Don't ask me now which thread was that , because I do not remember.  But if anyone here doubts my words, I'll look it up and provide the link.  In any case, I asked you not to go to the "Compressed File" story, since it is my belief that it should have been detected at creation.

Even so Symantec did not flag them at VirusTotal, and I'm sure it would not have flagged them even if my option was ON.  Thank you huw for your input.

To bewell: I'm sorry I feel this way as well.  But you can imagine and appreciate my situation, I think...anyone here who depends on NIS09, would more or less feel the same.  But Thank You for jumping in.

Of course I will provide you with the links.  Just give me some time to collect them all and I'll get back to you soon.  Last time we --you and I--communicated,  you helped me indeed, with seeing my request to the end.  I can say that your strong point is your "follow-up" and your "timely answers", so I do not mind cooperating with you to find a solution.  In fact, I'm grateful.  I'm also curious to see Symantec's explanations.

Thank you all.

TrDo.

(Edited to include @to delphinium):  Thank you for your input.  The combination, of real time scanners running on my pc, was decided after a lot and thorough researching, as well as testing.  There are instances that both for example NIS09 and SAS-Pro, have identified issues immediately.  NIS09 Auto protect is working fine with SAS PRO and TF4. Now, when I run the scan with Kaspersky7, I disabled NIS Auto protect, to aid Kas7 do a better job, because 2 AVs at the same time is not a good recipie. I have not at anyone time run 2 AVs concurrently on my pc. SAS PRO and TF4 are completely different than NIS09 in their architecture and functionality.  They can be run simultaneously.

Hi Brian,

Here they are in the order I listed them initially:

No 1:
http://www.virustotal.com/analisis/64f7116f9fe998ff29b9d1354e3099d5

No2:
http://www.virustotal.com/analisis/27b4d2de8a056cf0323a469d7aac3fb5

No3:
http://www.virustotal.com/analisis/6013aaad66c0526b83404f31dc070cce

No 4:
http://www.virustotal.com/analisis/9208c9b8b21cb8ec8608346a860259be

No5:
http://www.virustotal.com/analisis/4aa2a1c883db837eb2aae1d21a1ec78c

No 6:
http://www.virustotal.com/analisis/fdae94fdc8e9bdda9be3ca9463709f8e

Thank you.

TrDo.

---

TrDo wrote:

 

[ ... ]

 

 

To huw: These files are there from some time now with the last created at the 25/3 and the first at 12/08.  So they range in their time creation.  They are not dump files, since at any time in Vista you can always look for solutions to the problems created by Windows, so I guess Windows is keeping them there to communicate each time someone wants to create a report.  I have about 240 of these files and I'm curious as to why Kas7 chose these 4 files, out of 240.  In fact, it finds the same files in the Users Directory, as having infection.

 

In as much as the "Compressed files" option goes, it's off, not only due to the fact that it took ages to Full System Scan, but also the last time I raised this issue in a thread here, I was advised by Symantec or an expert in this forum, to keep this option "Off", since compressed files cannot spread and the speed would improve.  Don't ask me now which thread was that , because I do not remember.  But if anyone here doubts my words, I'll look it up and provide the link.  In any case, I asked you not to go to the "Compressed File" story, since it is my belief that it should have been detected at creation.

 

Even so Symantec did not flag them at VirusTotal, and I'm sure it would not have flagged them even if my option was ON.  Thank you huw for your input.

 

[ ... ]

---

Thanks for your reply with the addititional background information.

I used the term "dump files" as a collective term and because if you look up [windows error report cab files] the term you used and on which I Googled you will find explanations including from Microsoft on how Error Reports are treated and it includes that they can create Dump FIles. Just treat it as a reference to a collection of files you said were in .cab files which are as you know compressed files.

Thanks fro confirming the Compressed File Setting as OFF which is what I suspected and no need to find the reference to the explanation here as to why it was OK to turn it OFF since that was why I asked the question.

Why are you sure they would have been missed if you had turned Check Compressed Files to ON? Have you tried turning it ON and seeing?

No one is doubting your word or trying to force you to do anything you don't want to but you asked a question Why and so it would be nice to find the answer surely.

To huw :

Nobody likes jumping from here and there......if proper co-ordination is available at a single place.

You must have seen in " my own well-established thread." that except for the posts that include "Another file not detected..." , there are no replies (your too) neither are the detections .

"Your posts are about specific files that are out in the open ............."

no matter whether the file is open or anything ...if it is a virus then it is harmful 

" why are such files still on the computer within Microsoft .cab files and not why Norton did not detect them.........."

I never disagreed that this is a different thread and i agree that these files are in microsoft.cab files....but the important point is that

Norton did not detect them......same is my point...but for different files !!!

I think you might have understood my point of view and I expect reply at " my own well-established thread."

Thanks 

To TrDo :

I also respect your openion and would try to help you in your particular topic

Edit :One more knowledged person (Symantec employee) is already there ............they can sort it out better than me 

Anyways thanks for reply and apologies for interference

Thanks huw. No, I have not turn it on.  I'm assuming that in terms of the VirusTotal results, where Symantec came up with nothing.  Also, I have now deleted the Temporary internet files at my E/ drive, therefore I have no comparison for that either.  That is, to see what VT could have produced and compare Kas7 with Symantec's results.  The temp files were not compressed, still they were not detected by NiS09.

TrDo.

P.S.  I have submitted the files under discussion to Symantec for further examination.  Lets see how it goes from here on.

(Edited for @ Sidhar): No need to apologise...Thanks a million for your understanding..I really appreciate it...I'm also sorry that I cannot contribute to your thread at the moment.  I'm quite distant and lost in my own findings here. Hope to be there soon.  Thanks.

Marty (and others),

(replying to Post#27 of this thread - just FYI for all to use)

Yes I have seen this and what I was told is that this pertains to MANUALLY scanning a folder(s) or file(s) but not for quick scans / Full system scans or Automatic Idle Time scans; that Norton did not delve into the compressed files so as to maintain quick speed.

This is a direct quote from this thread:

 http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=41489

"Real time protection does not unpack container files. If you were to try to extract an infected file from the container, it would be caught right away by the real time protection though. Manual scan will search within containers, as you've noted.