• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

Mac Viruses/Malware

Hi,

Recently me email address has become a minor "joe-job" or, in other terms, backscatter. Very minor, though. I do not know how this happened.

However, when scanning with NAV 11.0.1 today, it detected 11 threats and said "Virus "Infected file could not be repaired. Archive restored."

However, they are not in the quarantine, and Norton Auto-Protect did not alert me of viruses, and the scan didn't alert me at the end. It Recent Logs, it only says "Scheduled scan, on the result tab 11 problems, and when I click to see what the problems are, on the result tab, it says error.

Also, NAV 11.0.1 did not give me a file name.

Can anyone help, and am I infected? 

Replies

Kudos0

Re: Mac Viruses/Malware

hey there--

Mike Romo here. Can you email me at "mike_romo@symantec.com"? Sounds like a freaked out archive messed with our engine. I am not sure ,but if you email me, we'll get a developer to work with you on this.

thanks!

mike

Kudos0

Re: Mac Viruses/Malware

Hi again--

Looks like you found a bug. Apparently we are not reporting the locations of archives that have problems that we can't fix.  When we CAN fix the virus, we give the location, which is good, but admittedly, this is a bug and I am entering it into the database to get addressed with an update.

But all is not lost. If you open the terminal and type:


> navx –c <path to disk or folder>  <----- you just drag your hard drive or home folder here and it will populate the location

A scan will then commence; at first it looks like it will just sit there--when it encounters an archive that has a virus, Then all of the file names should be listed, as well as the archive that contains the bogus files.

Thanks for helping us find this!

Let me know how it works for you.

Thanks,
mike
Kudos0

Re: Mac Viruses/Malware

I'm a little bit confused. 

So I do have a Mac-related virus, it just hasn't been discovered yet? Or is it a scan error?

Also, nothing else has happened, so is it a new Windows virus on my computer?

Or am I not infected? 

Kudos0

Re: Mac Viruses/Malware

Most likely it's either a damaged file INSIDE the archive, or a Windows virus in the archive.

Run that command and then we can see what's inside those archives, but I'm thinking it's damaged file in the archive that we can't rectify.  If it were a Mac virus, we would have fixed it and logged it. 

thanks,

mike

Kudos0

Re: Mac Viruses/Malware

1. So I open Terminal, then type "> navx –c"

2. Then I drag my hardrive

Is that correct? Also, how do I make the scan start? I have never used terminal before. 

Kudos0

Re: Mac Viruses/Malware


The keyboard change could very well be adapating to an open application, I don't think you have anything to worry about at all.

So, yes, type in "navx -c <<dragged folder/volume>"
And then wait--try this on a folder so you can see how it works--we'll tell you when the scan is done.

I am not sure when the fix will get rolled in, but I think it should be soon, though we are working on a new project and are kind of swamped.  But the good news is that, and I will add this to the post, that if you have auto-protect turned on, you can rest assured that when you actually expand the archive to access the file, we will scan the archives contents so you are still protected and need not worry.

Thanks for the help!
mike
Kudos1 Stats

Re: Mac Viruses/Malware

I've had this error pop up recently when NAV attempted to scan a password-protected ZIP archive.  The navx -c at the command line interface indicated no virus was actually detected ("Scan Result: Clean").  NAV's inability to access the ZIP was apparently flagged in the Activity Log as "Error", however, and it appears the "Infected file could not be repaired.  Archive restored." message is being treated as the fallback generic message NAV gives when it can't actually identify whatever problem it's encountering.

Kudos0

Re: Mac Viruses/Malware

What you are saying is correct--we are working on an update to address his erroneous (and scary-sounding) message.

i will let you know when we have this taken care of, but suffice to say, that even if you DID have a virus in the archive, it would be scanned when expanding the archive by Auto-Protect.

thanks,

mike

Kudos0

Re: Mac Viruses/Malware

I have been receiving the error message "Infected file could not be repaired. Archive restored" when NAV 11.0.1 has scanned photo memory cards and I have the following questions: Do photo memory cards have expandable archives? How would it be possible for a virus to get into those cards when they are only going from the camera to the computer card reader? Does NAV think that it is finding damaged files? 

Kudos0

Re: Mac Viruses/Malware

Hmm--

This is interesting--I think we're running into some kind of archive or some kind of file. Let me get my developers on the line.  Can you email me at mike_romo@symantec.com? We might be able to use a special build of Norton AntiVirus to see what kind of file we are misreading as an archive.

