Spyware Scolder
Robby
Posts: 325
Registered: ‎07-29-2009
Re: WS.Reputation.1 from different websites
[ Edited ]

Well, NIS picked-up (2) more attacks just a while ago. These were ranked "High Risk." NIS says it quarantined/removed them, but...? "Details" indicate it's a very new type of high risk malware.

____________________

 

Details
Very Few Users,  Very New,  Risk High
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.
____________________

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
12/29/2013 6:51:18 PM,High,smoothbrowsing.dll (SONAR.Module!gen3) detected by SONAR,Quarantined,Resolved - No Action Required,c:\documents and settings\all users\application data\smooth browsing\smoothbrowsing.dll


Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
12/29/2013 6:50:34 PM,High,smoothbrowsingsvc.dll (SONAR.Module!gen3) detected by SONAR,Quarantined,Resolved - No Action Required,c:\documents and settings\all users\application data\smooth browsing\smoothbrowsingsvc.dll
____________________

 

Talked with my house-mate about all this. He's a 31-y.o. IT professional and says he thinks that my recent viewing of some sites that offer free "Farscape" (tv/sci-fi) episodes might be the cause. His experience is that those kind of sites are usually "Chinese" rogue operators trying to get credit-card and web password info. So...no more "Farscape." : (

 

Also, he says my old computer, using Win XP, is quite vulnerable to attacks (even with NIS). Says I should get a new computer, with at least Win 7 or 8. [He also really likes the Windows security systems built-in to those OS's.]

 

Maybe so. Gonna run (another) Full Sysem Scan tomorrow. (Ran one just a few days ago -- found nada.) Probably also try MalwareBytes, et al, for a scan of my system. And I reported these recent intrusions, as best I could, to the Norton Community by running  "Norton Community Watch" and "Norton Insight," in "Tasks." Hope it helps.

 

["The process continues."  ~ Max Von Sydow, in David Lynch's movie, "Dune"]

Robby

NIS2013,GHOST15,Win XPSP3,200417"Toshiba laptop,3.2GHz,2.0GB(max),80GB(C),80GB(F)GHOST.
Visitor
PCIlliterate
Posts: 3
Registered: ‎12-31-2013
Re: WS.Reputation.1 from different websites

Happy New Year :smileyhappy:

 

Not that I've an advice for you, rather than confirm an almost similar activity on our (tower) PC:

 

12/27/13, Friday, 4 "events": dn11.-, dn15.-, dn17.- and dn19.tmp from filedataukmyscan.info (Netherlands), for folder C:\documents and settings\name\local settings\temp\. Norton Safe Web analyse of the site states No threats, OK and Secure.

 

12/29/13, Sunday, 4 more "events": dn5.-, dn7.-, dn9.- and dnb.tmp from senddatastarscan.info (USA). Norton Safe Web analyse result as above.

 

12/30/13, Monday, 1 event, dn22.tmp, "accepted" by Norton.

 

12/30/13 23:54:39, winfiltersvc.dll, detected by SONAR and removed. Stored in folder C:\documents and settings\all users\programdata\WinFilter, as well created at this point of time. Origin of file is "unknown".

 

12/31/13 00:04:30, winfilter.dll, detected by SONAR and removed. Path: C:\documents and settings\all users\programdata\WinFilter.

 

NIS 2013, Win XP SP3, 3.1GHz dual-core CPU.

Spyware Scolder
Robby
Posts: 325
Registered: ‎07-29-2009
Re: WS.Reputation.1 from different websites

Tks for the info, PC. Seems we have similar systems -- and similar problems. Maybe it is -- as my housemate says -- an XP issue?

 

As I mentioned earlier I have run (2) Full System Scans with NIS 2013, since my problems on all this started about a week ago or so. They found nothing.

 

But, just now I ran a full system scan using the free version of MalwareBytes/MBAM (as suggested by "F4E.") It found a bunch of Adware, etc -- AND (3) TROJANS! -- Trojan.MSLI.Injector. Had these all deleted.

 

I stopped the MBAM scan, after it had only run for about 30-minutes (around 90,000 items scanned -- normally NIS scans nearly 1M items on my system). Wanted to see what all MBAM had found, of the (27) it had currently noted.  Also, in Task Manager, (Windows) "System" was just going "crazy" -- constant HDD activity and high cpu usage. Computer was almost non-responsive b/c of this.

 

Gonna start another MBAM scan and let it run to completion. Also, will run a free SuperAntiSpyware scan (also as recommended by "F4E," above).

