This forum thread needs a solution.
Kudos0

ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 9:36AM · 23 Replies ·

Hi,

I purchased something online earlier with PayPal thinking it were from a website in the UK but based in the USA. When I got the PayPal receipt, I looked into trading name which looks to be based in Hong Kong, & when I tried to ask for a refund, the email address bounced.

I have been onto PayPal & have a refund, & they are going to look into this. However, I thought it best to run a full Norton scan & the following was found & looks to have got on my system way after problems earlier at 16.18 GMT.

The quarantined files are IBS Downloader gen 60, IBS Downloader gen 119, & IBS Downloader gen 346.

Please can you tell me if there anything I can do to check my PC is clear.

Thank you.

Replies

Kudos1 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 10:00AM · Edited: 19-Nov-2022 | 10:34AM · Permalink

Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Malwarebytes for Windows
https://malwaretips.com/blogs/downloads-malwarebytes-for-windows/

https://support.malwarebytes.com/hc/en-us/articles/360038479134-Download-and-install-Malwarebytes-for-Windows

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

What is Norton Virus Protection Promise?
https://support.norton.com/sp/en/us/home/current/solutions/v62458994

Kudos1 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 10:03AM · Permalink

Hello. This is definitely something to be concerned about. Some better information is below for you:

https://community.broadcom.com/symantecenterprise/communities/community-...

If the detection in Norton history states no action necessary the files should have been removed. As a precaution I would run NPE as a last resort, I say that because it is a VERY aggressive tool and can delete valid system files. 

SA

MS Certified Professional : Windows 11 Home/Pro 22H2 x 64 build 22621.2715 / Windows 10 Pro x 64 version 22H2 / build 19045.3693 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions
Kudos1 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 10:56AM · Permalink

Hi bjm,

Sorry, I am not very computer savvy.

Is this what you mean? There are 6 like this, 2 for each entry, so 2x ISB.Downloader!gen119, 2xISB.Downloader!gen60, & 2x ISB.Downloader!gen346.

Thank you. 

Filename: Install.js
Threat name: ISB.Downloader!gen119Full Path: C:\Users\logic\Downloads\Download.zip

____________________________

____________________________


On computers as of 
19/11/2022 at 18:37:44

Last Used 
19/11/2022 at 16:18:46

Startup Item 
No
Launched 
No
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.


____________________________


Install.jsThreat name: ISB.Downloader!gen119
Locate


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

High
This file risk is high.


____________________________


http://airlinesphonenumbers.com/
Downloaded File  from airlinesphonenumbers.com
Source: External Media


____________________________

File Actions

Install.js
[Contained in] C:\Users\logic\Downloads\Download.zipDeleted

____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
 

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 11:14AM · Edited: 19-Nov-2022 | 11:23AM · Permalink

Sorry, not enough information to reproduce. 
Norton deleted whatever was at C:\Users\logic\Downloads\Download.zip

No idea why Norton "full scan" triggered detections.
No idea what downloaded from airlinesphonenumbers.com.

On my side airlinesphonenumbers.com cannot be reached.

Scan failed - Site empty (no content)
Site is not Blacklisted - 9 Blacklists checked
IP address: 185.174.175.69

https://sitecheck.sucuri.net/results/airlinesphonenumbers.com

185.174.175.69 - Ukraine

https://www.virustotal.com/gui/ip-address/185.174.175.69


https://safeweb.norton.com/report/show?url=airlinesphonenumbers.com = Caution -> Suspicious

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 11:31AM · Permalink

Hi bjm,

Okay, thank you.

I have never been to a site called airlinesphonenumbers.com anyway, & the only thing close which I use is Flightradar24: Live Flight Tracker - Real-Time Flight Tracker Map

Thanks again, & I will be sure to do a full system scan more regularly. 

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 11:32AM · Permalink

Hi SA,

Thank you for your help! Much appreciated!

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 12:04PM · Edited: 19-Nov-2022 | 12:06PM · Permalink

I MASON:

There are 6 like this, 2 for each entry, so 2x ISB.Downloader!gen119, 2xISB.Downloader!gen60, & 2x ISB.Downloader!gen346.


Downloaded File  from airlinesphonenumbers.com

[Contained in] C:\Users\logic\Downloads\Download.zipDeleted

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
 

Curious, do the other detections look like the detection you posted?  

Curious, do you run another real-time security program alongside Norton? 

Curious, do you recognize C:\Users\logic\Downloads\Download.zip?

