United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton for Mac

Reply
Topic Options
menditto
Visitor
menditto
Posts: 3
Registered: ‎01-13-2012
Accepted Solution

Infostealer.Bancos reported every 5 minutes and deleted

Options

‎01-13-2012 04:20 PM

Norton Internet Security 5 for Mac. Version 12.1 (54)

 

Infostealer.Bancos reported every 5 minutes when browsing the web to trusted websites like norton.com. The file is automatically deleted and moved to /Library/Application Support/Symantec/AntiVirus/QTFiles. 

 

Is this a false-positive or is there a way to determine the source, i.e., browser, email, other computers on the network? 

Thanks.

Report Inappropriate Content
Message 1 of 6 (611 Views)
0 Kudos
x190av
Spyware Scolder
x190av
Posts: 183
Registered: ‎12-20-2008

Re: Infostealer.Bancos reported every 5 minutes and deleted

Options

‎01-13-2012 06:41 PM

menditto wrote:

Norton Internet Security 5 for Mac. Version 12.1 (54)

 

Infostealer.Bancos reported every 5 minutes when browsing the web to trusted websites like norton.com. The file is automatically deleted and moved to /Library/Application Support/Symantec/AntiVirus/QTFiles. 

 

Is this a false-positive or is there a way to determine the source, i.e., browser, email, other computers on the network? 

Thanks.

Most likely it arrived as an email attachment. It's a made-for-windows Trojan. If you do find  this attachment, do not open or reply to it.

 

http://www.symantec.com/security_response/writeup.jsp?docid=2003-071710-2826-99&tabid=2

Report Inappropriate Content
Message 2 of 6 (604 Views)
0 Kudos
menditto
Visitor
menditto
Posts: 3
Registered: ‎01-13-2012

Re: Infostealer.Bancos reported every 5 minutes and deleted

[ Edited ]
Options

‎01-13-2012 09:22 PM - edited ‎01-13-2012 09:24 PM

I emptied trash and spam and the scanner continues to alert and delete it.  Is there a way to determine the original message or file source, so I can delete the email that contains it? Thanks.

Report Inappropriate Content
Message 3 of 6 (595 Views)
0 Kudos
Symantec Employee
Symantec Employee
Lee_G
Posts: 849
Registered: ‎11-23-2009

Re: Infostealer.Bancos reported every 5 minutes and deleted

Options

‎01-13-2012 10:02 PM

There is a known problem with a migration tool that can cause this.  if you do the following it should stop the repeated detections:

 

1. Run the Terminal application (from /Applications/Utilities/Terminal)

2. Enter this command:

sudo rm /usr/bin/MigrateQTF

(you will be prompted for your admin password, enter it and hit return)

Report Inappropriate Content
Message 4 of 6 (589 Views)
menditto
Visitor
menditto
Posts: 3
Registered: ‎01-13-2012

Re: Infostealer.Bancos reported every 5 minutes and deleted

Options

‎01-13-2012 10:31 PM

Thanks. What's the migration tool for?

I see it in the manifest.

Will product updates automatically recreate the file and reintroduce the behavior?

When is it scheduled to be fixed?

Thanks a bunch for helping me out. :)

Report Inappropriate Content
Message 5 of 6 (587 Views)
0 Kudos
Symantec Employee
Symantec Employee
Lee_G
Posts: 849
Registered: ‎11-23-2009

Re: Infostealer.Bancos reported every 5 minutes and deleted

Options

‎01-14-2012 07:48 AM

The tool is supposed to move files from your NAV 11 quarantine into the NAV 12 quarantine (the format changed between versions).  Unfortunately, in some cases, there's a flaw that causes an incorrect restore to the QTFiles file you saw, and since this is unexpected, the tool continues trying to migrate the old quarantine and reproduces that file.

 

Subsequent updates for NAV should only recreate the tool once it's fixed.  I can't give you an exact date but I expect it to be part of the next update.

Report Inappropriate Content
Message 6 of 6 (572 Views)

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+