04-29-2008 11:47 PM
I was running a virus check a few days ago with Norton Systemworks and noticed it scanning a folder called fauxvirus with a file called carny ride.exe. Naturally I thought this didn't sound good. However the result came up clean. I went through explorer to see if I could find it, but with no joy. So I went to check out the temp internet files to see if there was anything odd in there. Explorer couldn't find that folder either. However when I clicked the properties for Local Settings, the number of subfolders shown was appears high enough to suggest they're there, as was the size of the folder.
I tried a bunch of freeware virus checkers, but they didn't even find the folders to look in, let alone clean it out. Google has provided next to nothing on the subject.
Finally - although I confess I might be being sensitive, I seem to be downloading while not actually doing anything on line. No idea where that's going.
Does anyone have any suggestions short of a format c:?
04-30-2008 06:16 AM
I've had a look through our sample collection and can't find a file which matches this name.
Before we go down a more complicated root, can you ensure that you're displaying hidden files and folders? You can go this in Explorer through Tools --> Folder Options. Go to the view tab and choose the option for "Show hidden files and folders". If you can then see the file in explorer, then please submit it to us for analysis through https://submit.symantec.com/retail.
Symantec Security Response
04-30-2008 11:58 PM
Yes, I've tried showing hidden files so I could clear out the temp internet files. I've even tried to type the folder into the path bar, but it came up as not found. So no joy with that one I'm afraid. I haven't been brave enough to see if I can find it through DOS. It's been a long time since I've been in there....
06-19-2008 09:31 AM - last edited on 06-19-2008 11:47 AM by Tony_Weiss
I have found a file named 6x8be16.cmd and I guess this is the source of the infection.
[Edit: code of possible infection removed; data still available]
06-19-2008 12:27 PM
I have found a file named 6x8be16.cmd and I guess this is the source of the infection...
I would recommend sending a virus submission sample here:
08-24-2008 03:41 AM
08-27-2008 03:30 PM
I have the same problem. Scans hit C:\fauxvirus\carny_ride.exe and then stop. Searches with Windows Explorer and at the command prompt come up empty even when searching system and hidden files. Other AV and anti-spy products fail to report it. Not seeing anything under Task Manager which seem to be it. Some forums are saying it is a rootkit or haxdoor. Some say it is a bug in Norton and doesn't really exist.
Have you also followed the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement? This is a more advanced way to troubleshoot the issue, and it sounds as if you have tried the more simple suggestions. Please let us know how this document helps. Thanks!
10-05-2008 03:01 PM