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 12:49PM · Permalink

The only other detections that look similar are, 3 low level tracking cookies that appeared in "resolved security risks" along with those quarantined.

I don't have any real time security program alongside Norton, other than Windows Security, with Norton being the default.

I recognise C:\Users\logic\Downloads but not Download.zip? I think that is what Norton removed, perhaps?

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 12:57PM · Edited: 19-Nov-2022 | 1:03PM · Permalink

I MASON:

1) The only other detections that look similar are, 3 low level tracking cookies that appeared in "resolved security risks" along with those quarantined.

2) I don't have any real time security program alongside Norton, other than Windows Security, with Norton being the default.

3) I recognize C:\Users\logic\Downloads but not Download.zip? I think that is what Norton removed, perhaps?

1) Okay...earlier you wrote: There are 6 like this, 2 for each entry, so 2x ISB.Downloader!gen119, 2xISB.Downloader!gen60, & 2x ISB.Downloader!gen346.

2) Norton install disables Microsoft/Windows Defender? 

The Windows Defender feature is automatically disabled once you install Norton on your computer.

https://support.norton.com/sp/en/us/home/current/solutions/kb20080520095244EN

Are you running Microsoft Defender Limited Periodic Scanning?  

Disable the Limited Periodic Scanning in Microsoft Defender
https://support.norton.com/sp/en/us/home/current/solutions/v123695220

I asked about other real-time protection...because, I was wondering if Norton "full scan" detected signatures from another protection program. 

3) Okay

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 1:35PM · Permalink

You're most welcome!! What is the web browser you are currently using? One thing of note is that the Chrome browser ( in case you are using Chrome ) has javascript built in. Some sites when visited will use js to install malware if they are compromised and nothing the user can see while doing so. This may be the case with what you are seeing. 

I went to the site you referenced in an earlier post and immediately saw the two things appear right as the sight loaded. I DO use blockers on my browser and cookies are not enabled unless I set them manually by specific URL's. I think this MAY help explain a bit further how malware can get into a browser under circumstances that look perfectly normal to the everyday user.

SA

MS Certified Professional : Windows 11 Home/Pro 22H2 x 64 build 22621.2715 / Windows 10 Pro x 64 version 22H2 / build 19045.3693 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions
Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 1:48PM · Edited: 19-Nov-2022 | 1:58PM · Permalink

SoulAsylum:

I went to the site you referenced in an earlier post and immediately saw the two things appear right as the sight loaded. 

Curious, what URL did you use.  When I call airlinesphonenumbers.com...from Edge & Chrome.  I see blank page.

Edit: Okay...SoulAsylum meant >

https://www.flightradar24.com/50.85,-0.25/9

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 2:14PM · Permalink

Thanks,

I had a look, & a Limited periodic scanning in Microsoft Defender was disabled.

It is a bit of a long shot, but is there a way to find out exactly when Norton installed an updated? The thing is, since all this started, Norton has been slightly different in appearance, & has a couple of new features, & I wondered if it to do with this? Norton Security 22.22.9.11 for Windows is now available! | Norton Community I looked in Add/Remove & Norton appears to have been updated today to 22.22.9.11 today. I can't remember if I ran check for updates before, or after the issues earlier?

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 2:20PM · Permalink

Sorry SA, I meant to add, I use Windows Edge browser, & I have never visited airlinesphonenumbers.com prior to issues earlier. As for flight radar, I have used for a few years, but yes, I will be a bit more careful, & increase the cookie level in a bit.

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 2:26PM · Edited: 19-Nov-2022 | 2:28PM · Permalink

I MASON:

It is a bit of a long shot, but is there a way to find out exactly when Norton installed an updated? The thing is, since all this started, Norton has been slightly different in appearance, & has a couple of new features, & I wondered if it to do with this? Norton Security 22.22.9.11 for Windows is now available! | Norton Community I looked in Add/Remove & Norton appears to have been updated today to 22.22.9.11 today. I can't remember if I ran check for updates before, or after the issues earlier?

My Norton 360 is 22.22.10.9 
https://community.norton.com/en/blogs/product-service-announcements/norton-security-2222109-windows-now-available

Please confirm Windows Fast Startup is off. W10 [here] W11 [here]
Please run Norton LiveUpdate and Restart (not Shut down) machine. Repeat. 

Curious, did you run Malwarebytes scan? 

