• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Is this a false positive. w32.neshuta

Twice in 48 hours Norton has reported w32.neshuta on my system and happily starts to delete file after file. Task manager vanishes as does system restore. Programs also disappear and error messages appear constantly. The files and programs deleted are legit and have been on my system for ages. Last night , for the second time I used Acronis to recover the system and then used Norton to scan the system. It found nothing. w32.neshuta is a very old issue, going back to XP. I am running Windows 10 1809 x64.

Please can anyone help with this. I understand Norton issued a Rapid Release two days ago, It is since this that the issue began.

Many thanks

Replies

Kudos0

Re: Is this a false positive. w32.neshuta

OK, development. 

Norton has just announced that it has found w32.neshuta in a file called shexview.exe and removed it.

So it says, the file is still where I put it and is a long used utility for editing the context menus.

Perhaps it had duplicated elsewhere. Hopefully this is the end of it, but if anyone does have any info I would be very grateful.

Kudos0

Re: Is this a false positive. w32.neshuta

It was a duplicate, duplicated by me as part of a backup on a Seagate external disc. It was this file that was removed. 

I remembered that Norton reacted just after I plugged this drive in. Still a false positive, and just to be safe I have deleted the copy on my hard drive. It was hardly ever used anyway.

There was something it didn't like about this file, and any poor devil without Acronis would be in a heap of trouble.

Kudos0

Re: Is this a false positive. w32.neshuta

Hello Johnny. Submit the file here and have Symantec review it.

Edited: Downloaded the program in question from this link. Upon decompressing the zip archive Norton nabbed and deleted the exe file. Norton detects WS.Reputation.1

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Is this a false positive. w32.neshuta

Update: I have submitted the file to Symantec under detection for WS.Reputation.1 as a false positive. I will post the results here for you when I receive it.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Is this a false positive. w32.neshuta

Hello Soul

Why would Norton remove a file that is of medium risk? Odd to me, but what do I know.

Have a Good Night and

Thanks

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Is this a false positive. w32.neshuta

Probably thinks it's a risk because it has access to the Windows shell. Anyway no issues for 36 hours now. Perhaps it was infected. I did see somewhere that the very recent rapid release contained new protection for w32.neshuta. But shexview has been around for ages. Looks like, from the submitted file, other threats are being detected within it. This would further support the false positive theory. Anyway I await the outcome.
Kudos0

Re: Is this a false positive. w32.neshuta

Update on my submission: Symantec CANNOT duplicate the WS.Reputation.1 finding with the file being submitted. Here is the text of their reply:

in relation to submission [xxxxxxx] .

Having reviewed the information provided we are unable to reproduce or confirm the issue described. Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.

https://www.symantec.com/security_response/definitions.jsp

If the issue persists with the latest definitions, please respond to this email providing the additional information below in order for us to analyze the problem further:

- Details of the message or a screenshot of the message received

- Exact step by step instructions on how to recreate issue

- Details of the Symantec product and version being used

- Detection log(s) from the product

If other versions of the file(s) in question have previously triggered false positive detections please mention this in your response and include all available file versions.

Sincerely,

Symantec Security Response

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Is this a false positive. w32.neshuta

Have had just about enough now. Files I have had for years are deleted every time I attempt to use them,with Norton claiming they have this virus. Scan after scan reveals no infection anywhere. Even turning off auto protect or telling Norton to ignore the relevant folders doesn't work. It still sticks its damn nose in and deletes the files. For two days I went nowhere near anything that could cause Norton to interfere, and I had no issues whatsoever. It will very likely be ages before this is fixed, if it ever is. As I said at the start of this post, I have had enough. Norton is no longer on my system.

This thread is closed from further comment. Please visit the forum to start a new thread.