Not what you were looking for? Ask our experts!
Reply
Regular Visitor
njinau
Posts: 8
Registered: ‎05-26-2008

Re: WS. Trojan H

Hi All,

 

I too have now performed a full install of NIS 2012 - and immediately find that I appently have the WS.Trojan.H virus in not just 1, or 5 BUT 50 files. Many of these are recently downloaded .exe files from reliable suppliers. The files are scattered throughout my 14 disks. I took the report at face value and have since emptied my Recycle Bin. Having read your reports above, I now suspect that it is NIS 2012 that's wrong - and not the deleted files. I look forward to further comments.

Noel
Regular Contributor
imbart
Posts: 158
Registered: ‎02-25-2009

Re: WS. Trojan H

I installed NIS 2012 two days ago and did a full system scan which found nothing.  However I was glancing through my Norton Community Watch history afterwards which had several entries presumably from the scan and saw the word "exonerated" after some submissions which I had never seen in previous NIS versions.  One of the entries which had been submitted was "WS.Trojan.H Exonerated" for which "No action required".    I ran Malwarebytes and NIS quick scan which picked up nothing. I take it "exonerated" has its normal meaning in effect nothing to worry about?  There is no trace of WS.Trojan.H on searching Symantec, Mcafee or EZ-AV  information sites. 

SendOfJive
Posts: 10,595
Kudos: 4,687
Solutions: 760
Registered: ‎02-07-2009

Re: WS. Trojan H

Hi imbart,

 

Files that are quarantined based on reputation are periodically re-scanned.  As more becomes known about a file, earlier convictions might be overturned and an unjustly accused file will be allowed to walk out of quarantine a free man.

Regular Contributor
imbart
Posts: 158
Registered: ‎02-25-2009

Re: WS. Trojan H

Thanks SendOfJive - Norton didn't flag it  up and if I hadn't happened to casually look at the Norton Community Watch history I wouldn't even know about it.  I thought maybe Norton was taking the file in as a suspect for investigation on heuristic evidence. 

Regular Visitor
njinau
Posts: 8
Registered: ‎05-26-2008

Re: WS. Trojan H (different result when run in Safe / Normal Modes)

[ Edited ]

I've now discovered that files idnetified with "WS.Trojan.H" or "Suspicious.Cloud.2" are deleted if the scan is run in W7 Safe Mode, but they are not selected or deleted when the scan is run in W7 Normal Mode. I will refer the problem to Symantec's on-line Security Risk / False Positive Dispute Submission.

 

Normal Mode: (run before Safe Mode)

Scan Statistics:
  Scan Time: 136 seconds
  Scan Targets: C:\Users\Noel\Desktop\Restored 'Virus' files
  Counts:
   Total items scanned: 4,748
   - Files & Directories: 4,748
   - Registry Entries: 0
   - Processes & Start-up Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 4
   - Skipped Files: 0

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

 

=================================================================

then:- Safe with Network Mode  (only some is shown below)

 

Scan Statistics:
  Scan Time: 10,147 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 3,194,338
   - Files & Directories: 3,189,716
   - Registry Entries: 1,602
   - Processes & Start-up Items: 2,141
   - Network & Browser Items: 871
   - Other: 4
   - Trusted Files: 0
   - Skipped Files: 0

   Total security risks detected: 38
   Total items resolved: 18
   Total items that require attention: 20

Resolved Threats:
Suspicious.Cloud.2
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[asicutil4.exe] inside of [webcelerator.exe] inside of [c:\users\noel\desktop\restored 'virus' files\c\desktop.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[asicutil4.exe] inside of [webcelerator.exe] inside of [c:\users\noel\desktop\restored 'virus' files\c\desktop.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[testscanner.exe] inside of [c:\users\noel\desktop\restored 'virus' files\c\desktop.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[viacb.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\&download=usb4212.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[hdsrv2k3sp1.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\audio_via_vt32_64_090427.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[hdw2k3x64.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\audio_via_vt32_64_090427.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[hdwxpx64.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\audio_via_vt32_64_090427.zip] - Deleted


Suspicious.Cloud.2
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[camera_vimicro_v1.9.904.1_win7_fpc65-5076-01.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\driveragent_2011_04.zip] - Deleted


WS.Trojan.H
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy) 
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
[camera_vimicro_v1.9.904.1_win7_fpc65-5076-01.exe] inside of [c:\users\noel\desktop\restored 'virus' files\d\driveragent_2011_04.zip] - Deleted

 

 

Noel
Regular Visitor
njinau
Posts: 8
Registered: ‎05-26-2008

Re: WS. Trojan H (different result when run in Safe / Normal Modes)

Regular Contributor
akcenter
Posts: 55
Registered: ‎12-31-2008

Re: WS. Trojan H

I had today the same situation with APRP from Asus VX6.
File was originally in C:\Program Files\ASUS\APRP\aprp.exe
File was not touched since manufacturer's installation on original Win7 HP image.
Application, I found an info, is Asus Product Registration Program.
PC is all clean, so this might be a fake alarm, too. Norton sent my file.
.:: Best Regards - Artur ::.
Visitor
Rick0725
Posts: 1
Registered: ‎10-30-2011

Re: WS. Trojan H

I also have an issue with the WS trojan.H since upgrading recently to version 2012. It is on a program I have used for over a year and was not an issue on version 2011. The file name is TMPGEncVMW5.exe from TMPGEnc Video Mastering Works 5, a video editing software. I tried submitting the file for false positive but the file will not upload because the file was too big.

 

I will use something else if this issue is not fixed. I have uninstalled the norton software and used other scanners and the issue does not come up. I can not be bothered by this everyday nor reinstall theTMPGEnc software just to be able to use it every day.

 

Please look into the matter and fix it!

 

Thanks

 

Rick

 

 

Regular Contributor
gabranth
Posts: 85
Registered: ‎06-05-2009

Re: WS. Trojan H

ive just scanned in safe mode no detections make sure your using version 19.1.1.3
Regular Contributor
akcenter
Posts: 55
Registered: ‎12-31-2008

Re: WS. Trojan H

I have this version and I had this issue with this version. With all updates up to today I had no other fake alerts.. If I get any - I will post it here.
.:: Best Regards - Artur ::.