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 2:55PM · Permalink

Sorry bjm,

Because I am an idiot & overlooked it, no I did not run the Malwarebytes scan, but I did a few minutes ago, & everything is fine!

I have just turned off fast start-up. I have had issues with that many months back with another issue, & I surprised it was back on again.

Please run Norton LiveUpdate and Restart (not Shut down) machine. Repeat. DONE 

Apologies again!

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 19-Nov-2022 | 3:49PM · Permalink

The URL is went to was here as posted by the OP: https://www.flightradar24.com/50.85,-0.25/9

SA

MS Certified Professional : Windows 11 Home/Pro 22H2 x 64 build 22621.2715 / Windows 10 Pro x 64 version 22H2 / build 19045.3693 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions
Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 2:18AM · Permalink

Just a quick update,

SA, I cautiously run Norton Power Eraser too, & was going to report back before taking action, but it found absolutely nothing, and I did the rootkits restart thing too.  

I am keeping Norton as my main AV, but looking at installing Malwarebytes too, but getting mixed messages about that being advisable. I know what you said earlier, bjm, but I wondered what your thoughts are. I just want a bit of reassurance really every now and then, & don't know how often you can download Malwarebytes free trial outside of a paid subscription.

Thanks again. 

Kudos2 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 5:47AM · Permalink

The free trial of the Malwarebytes is a trial of the full version of the product, which runs real time protection features. At the end of the trial period, if you do not sign up and pay for the full version, it defaults back to the free version. No need for any reinstalling. 

There are some here that do run the full version alongside Norton and have no problems. Many others here just use the free version as a secondary opinion as an on demand scanner. The scanning features are the same in the free and paid version.

Kudos2 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 6:51AM · Edited: 20-Nov-2022 | 7:14AM · Permalink

Hi I MASON:

Did you just create the thread Is it okay to run Malwarebytes alongside Norton 360 & its extras? in the Malwarebytes for Windows board as user Nimbus?  I no longer use Norton as my primary antivirus (I switched to Microsoft Defender when I purchased a new Win 10 laptop a few years ago) but most people I know who run still Norton 360 and Malwarebytes Premium together in real-time protection mode don't have an issue.

Please see RickSanchez's 19-Aug-2021 Malwarebytes & Norton in the Malwarebytes forum.  The Malwarebytes support article Issues Running Other Security Applications and Malwarebytes for Windows includes a list of third-party antivirus programs that may conflict with Malwarebytes Premium's Web Protection module but Norton products are not listed there, and as Porthos noted in RickSanchez's thread, you can always create mutual scan exclusions to reduce the possibility that Norton and Malwarebytes will conflict with one another. 

If you decide to run Norton 360 and Malwarebytes Premium together just make sure that you turn OFF the Malwarebytes setting at Settings | Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center.  This will ensure that Norton 360 is registered with Windows as your main real-time antivirus and has the primary responsibility for malware detection and remediation, while Malwarebytes Premium will essentially work as a "backup" to look for any potential threats missed by Defender.

If you're concerned that your system is still infected after your Norton full system scan and Malwarebytes Free Threat Scan you can always post in the Malwarebytes' Windows Malware Removal Help & Support board and ask a trained malware removal specialist to check your system.  See the guidelines pinned <here> at the top of that board that explains what information to include in your first post.

So far you've assumed that your ISB.Downloader!genxxx detections are related to your recent online purchase, but you might have just as easily visited an infected website that triggered a drive-by download from the insecure (http) site http:// airlinesphonenumbers. com/.  The Norton article What are Drive-by Downloads + Drive-by Attack Prevention Tips suggests that users install an ad blocker to their browser to help prevent these types of drive-by downloads. Do you have any browser extensions like uBlock Origin or Malwarebytes Browser Guard installed in your MS Edge browser? I have both these content blockers installed in my default Firefox browser as well as my MS Edge browser. 

** NOTE: MS Edge is a Chromium-based browser and uses the same underlying technology as Google Chrome. If you want MS Edge to allow installation of browser extensions from the Chrome web store you will have to enable this in your Edge settings as shown below - see the How-To Geek article How to Install Google Chrome Extensions in Microsoft Edge.