I think you are fine, by the way; I think we're just seeing an error in how we report. I strongly doubt you have a virus.

thanks for your help!

mike

Kudos0

Re: Mac Viruses/Malware

I am experiencing the same problem.  It occurs everytime I boot up the computer and log in.  If I subsequently run the navx command or do a scan on the directory, there are no problems.  I have File Vault turned on, could there be some interaction with this feature?
Kudos0

Re: Mac Viruses/Malware

you're having the same problem that we are finding an archive but not showing it?  When does this occur at startup? Do you have a scan that is happening?

thanks

mike

Kudos0

Re: Mac Viruses/Malware

I am seeing the error message "Infected file could not be repaired.  Archive restored" that the other poster described.  This occurs during Auto Disk Scan and usually happens on login.
Kudos0

Re: Mac Viruses/Malware

Thanks for that. Well, we have this bug open to development to patch it. Let me get back to you with some more status when I have it...we're kind of working on something that I can't talk about but you'll find out soon..
Kudos0

Re: Mac Viruses/Malware

Is it something I should be concerned about?
Kudos0

Re: Mac Viruses/Malware

THe navx command is great.

In the past, I didn't want to have Auto Protect enabled all the time and I was calling navx through a folder action script tied to the DOwnloads folder.

Very useful command indeed!!

Corentin 

Kudos0

Re: Mac Viruses/Malware

I recently had the Virus "Infected file could not be repaired. Archive restored" pop up on my NAV as well. I'm still unclear as whether this is a virus or a NAV glitch. What step should be taken now?
Kudos0

Re: Mac Viruses/Malware


mikeromo wrote:
Thanks for that. Well, we have this bug open to development to patch it. Let me get back to you with some more status when I have it...we're kind of working on something that I can't talk about but you'll find out soon..

Mike,

What's the status of fixing this bug?  This thread started over five monhts ago.  I'm still getting the same message in my logs.  Getting a message that sounds disturbing, but being told here that it is probably nothing to worry about, is of little comfort.  I expect better from such an expensive program.  


Peter

Message Edited by pjp on 03-08-2009 12:31 PM
Kudos0

Re: Mac Viruses/Malware

Hey Mike,

Just posting here looking for an update on this issue. I did follow your advice with the "navx -c" command for my system drive and found the 4-files causing my 4-errors of "Infected file could not be repaired. Archive restored."

Indeed, 3-of these errors related to compressed PC files using the .img format on my Mac.

However, 1-of these errors related to a Mac file from the application VueScan.

Here are the 4-files in question as obtained by running your suggested terminal command:

Welcome to Darwin!
WORKSTATION:~ thomas$ navx -c /
File: /Applications/VueScan.app/Contents/Data/vuescan.dat
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Downloads/LinkStationPro/Firmware/LS-GL_FW_115/hddrootfs.img
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Downloads/LinkStationPro/Firmware/LS-GL_FW_115/initrd.img
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Downloads/LinkStationPro/Firmware/LS-GL_FW_115.zip
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A


Scan results:
529844 files encountered.
529825 files accessible for scanning.
1 archive scanned.
    112859 files inside of archives encountered.
    112859 files inside of archives examined.
    0 files inside of archives infected.

Scan started : Wed Apr  1 20:43:15 2009
Scan finished: Wed Apr  1 21:02:57 2009
Scan ended normally.


WORKSTATION:~ thomas$___________________________________________________

Not sure if this helps or not, but I thought I would share it anyway.

In the mean time, could we at least get an update on where things are with this?

Respectfully,

Thomas Huff

Kudos0

Re: Mac Viruses/Malware

Hey Tom,

Sorry for the long delay on this - our team has been really busy trying to get another product out the door. 

Just looking at your results from the navx -c scan - how do you know those are the culprit archives? Based on the output you included in your post, it looks like they aren't infected? (Scan Result: Clean)

What happens when you scan those files using the Norton AntiVirus application manually? (or you can Control-click on them and use the contextual menu scanner)

Hope that's a good start. Please let me know if you have any questions.

Thanks!

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Mac Viruses/Malware


nuchida wrote:

Hey Tom,

Sorry for the long delay on this - our team has been really busy trying to get another product out the door. 


How about you fix this bug, in this program, that's been pending for quite a long time now -- six months plus -- before moving on to your next shiny thing?  This is exactly the reason I was reluctant to buy another Norton product.  Should have followed my instincts.  

Kudos0

Re: Mac Viruses/Malware

Hey pjp,

We'd love to do that, but we're unable to reproduce the problem in-house. I'm thankful for these forums because it allows a nice direct line of communications between us and the end user. Hopefully we'll get some useful responses to this thread that will help us track down the exact cause of the problem. 

I understand your frustration, and I am sorry that we have not been able to take care of this issue sooner. 

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Mac Viruses/Malware

Peter,

My advice to Tom also applies to your situation (if you are seeing a similar issue). Can you try performing the same tasks I asked him to try?

Thanks!