 

Finally, I'll follow my IT professional, housemate's suggestion and run a "Microsoft Security Essentials" scan -- though not certain about this. Will it interfere with NIS??

 

Why didn't NIS find this stuff??!! Makes me wonder about our protection here?? This Trojan virus does not appear to be that new? One site says it's been round since 2010??

 

http://www.virusradar.com/MSIL_Injector.G/description

 

___________________

 

And...Prospero Ano Nuevo to you too. May you be virus free. <G>

Robby

NIS2013,GHOST15,Win XPSP3,200417"Toshiba laptop,3.2GHz,2.0GB(max),80GB(C),80GB(F)GHOST.
F4E
Posts: 2,788
Kudos: 540
Solutions: 115
Registered: ‎05-23-2009
Re: WS.Reputation.1 from different websites
[ Edited ]

Hi, Robby. Sounds like a full scan with MBytes and SuperantiSpyware will pick something up that Norton missed.

 

As I said, they tend to look for different things, and Norton blocked them, as it should.

 

Also as mentioned before, Norton relies more on heuristic detections, these days.

 

Re the Microsoft scan, it won't interfere with NIS, if you use one of the online scanners, such as Trend Micro's Housecall. Or this one

 

I use this one from time to time.  http://www.microsoft.com/security/scanner/en-us/default.aspx

 

 

Windows 7 64 Bit Sp1 NIS V 21.2.0.38
Spyware Scolder
Robby
Posts: 325
Registered: ‎07-29-2009
Re: WS.Reputation.1 from different websites

F4E wrote:

Hi, Robby. Sounds like a full scan with MBytes and SuperantiSpyware will pick something up that Norton missed.

 

As I said, they tend to look for different things, and Norton blocked them, as it should.

 

Also as mentioned before, Norton relies more on heuristic detections, these days.

 

Re the Microsoft scan, it won't interfere with NIS, if you use one of the online scanners, such as Trend Micro's Housecall. Or this one

 

I use this one from time to time.  http://www.microsoft.com/security/scanner/en-us/default.aspx

 

 


Hi F4E,

 

Yes, MBAM did uncover something no other scanners had done. Perhaps got rid of a rootkit I've suspected for many years. LONG scan time, though -- nearly 4-hours (on an 80GB HDD, with only about 25GB used).

 

But, as it turned out, I think I (fortuitously) actually used the Pro version of MBAM (14-day free trial). I'd used the free (non-Pro) one in the past and it didn't find anything significant.

 

And yes, I had d/l'd the MS scanner. Haven't tried it yet though.

 

As a further note to MBAM: My IT professional, housemate says that MBAM is very good at what it does. Yet, it is also "very aggressive." He likened NIS to "penicillin" -- and MBAM to "chemotherapy." In other words, MBAM might find and fix things no other system will -- but, it can also "hurt" your computer in the process (of removing that malware).

 

And indeed, for several days after using MBAM, I had computer problems. System would just  hang. Only way to get out was "Power-Button" off for 8-seconds. That screws-up my GHOST recovery point. Have to then redo GHOST (80-minutes, each time). Also, completely lost my screen -- several times. Totally black. Again, required a bunch of things to get this back -- starting Windows in Safe Mode, then restarting in regular mode. Strange.

 

So, after a few days of this I uninstalled MBAM Pro trial version. So far, no more "hangs."

 

Do appreciate your input.

Robby

NIS2013,GHOST15,Win XPSP3,200417"Toshiba laptop,3.2GHz,2.0GB(max),80GB(C),80GB(F)GHOST.
Bot Obliterator
Quads
Posts: 16,440
Registered: ‎07-21-2008
Re: WS.Reputation.1 from different websites

And indeed, for several days after using MBAM, I had computer problems. System would just  hang. Only way to get out was "Power-Button" off for 8-seconds. That screws-up my GHOST recovery point. Have to then redo GHOST (80-minutes, each time). Also, completely lost my screen -- several times. Totally black. Again, required a bunch of things to get this back -- starting Windows in Safe Mode, then restarting in regular mode. Strange.

 

So, after a few days of this I uninstalled MBAM Pro trial version. So far, no more "hangs."


 

 

 

Not the first system to have problems after using MBAM.

