05-13-2010 10:28 AM
I have run Norton A/V in my Norton Systemworks 2006, and each time I run it I get two hits. One is Downloader and the other is a Trojan Horse. When I click on the link to see what each one is on your website, this is what the link says for Downloader:
and this is what the link says for the trojan:
I have done what it says.....make sure my definitions are up tp date, turn off Windows restore, run in Safe Mode, and run Norton A/V. I have done this and I still get these two hits. When I try to remove them, it says that the action has failed to remove them. What do I do now?
I am running Windows XP on a 3.06 Ghz Pentium 4.
05-13-2010 11:11 AM
There is a very good possibility that that if you have picked up a rootkit, your Norton product isn't allowed to remove it. I am not familiar with the information provided in 2006 Systemworks. Is there any information on the paths, or actual names that Norton has identified? The articles on removal are dated 2001 and 2004 and are not particularly valid in dealing with the malware of today. They should be updating this material.
It is necessary to update your Norton to the newest antivirus engine rather than just maintaining definitions updates. The older programs are not as successful in protecting you from malware.
05-13-2010 12:29 PM
Hey there Delphinium! Well, I also scanned with Malwarebytes and SuperAntiMalware, and they didn't find anything. I don't know if I'm getting a false positive or not. Norton never tells me what the path is, it just says "Downloader" and "Trojan". Right now I'm running Vipre to see if it can find something.
I don't want to upgrade to anything newer than my Systemworks, since I upgraded to that when I got this computer. When I get a new system, I will upgrade....I always do that with all my utilities when I get a new system.
What I don't understand is if Norton can detect it, why can't it remove it? Isn't that what A/V software is supposed to do? Even if my older version of Systemworks isn't able to remove it, why doesn't Norton post a manual method of removing it on their website?
Anyway, thanks for your input, I appreciate it.
05-13-2010 01:19 PM
Norton had to be changed so that it would not remove certain rootkits because they infected crucial Windows operating system drivers. When the files were simply removed, it caused a boot-reboot loop that made the computer more useful as a doorstop. Manual removal is required for these infections to swap the infected files for non-infected ones to protect the system.
MBAM will not identify TDL3/TDL4 rootkits by design.