• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

help why didnt norton catch this?

I was having issues w/ norton I thought my pc would suddenly lock up and run cpu at 99 percent and norton console would say it was 99 percent (norton) Id go offline (turn off modem) and shut down norton and it was okay so I assumed it was norton?

Someone told me to download a virus scanner can I say the name of it? And it found the following? Is it legit? Why didnt norton find it?

Is norton insight leaving out important files what happen?

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{6c51f7e9-8542-4f25-a30f-2060157752e1} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f3777260-7308-464a-baa2-cc492c0ce7d2} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{90a52f08-64ac-4dc6-9d7d-4516670275d3} (Trojan.Downloader) -> Quarantined and deleted successfully.

I again turned off net and norton to scan with this.  No I dont routinely turn off norton.

Replies

Kudos0

Re: help why didnt norton catch this?

You can say it.

No antivirus or security product catches 100% of malware. Not Norton, not MBAM, not Avira, not Kaspersky, no other. In fact, it is advisable to have an on-demand scanner (like Malwarebyte's Antimalware) in addition to your running antivirus and do a scan now and then, just to make sure you're clean.

Most good antivirus applications have a detection rate of 95-99% overall, but that percentage is much much lower when it comes to brand new (0-day malware), and no application has a detection that covers anything. And sometimes, malware can bypass heuristic analyzers as well. Norton has very sophisticated and good ways to catch malware that is not covererd by the normal definitions, but again, not always. This is the reality, and it's not vendor specific.

Message Edited by Bombastus on 01-04-2010 02:22 AM
Kudos0

Re: help why didnt norton catch this?

but is the stuff I posted that it found really malware? I mean did the malwarebytes program just find it to make it look like it works? LOL I mean it?

Thanks for input. I suppose its irksome because the one that found it was free.  And yeah I wonder if it was real, but the problems we'd been having match sxs I googled for what it found.

Message Edited by artfreak on 01-04-2010 04:17 AM
Kudos0

Re: help why didnt norton catch this?


artfreak wrote:

but is the stuff I posted that it found really malware? I mean did the malwarebytes program just find it to make it look like it works? LOL I mean it?

Thanks for input. I suppose its irksome because the one that found it was free.  And yeah I wonder if it was real, but the problems we'd been having match sxs I googled for what it found.

Message Edited by artfreak on 01-04-2010 04:17 AM

The information you have is insufficient to accurately answer your question. What has been removed from registry are pointers, so what I would do would be to scan the registry for each of the keys i.e. 6c51f7e9-8542-4f25-a30f-2060157752e1 and see what if anything is found. In contract what you posted did not indicate a file being loaded at startup.

Often AV products will leave bits in registry because they do not completely remove every ounce or trace of a defunct maleware. Then you use another AV product and it happens to sweep up a bit more. It is possible that the elements now removed were benign.

Kudos0

Re: help why didnt norton catch this?

Artfreak

First I would ask you , what Norton prog are you using NIS/NAV   2009/10

Also is it up to date.

Some updates require that you do a 'Manual update', to get some version changes.

And then do a restart

Mak3e this a regular thing.

Mallwarebytes is usually pretty good, but you still need your Norton,  which must be up to date with the latest definitions, to catch the latest virus's etc

Kudos0

Re: help why didnt norton catch this?

Im running norton nis 2009, its up to date tho' it had some issues last week with pulling full cpu power for no reason.

Im on xp sp2 up to date too.

If this stuff is in qaurantine area do I delete it or what? From malware program.

Well I can post the whole report but everything else was okay.

thanks for the help I do appreciate it very much.

Kudos0

Re: help why didnt norton catch this?

You can delete it if you want to, or you can keep it. It won't harm your computer from the quarantine. The reason removed malware is kept in a quarantine file is in case of a "false positive", that is clean files which the anti-virus/anti-malware program has flagged as real malware. In such cases, the files can be restored after a false positive is confirmed.


Kudos1 Stats

Re: help why didnt norton catch this?

artfreak

Personally I would update the XP to sp3, and  make sure I have  all the latest Security updates from Windows, and set it for Auto download Windows Security updates.

(I wouldn't class SP2 as being up to date, still, that's me.)

Also you can Upgrade your NIS 2009 to 2010 for Free, you might find it a bit better.

The choice is yours.

Message Edited by boneidle on 04-01-2010 06:12 AM
Kudos0

Re: help why didnt norton catch this?

Hi artfreak

First of all, if you used another antivirus scanner while Norton was still installed, neither one is going to work correctly. If you did a full system scan with the free version of Malwarebytes, you don't have to turn off Norton's to run it. Malwarebytes doesn't just make up files to show up looking for business. They have plenty of business and the program is a free scanner to boot. I  hope you don't have the paid version installed together with your Norton product because then you would be running 2 real time scanners which is no good and causes more problems than it might find.