 

Quads

lmacri
Posts: 1,446
Kudos: 536
Registered: ‎05-05-2009
Re: WS.Reputation.1 from different websites
[ Edited ]

Robby wrote:
But, as it turned out, I think I (fortuitously) actually used the Pro version of MBAM (14-day free trial). I'd used the free (non-Pro) one in the past and it didn't find anything significant.
And indeed, for several days after using MBAM, I had computer problems. System would just  hang. Only way to get out was "Power-Button" off for 8-seconds. That screws-up my GHOST recovery point. Have to then redo GHOST (80-minutes, each time). Also, completely lost my screen -- several times. Totally black. Again, required a bunch of things to get this back -- starting Windows in Safe Mode, then restarting in regular mode. Strange.

Hi Robby:

 

When you installed the 14-day trial of MBAM PRO, did you disable the auto-load and real-time protection as shown here?  Symantec has posted a support article here explaining why users should not run more than one security program in real-time protection mode, and your problems with Norton Ghost might have been caused by a conflict between Norton and MBAM's real-time protection.

 

I've had MBAM PRO on my system with real-time protection disabled for several years, and the installer for the free and PRO versions are identical - the only difference being that users with a paid PRO license can activate extra features like real-time protection, scheduled scans and automatic updates after the 14-day trial is finished.  I don't think there's any difference between the free and PRO versions as far as malware definitions and heuristic detection algorithms are concerned.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 26.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

 

Spyware Scolder
Robby
Posts: 325
Registered: ‎07-29-2009
Re: WS.Reputation.1 from different websites

Quads wrote:

And indeed, for several days after using MBAM, I had computer problems. System would just  hang. Only way to get out was "Power-Button" off for 8-seconds. That screws-up my GHOST recovery point. Have to then redo GHOST (80-minutes, each time). Also, completely lost my screen -- several times. Totally black. Again, required a bunch of things to get this back -- starting Windows in Safe Mode, then restarting in regular mode. Strange.

 

So, after a few days of this I uninstalled MBAM Pro trial version. So far, no more "hangs."


 

 

 

Not the first system to have problems after using MBAM.

 

Quads


Hey Quads,

 

Yes, maybe so. As I mentioned above, MBAM can be very "aggressive." Yet...for the kind of problem I've possibly had ("undetectable" rootkit), sometimes necessary to "pay a pound of flesh"? Tks for the perspective.

Robby

NIS2013,GHOST15,Win XPSP3,200417"Toshiba laptop,3.2GHz,2.0GB(max),80GB(C),80GB(F)GHOST.
Spyware Scolder
Robby
Posts: 325
Registered: ‎07-29-2009
Re: WS.Reputation.1 from different websites
[ Edited ]

Hi Imacri,

 

In all honesty, I don't remember even seeing those boxes to check. So I guess if they were there, I overlooked 'em.

 

I'm aware of the "conflict" issue with NIS, on using other real-time protection s/w. Yet, I just recently heard from another Forum user here (via private message) -- and they said they've been using MBAM Pro/real-time, along with 360 (about the same as NIS?), for over a year, w/o a problem.

 

They feel that the Norton Forum has not substantiated the claim that MBAM interferes with Norton protection, and says that MBAM is designed so this isn't an issue -- with any other AV s/w, including NIS.

 

Hard to know who's right. But...if I have any more virus issues, that NIS let pass through, I may try the MBAM Pro/real-time version.

 

Also, good to know that the actual scanners for both Pro and regular are the same, on MBAM. Tks for that input.

 

Robby

NIS2013,GHOST15,Win XPSP3,200417"Toshiba laptop,3.2GHz,2.0GB(max),80GB(C),80GB(F)GHOST.
Visitor
PCIlliterate
Posts: 3
Registered: ‎12-31-2013
Re: WS.Reputation.1 from different websites

Robby wrote:

 

Why didn't NIS find this stuff??!! Makes me wonder about our protection here?? This Trojan virus does not appear to be that new? One site says it's been round since 2010??

 

http://www.virusradar.com/MSIL_Injector.G/description

 

___________________

 

And...Prospero Ano Nuevo to you too. May you be virus free. <G>


Hey Robby

 

Different anti-malware / -virus programs detects different threats. I've seen Microsoft MVPs recommend running minimum three - and up to five different "anti programs" as an attempt to clean a veryfied infected machine, or just as a preventive measure.

 

A while ago I on our PC ran Malwarebytes which detected and quarantined a number of Potential Unwanted Programs (PUP). All of a sudden NIS Auto-Protect got second opinions regarding one -dll - and one .exe file (both Trojan.StartPage) of the by Malwarebyte detected ones. The files were "implemented" on the PC April 2013 and NIS now found them being high risks!

 

Kato