02-22-2011 07:55 AM
My computer got a virus from a jump drive. Norton SONAR identified and quarantined some of the executables based on suspicious activity. The virus is, apparently,not common and thus Norton has not removed the original source of the problem. It is still on my computer.
It is activated when I attempt to copy a series of files that were on the corrupted USB drive. It copies files to: C:\users\USERNAME.
Listed below are files (assumed) associated with the virus. Any idea how to remove the original virus? Please help.
Files found by Norton
play1.exe - Detected by SONAR - Suspicious behavior detected - Users: Very Few
play2.exe - Same as play1.exe
play3.exe - Same as play1.exe
Suspicious Files not Flagged by Norton (but which I suspect are related to the threat)
02-22-2011 08:07 AM
Alas I do not quite follow. Norton does its job and detects suspicious activity from an executable. If it has quarantined a file then it has removed the source of the problem in that file. You then say It is still on my computer. If you mean the file quarantined is on your computer that it correct but being quarantined it is safely stored. If you mean you know there is still a virus infection, you need to explain your reasoning please or advise what reports you are getting.
When you say the virus (presumed) is activated when you copy a series of files, do you mean the file you later list or just copying files in general? When you say it copies the files to c:\users\USERNAME are you saying that is not the directory into which you wished the files to be copied?
If Norton has found play2.exe and play3.exe then are you saying that they also have been quarantined or are you saying that play2.exe is in fact a copy of play1.exe but renamed?
02-22-2011 08:42 AM
Thank you for the reply.
I have copied data from a USB drive to my computer. When these files (which I presume are infected) are copied to another location an executalbe (play1.exe, or play2.exe, etc.) begins running. Norton then identifies this executable as suspicious and quarantines it. This happens each time the files are copied and a new version of the executalbe begans running.
If I scan the files from the USB drive, it come back saying there are no viruses in these files. However if I copy them, it will kick off the play*.exe.
There files vuuna.exe, goaijimx.exe and xay09.exe are files that appear (c:\users\USERNAME) when I have NOT copied them. In fact a *.exe search on the USB files reveals no executables.
Thank you again for your help.