Malware Removal Forum

lmacri · ‎05-05-2009

Is Symantec considering setting up a separate Malware Removal forum for Norton users who could work one-on-one with an expert to help them remove malware infecting their system?

I've read all the pros and cons in bjm_'s thread here in the thread titled Malware Removal Forum and Quad's thread here titled Suggestion - apologies in advance for starting a new topic, but these threads are locked and I couldn't post a reply. There seems to be an increasing number of users in the NIS/NAV/N360 forums who have been infected by malware that wasn't detected by their Norton security software, and I think they deserve better than to be told to try a scan with the free Malwarebytes' Anti-Malware (MBAM) or post in the BleepingComputer or WhatTheTech forums for help. Even the MBAM forum has a board here where users can post a HijackThis log for experts to review.

I'm not comfortable recommending the Norton Power Eraser (NPE) to novices after reading posts about "safe" software inadvertently corrupted by this tool, and I don't think that most users even know that the instructions here titled How to Troubleshoot a Suspected Malware Infection are posted in the Announcements board.

Symantec might even be able to respond more quickly to emerging threats if users were posting in a central location like a Malware Removal forum.

-------------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Andmike · ‎03-23-2011

I thought we had that, and it was called Quads. ;-)

delphinium · ‎11-21-2008

No, actually, we did have that. Quads removed approximately 315 rootkits from user's machines in 2009 and it kept four of us busy sorting out who had what, requesting scans and scheduling who was next to be helped. It was great. Quads, however was about worn out and he really is the only specialist on the forum. There were times when he went 36 hours straight.He stopped doing complex removals using advanced tools because there was no protection for the users. Now he offers suggestions for readily available, relatively safe tools, or we send them to the forums.

The malware removal forums have enough members that they have their own training schools. The helpers are taught what to do and what not to do. The new helpers have overseers to prevent damage to user's machines. There is a long supervised practice period before they are allowed to try removals on their own.

We have no one here to do that training.

This is an open forum, which means that everyone is allowed to post on any thread whether they have any idea of what is going on or not. The four of us assisting Quads had to chase around on threads trying to prevent damage to peoples' machine by obeying instructions that ranged from useless to dangerous.

We asked several times for a separate forum, but were denied, partly due to liability questions, partly to do with the fact that Symantec charges for malware removal, and partly because an entire forum should not rely on one individual.

The Norton products have improved to such a degree that what we are seeing for infections now is hardly noticeable. There were times that every thread on the forum page was a rootkit complaint. Now it would not provide enough threads for a separate forum, even if it could be protected.

This one is rather typical of the time. At that time Symantec believed that rootkits could be removed in safe mode. Didn't work. This is the skill level required to do safe remediations.

http://community.norton.com/t5/Norton-360/Unable-to-remove-Packed-Generic-238/td-p/118857/highlight/...

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

yank · ‎12-02-2009

As someone else would say, just my .02 cents worth:

Having spent close to 6 months attending Malware Removal University, getting through the basics, their Registry Course, and just starting to really get into the specialized tools, I had to quit for a combination of personal reasons.

If you have not attended the schools, you just have no idea of what is involved in learning how to read logs, research items in logs,analyzing the results of your search(s) and then mapping out a logical approach to figure out which specialized tools to run and in which order. Especially when the scenario of malware/virus is changing on a daily basis.

Oh and if you get far enough to work on "live logs" you have to bounce everything off your instructor before you post anything, until such time as you graduate!

IMHO, if you haven't experienced the training, studying and constant knowledge updating required- you have no idea what is necessary to become a malware fighter.

I am amazed by the volunteers who are working the various malware sites. Most are Microsoft Security MVP's and I doubt we have any of them here - besides possibly Quads.

Oh and BTW, Hijack This Logs are old school, no longer recommmened on most malware sites, DDS is the current tool of choice as a starting point, so we defiantly do not need a boad to work HJT logs.

I totally agree with delphinium's post.

delphinium · ‎11-21-2008

It's very good to get an idea of what helpers have to go through before they are allowed to assist. I knew it was a tough technical slog, but your post is an eye-opener for me as well. I must have looked at a thousand logs over the years, and unless something is pretty blatant, I can't read the things.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

Quads · ‎07-21-2008

There are advantages of using Hijackthis over DDS, and even Bleeping Computer still uses Hijackthis in it's processes for that reason.