It is also possible that this is a rootkit and i don't think that Malwarebytes can break a rootkit. I would suggest that you back up your important files to an external drive, but don't back up anything in the Windows folder.

Message Edited by floplot on 01-04-2010 10:45 AM
Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos1 Stats

Re: help why didnt norton catch this?

I see that on a Google search most of those entries are related to adware called SBSoft.  It was probably picked up through vulnerabilities in the browser.  It should be removed.

Some antivirus programs consider adware to be malware, others consider it to be nuisance and it may not trigger them.  Norton Safe Web should go a long way in preventing this from occurring if used.

An upgrade to the 2010 version would be a good choice, 

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: help why didnt norton catch this?

Well Ive not loaded sp3 because there were wanings for folks w/ amd proc or somehting, I have that kind not a fancy pc, I dont need the grief and up to now its run like a dream.

 Also apparantly if youve taken  all updates it only inc's a few extra.

To others...no I dont run two virus programs....malwarebytes is not live you update manually and I close norton and internet when using it. I know you cant run two anything.

I generally surf on non admistrative side too for extra protection but scan from adminstrative side full scans.

2010 nis scares me...sounds like a pain...i loved o9 in past.  I am however considering gettting rid of norton entirely now but it scares me.  Its been years of using it.

Thank you all for you help I do appreciate it very much. 

Kudos0

Re: help why didnt norton catch this?

Bombastus : thank you so much for your help I do appreciate it :)

Message Edited by artfreak on 01-04-2010 03:35 PM
Kudos0

Re: help why didnt norton catch this?

delphinium: adware...thank you :) I tried to google it couldnt locate it but it was late I was burnt out. thank you :)
Kudos1 Stats

Re: help why didnt norton catch this?

Hi artfreak

Pretty soon Windows is going to stop offering updates for SP2. You are missing a lot by not updating to sp3, protection wise too.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: help why didnt norton catch this?

Well I will when I have too, if it aint broke dont fix it ya know.  I mean I do keep everything running up to date Im not lax I just read about teh nightmares of what it did to my kind of machine and didnt want to bother with it for now. I wonder if its okay now?
Kudos0

Re: help why didnt norton catch this?

Hi artfreak

You can do another scan with malwarebytes and see if it is still clean. You can also do a full scan with the free version of SuperAntiMalwarebytes and see if that comes up clean. Don't forget to update each program if you decide to run them. You can post the log from both programs by using the add attachment right below the post button.

Here is a free on demand antimalware scanner. It is safe to use on demand with your Norton product.


http://www.superantispyware.com/

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: help why didnt norton catch this?

Hi art freak

What PC do you have?? I had the same trouble with the AMD processor but there is a small download that you do before you download and install the SP3 and it is a piece of cake to do.I have a HP 2004 compaq presario desktop,just Look on I think Windows site or HP for a better explanation.

Someone may be able to give you the correct order to download and install it by that I mean if you have to disable NIS to install it.Mind you that's if your machine is clean?

Cheers Mo Windows 7 64 bit, NIS2013
Kudos0

Re: help why didnt norton catch this?

floplot: you inspired me to look into sp3 again...it sounded more stable for my amd machine so I did it loaded sp3.

I carefully read all the pre load stuff and did what it said inc turning off norton for the loading process and so far so good.  It was a hour and half of nerves but its fine so far :) .

Just wanted to tell ya .

Kudos0

Re: help why didnt norton catch this?

Hi artfreak

Thanks for coming back and telling me you installed sp3. Also run windows updates so you can get the updates that came out after sp3 did. You will find that your programs will run better after installing sp3 also. You should have windows updates set to notify you when there are available updates. I don't like automatic updates and have them installed automatically. I like to see what they want to install first and see if there are any problems with the updates. Also don't let windows install drivers for you. Go to the manufacturer's website to get driver updates. I've had the experience of windows wanting to install an onboard sound driver, but it was from the wrong company.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: help why didnt norton catch this?

thanks again floplot :), I did do the updates after sp3, and I always have had my pc set to tell me before it loads anything.  I just dont like it doing things without my checking it out first and it can slow it down and youre like what is going on!?

Thanks for driver info tho', Ive never taken those and never knew if I should.But if something doesnt work I will now go to mfg website.

Things do seem a bit smoother, cant say how exactly...video is for sure a bit anyway.

Thanks take care.

Kudos0

Re: help why didnt norton catch this?

Hi artfreak

I would now run another full system scan with the free version of malwarebytes and see if you are still clean. Please post the new log here and don't forget to update the program first.

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.