Also note that Malwarebytes Free and Malwarebytes Premium use the same offline installer (e.g., mb4-setup-consumer-4.5.17.221-1.0.1806-1.0.61846.exe) and use the same virus scan engine and malware definitions. Once Malwarebytes Free is installed on your system there is no need to uninstall it - just keep the product and malware definitions up-to-date (when you run a manual Threat Scan it should automatically update the malware definitions as the first steps in the scan) and you're good to go.  If you decide to upgrade to Malwarebytes Premium all you have to do is purchase a license and enter the product activation key in your Malwarebytes Free interface (see the Malwarebytes support article Activate Premium Features on Malwarebytes for Windows) and this will activate your Malwarebyes real-time protection (including the real-time Web Protection, Exploit Protection and Ransomware Protection modules) and other advanced features like automatic scheduling of scans.  If you ever want to switch back to Malwarebytes Free this can be easily done in Malwarebytes Premium at Settings | Account | Deactivate.

If you install Malwarebytes Free and accept the 14-day trial of the Premium features during installation then the trial version will automatically revert to Malwarebytes Free once the 14-day trial period is over.
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2251 * Firefox v107.0.0 * Microsoft Edge v107.0.1418.52 * Microsoft Defender v4.18.2210.6-1.1.19800.4 * Malwarebytes Premium v4.5.17.221-1.0.1806 * Macrium Reflect Free v8.0.7090

Kudos1 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 7:35AM · Permalink

Hi imacri & peterweb

Yes, that was me that post on the Malwarebytes much earlier today.

Thank you both for your helpful replies! I have had a thorough read, & I am about to check out the further info on the links that you provided.

I have spent today having a good clean up on my PC. I have removed a couple of unused programs, stopped unnecessary start up programs, & deleted emails and so on. I have cleaned up Edge & deleted cookies, & history, and run both Norton full system scan, & Malwarebytes scan, & again nothing out of the ordinary is showing, & I thought I would run HP diagnostics/optimization & there are absolutely no issues at all.

I have also turned on something called enhanced security mode in Windows Edge privacy settings.

I will look into an ad blocker also.

Thanks again all! I really do appreciate all of your help! 

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 10:44AM · Edited: 20-Nov-2022 | 10:51AM · Permalink

Hi I MASON

Your Norton is still v22.22.9.11 [here] or has updated to v22.22.10.9 ?  

Kudos0

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 20-Nov-2022 | 12:26PM · Permalink

Hi bjm, yes, I have just checked & it is now v22.22.10.9

Kudos1 Stats

Re: ISB.Downloader! found during full scan. Any ideas?

Posted: 23-Nov-2022 | 5:36AM · Permalink

lmacri:.

... If you decide to run Norton 360 and Malwarebytes Premium together just make sure that you turn OFF the Malwarebytes setting at Settings | Security | Windows Security Center | Always Register Malwarebytes in the Windows Security Center.  This will ensure that Norton 360 is registered with Windows as your main real-time antivirus and has the primary responsibility for malware detection and remediation, while Malwarebytes Premium will essentially work as a "backup" to look for any potential threats missed by Defender ...Also note that Malwarebytes Free and Malwarebytes Premium use the same offline installer (e.g., mb4-setup-consumer-4.5.17.221-1.0.1806-1.0.61846.exe) and use the same virus scan engine and malware definitions....

Hi I MASON:

I should also mention that many users I know who run Malwarebytes Premium in real-time along with their antivirus purchased a lifetime (perpetual) license for Malwarebytes many years ago, so these users don't pay an annual subscription fee to use Malwarbytes Premium.  Unfortunately, Malwarebytes stopped selling these lifetime licenses in March 2014, so you will have to think about whether it's worth paying annual subscription fees to both NortonLifeLock and Malwarebytes.

I have one of these lifetime Malwarebytes licenses so I can run Malwarebytes Premium along with my Microsoft Defender antivirus at no additional cost, but if I didn't own that lifetime license I suspect I would simply use Microsoft Defender for my real-time protection and then just run the occasional on-demand scan with Malwarebytes Free every week or so just to see if my antivirus missed any low-risk PUPs (potentially unwanted programs like adware, browser toolbars, etc.) or other threats.  Also note that malicious website blocking built into the free Malwarebytes Browser Guard add-on that I mentioned <above> shares the same database of blocked IPs and domains as the Web Protection module of Malwarebytes Premium.
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2251 * Firefox v107.0.0 * Microsoft Edge v107.0.1418.52 * Microsoft Defender v4.18.2210.6-1.1.19800.4 * Malwarebytes Premium v4.5.18.226-1.0.1823 * Macrium Reflect Free v8.0.7090

This thread is closed from further comment. Please visit the forum to start a new thread.