Quads

yank · ‎12-02-2009

Quads wrote:
There are advantages of using Hijackthis over DDS, and even Bleeping Computer still uses Hijackthis in it's processes for that reason.

Quads

No arguement from me, but one has to be aware of/overlook the possible erroneous entries on 64 bit systems.

BTW, I do not see HJT mentioned in their initial instructions anymore.

dickevans · ‎04-08-2008

I like the 'other guys' being the experts on malware and being able to recommend them to users with problems that cannot be solved with the resources we have here. I also think that trying to be everything to everybody will only dilute the quality of support currently present. I know we can get better but I don't know that we can get better and bigger all at once. My choice would be to get better at supporting Norton products and recommend the 'other guys' for malware removal.

But that's just me

Dick
Win7x64 SP1 current NIS V20

lmacri · ‎05-05-2009

delphinium wrote:

We asked several times for a separate forum, but were denied, partly due to liability questions, partly to do with the fact that Symantec charges for malware removal, and partly because an entire forum should not rely on one individual.

Hi everyone, and thanks for all the great feedback.

Here's my main concern. If a user is already paying $99 US online for a one-year subscription for N360 Premier and their system becomes infected with malware, why should they be charged an additional fee for having that malware removed from their system or be re-directed to another forum for help?

I don't see why Symantec couldn't assign a few of their own malware removal experts to help out Quads and a few other pre-approved volunteers in a separate Malware Removal forum. I've posted in the WhatTheTech Virus, Spyware & Malware Removal forum (who still request a HijackThis log) and the malware expert assigned to work with me one-on one was the only other person allowed to post in my thread. Symantec could also restrict use of the forum by requiring users to validate their subscription with their product activation key (along with that ubiquitous "I Accept" button to accept the Terms & Conditions to address the liability issue) before they started a new thread.

Either that, or Symantec needs to open a PayPal account and start rewarding the volunteer malware experts who do their tech support for them.

------------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

dickevans · ‎04-08-2008

lmacri wrote:
delphinium wrote:

We asked several times for a separate forum, but were denied, partly due to liability questions, partly to do with the fact that Symantec charges for malware removal, and partly because an entire forum should not rely on one individual.

Hi everyone, and thanks for all the great feedback.

Here's my main concern. If a user is already paying $99 US online for a one-year subscription for N360 Premier and their system becomes infected with malware, why should they be charged an additional fee for having that malware removed from their system or be re-directed to another forum for help?

I don't see why Symantec couldn't assign a few of their own malware removal experts to help out Quads and a few other pre-approved volunteers in a separate Malware Removal forum. I've posted in the WhatTheTech Virus, Spyware & Malware Removal forum (who still request a HijackThis log) and the malware expert assigned to work with me one-on one was the only other person allowed to post in my thread. Symantec could also restrict use of the forum by requiring users to validate their subscription with their product activation key (along with that ubiquitous "I Accept" button to accept the Terms & Conditions) before they started a new thread.

Either that, or Symantec needs to open a PayPal account and start rewarding the volunteer malware experts who do their tech support for them.
------------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Hi,

I go to the doctor when I don't feel good. He determines that I have cancer. He refers me to a specialist.

I go to the dentist with a tooth ache. He determines that I need a root canal and refers me to a specialist

I go to the Norton Community with a problem. They determine that I have a malware problem and refer me to a specialist.

Is there a logical pattern here?

As for opening a new forum to deal with the malware problem I'm hard pressed to justify the time, talent and budget necessary for an undefined benefit, if any. I'm still a strong supporter of the concept of 'we do our best to support our product and we recommend those who are best at supporting their product(s)'.

Yes, other problems are being solved by one and all but they are done as a courtesy and not a part of the 'official' support provided by the community here. If your fly is unzipped I wouldn't send you to a tailor to get it fixed. If it can't be fixed I would not attempt to try.

I am still waiting for a show stopping arguement that will convince me that Norton Community Forums needs to be the be all and end all of the places a user can come to get help with any problem. I will support and strive to be a part of the Norton Community that is the only place where Norton product users come to get the very best support for their product. That to me is a big enough job that I'm not ready to consider taking on more.

As for the pay part I won't comment here

Dick
Win7x64 SP1 current NIS V20