Carny Ride

MickelD · ‎04-29-2008

Hi All

I was running a virus check a few days ago with Norton Systemworks and noticed it scanning a folder called fauxvirus with a file called carny ride.exe. Naturally I thought this didn't sound good. However the result came up clean. I went through explorer to see if I could find it, but with no joy. So I went to check out the temp internet files to see if there was anything odd in there. Explorer couldn't find that folder either. However when I clicked the properties for Local Settings, the number of subfolders shown was appears high enough to suggest they're there, as was the size of the folder.

I tried a bunch of freeware virus checkers, but they didn't even find the folders to look in, let alone clean it out. Google has provided next to nothing on the subject.

Finally - although I confess I might be being sensitive, I seem to be downloading while not actually doing anything on line. No idea where that's going.

Does anyone have any suggestions short of a format c:?

Regards

Mike

orla_cox · ‎04-08-2008

Hi Mike

I've had a look through our sample collection and can't find a file which matches this name.

Before we go down a more complicated root, can you ensure that you're displaying hidden files and folders? You can go this in Explorer through Tools --> Folder Options. Go to the view tab and choose the option for "Show hidden files and folders". If you can then see the file in explorer, then please submit it to us for analysis through https://submit.symantec.com/retail.

Thanks

Orla

Symantec Security Response

MickelD · ‎04-29-2008

Hi Orla

Yes, I've tried showing hidden files so I could clear out the temp internet files. I've even tried to type the folder into the path bar, but it came up as not found. So no joy with that one I'm afraid. I haven't been brave enough to see if I can find it through DOS. It's been a long time since I've been in there....

Mike

PaulS · ‎04-08-2008

I'm seeing quite a bit of Google discussion about fauxvirus.

General thinking is rootkit which would explain your situation.

javigast · ‎06-19-2008

I have found a file named 6x8be16.cmd and I guess this is the source of the infection.

The code:

[Edit: code of possible infection removed; data still available]

Message Edited by Tony_Weiss on 06-19-2008 02:47 PM

Tony_Weiss · ‎04-07-2008

javigast wrote:

I have found a file named 6x8be16.cmd and I guess this is the source of the infection...

I would recommend sending a virus submission sample here:

https://submit.symantec.com/websubmit/retail.cgi

Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

SatelliteGuy · ‎08-24-2008

I have the same problem. Scans hit C:\fauxvirus\carny_ride.exe and then stop. Searches with Windows Explorer and at the command prompt come up empty even when searching system and hidden files. Other AV and anti-spy products fail to report it. Not seeing anything under Task Manager which seem to be it. Some forums are saying it is a rootkit or haxdoor. Some say it is a bug in Norton and doesn't really exist.

Tony_Weiss · ‎04-07-2008

SatelliteGuy wrote:
I have the same problem. Scans hit C:\fauxvirus\carny_ride.exe and then stop. Searches with Windows Explorer and at the command prompt come up empty even when searching system and hidden files. Other AV and anti-spy products fail to report it. Not seeing anything under Task Manager which seem to be it. Some forums are saying it is a rootkit or haxdoor. Some say it is a bug in Norton and doesn't really exist.

Have you also followed the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement? This is a more advanced way to troubleshoot the issue, and it sounds as if you have tried the more simple suggestions. Please let us know how this document helps. Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

PattyATT · ‎08-18-2008

I noticed this today as well. The only thing Ive downloaded is Malwarebytes' Anti-Malware. Could it be a part of that software?

Truss288 · ‎10-05-2008

i have this file showing up also. can't find it in my computer anywhere. only showed up when quick scaning with norton 360 1.0. swithched to 2.0 and it doesn't show up anymore. is this a real virus or not? it isn't causing any problems.

Other Norton Products

Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Re: Carny Ride

Products

Services

Support