05-03-2008 08:01 PM
I scanned my computer 2 days ago with Norton 360 Comprehensive Scan and it found a virus named W32.SillyFDC. I don't know how long it was in my computer and where I got it because I never got a warning from Norton 360 (ver 2.0). 3 files, 52 registry entries, 6 ini file entries and 1 browser cache in my computer are affected.
I am not sure whether the anti-virus program in Norton 360 is as good as the anti-virus program in Norton SystemWorks. I used NSW before Norton 360 and one time NSW anti-virus caught a virus when it was trying to get into my computer. NSW warned me and quarantined the virus right away. In this case, Norton 360 never warned me, did not quarantine it and let it [this virus has 3 red lights (high) on all 4 areas (performance, privacy, removal and stealth)] damage some of my files and registry entries.
There is no "Delete" button in Norton 360, only "Restore" button, so I don't know how to delete it. I would appreciate it very much if anyone can tell me how to delete it.
I have another favor to ask. If anyone who uses Norton 360 please open the round window named PC Security, click on Manage Firewall, click on Network Locations to see whether your computer is currently connected to the network whose gateway physical address is . . . . . . . . . . . . . Please be sure to check it when your computer is connected to the internet. When I checked it offline the gateway physical address was not there. The reason I ask because I want to know whether the network my computer is connected to is the network of my internet provider (ie. earthlink, aol)
Please don't tell me to get in touch with a Norton professional technician. I got in touch with one technician already and spent some time with her. She did find out I had a spy who was trying to get into my computer and helped me to prevent it, but the gateway physical address is still there. Many thanks. Kathy
05-04-2008 03:35 AM
Do not worry about this virus, it's risk level is "Very Low" on Symantec's website and Norton 360 has done it's work. All Norton products use the same virus protection engine, so you get the same virus protection no matter what Norton product you use. The difference is that Norton 360 is less intrusive. The program scans your PC for viruses when it's idle.
About Network Locations, I believe this is the connection established with your ISP. When you disconnect the internet, this connection disappears, right? That's a proof that it's just your internet connection that Norton 360 is monitoring.
05-04-2008 06:42 AM
Thank you, Stu and Vejdin, for responding. I tried to but did not succeed to post a screenshot of both areas (gateway address and virus). I also guessed the gateway physical address that my computer is connected to might be the address of my internet provider. However, to be double sure, I put a restriction on that - it means it cannot get into my computer but I can get into it to go into their website or into the internet.
About the virus - Norton 360 quarantined it, but did not do it automatically when the virus just got into the computer. There is only the "Restore" button but no "Delete" button. What do I have to do to delete the virus?
No matter what, I still think Norton 360 should have caught and quarantined it the moment it got into my computer, or at least should have warned me. In my humble opinion, Norton 360 does not yet have the capability to automatically stop and quarantine a virus when it first gets into a computer and have to wait until the Comprehensive Scan tell itself what to do.
By the way, I used Norton 360 Quick Scan (recommended by Norton) to scan my computer on April 29 and it found nothing except three common cookies. When I used Comprehensive Scan two days later (May 1) the virus was found. I don't know whether the virus hid itself so deep in some place that only Comprehensive Scan could find it or it got into my computer some time between the two scans.
The Norton technician came into my computer late in the afternoon of April 30 for some other problem (for several weeks I could hear the noise like someone was checking either my computer or my e-mails). After the technician deleted a few entries (she said she changed the host file of my computer) I did not hear the noise anymore except a very very short instance on May 1st (about 1 second or so). That was when I decided to use Comprehensive Scan and found the virus B32.SillyFDC and also that was when I went back to put a restriction of the address that my computer is connected to.
V32.SillyFDC had done something to my 3 files:
- Autorun.inf of the Microsoft\CDBurning
- Autorun.inf of Windows, and
- the new Microsoft word document.scr
besides, it also did something to 52 registry entries, 6 INI file entries and 1 browser catch. I DO NOT YET KNOW THE RESULT OF THESE DAMAGES.
I do not think Norton 360 has done its work. It only found the virus when I made the comprehensive scan then quarantined it. If I did not comprehensively scanned my computer how much more damage the virus would have done.
I want Symantec know that this is not a BETA version of Norton 360. It was a paid copy. Now the same question one more time. How do I delete this virus? Thank you.
05-04-2008 09:37 AM
Norton 360 has removed the virus from your computer and now infected files are quarantined, so it is safe to use your PC, those files won't be executed again. V32.SillyFDC is a worm that copies itself and it can do nothing but slowdown your PC, according to Symantec's website. Even the threat is removed, there is no such option to remove quarantined files. I guess Norton 360 will remove those files after a period of time. However, it is strange that Auto-Protect hasn't detected the virus. To be sure that Auto-Protect works correctly, you can do an eicar test: Download eicar anti-virus test file. Please note that real-time protection won't detect archived files with "zip" extentions for example, unless files are extracted, but it will detect executable files (exe, com).
05-04-2008 12:43 PM
Thank you, Vejdin. I have not download the Eicar file yet because of the following printed in the Eicar website" "Important note: EICAR cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. YOU DOWNLOAD THESE FILES AT YOUR OWN RISK. Download these files only if you are sufficiently secure in the usage of your AV scanner. EICAR cannot and will not provide any help to remove these files from your computer. Please contact the manufacturer/vendor of your AV scanner to seek such help."
I think I will wait a few more days to do some more research about this file to see whether it can do some damages to the computer'
Thank you very much for all your trouble. Kathy