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Mac Viruses/Malware


nuchida wrote:

Hey pjp,

We'd love to do that, but we're unable to reproduce the problem in-house. I'm thankful for these forums because it allows a nice direct line of communications between us and the end user. Hopefully we'll get some useful responses to this thread that will help us track down the exact cause of the problem. 

I understand your frustration, and I am sorry that we have not been able to take care of this issue sooner. 


It's only a direct line of communication when you respond to inquiries from the end users far more frequently than you have been. 

And it's only a nice direct line of communication when you actually do things you say you will.  An October post in this thread by a Norton employee suggested a patch was forthcoming to at least modify the error message being reported, to sound "less scary."  I checked this morning, and the error is still there, just as "scary" as ever.  

Finally, if you can't reproduce the bug (which Norton has acknowledged in this thread that it is), that's one thing.  But I suggest you stop talking about how busy everyone's been working on some unnamed other product as an excuse.  I, for one, am completely uninterested in that problem of yours, because I feel that existing problems in flagship programs should be given higher priority.  

navx -c is running now, and I'll try to post the outcome, because I want the problem solved.  I resent doing it, however, because I don't remember signing up for a beta program when I keyed in my credit card information.  

Kudos0

Re: Mac Viruses/Malware

Great - thanks for helping out by trying navx.

I look forward to seeing your results!

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Mac Viruses/Malware

Hey Nick,

I feel those are the 4-culprit files, because no other files are listed, archive or non-archive. If those are not the 4-culprit files, then why does navx display them at all? Also, when a manaul scan of the files is done via the context menu, there are no errors.

I have been working with Mike Romo from Symantec via email, but he has stopped responding. Maybe he is on vacation?

In any regard, he had stated that this problem had been duplicated in house, yet you say it hasn't.

error only appears when a scheduled scan is performed. I do not get the error when a manual scan is performed.

I hope this additional information helps in some way Nick, and please feel free to contact me if I can help in any way.

Respectfully,

Thmas...

[edit: Please do not post email content per the Participation Guidelines and Terms of Service.]

Message Edited by shannons on 04-12-2009 04:38 AM
Kudos0

Re: Mac Viruses/Malware


nuchida wrote:

Great - thanks for helping out by trying navx.

I look forward to seeing your results!


In NAV, under the Statistics tab/panel, I have a Warning following a scheduled scan that says:

"Virus 'Infected file could not be repaired.  Archive restored."

Clicking on the warning, or the "View recent activities . . ." link, opens the Activity Log.  The Activity Log indicates that there are 24 problem files.  From the Activity Log window, I'm not aware of how to drill down to the actual "problem files." But NAV has been reporting 24 problem files from the time I installed the program. 

Running navx in Terminal resulted in 24 entries, all of which are within Slingplayer.app, like so: 

File: /Applications/SlingPlayer.app/Contents/Resources/Library/Austria.spl
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Applications/SlingPlayer.app/Contents/Resources/Library/Belgium.spl
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

I've got the rest of the output, if any wants me to email it to them.  

A context menu scan of SlingPlayer.app comes back with no hits.   This is under 10.5.6. 

Several of us have done our part; now please do yours and fix this.  

Message Edited by pjp on 04-12-2009 06:18 AM
Kudos0

Re: Mac Viruses/Malware

Nick,

As my previous post was edited by "shannons" for posting email content, and left somewhat confusing, I felt I needed to post yet again to clarify what I was saying earlier.

You had ask what made me think those were the 4-culprit files?

Well, when running " navx -c / ", I feel those are the 4-culprit files, because no other files are listed, archive or non-archive in the scan results. If those are not the 4-culprit files, then why does navx display them at all? Why not display all 529,825 files in the same manner? I assume the switch " -c " that was given to us to run with navx has something to do with it. However, we were not provided with any additional switches, or any references to what the switches represented. So only you, or people from Symantec are going to have that information.

To answer your next question of what happens with a manual scan or contextual menu scan?

When a manaul scan of the files is performed via the context menu, there are no errors. As far as that goes, when a manual scan is performed at all, even on the entire drive, there are no errors. The notorious error of " Virus Infected file could not be repaired.  Archive restored." only appears during scheduled scans. So, there's one place to start looking in the code. How does scheduled scans differ from manual scans?

I have been working with Mike Romo from Symantec via email, but he has stopped responding. I would hope that it is because he is on vacation, and not because he is choosing to not deal with the issue? I'll give him the benefit of the doubt, as he did appear genuinely concerned in his emails. However, I do completely agree with " pjp " about working on new products. It's like I told Symantec Product Manager, Mike Romo in our numerous emails back and forth, "I realize Symantec is working on newer and better products for the Mac platform, but it makes it really hard for someone like myself to up sale not only myself, but my clients as well on new Mac products from Symantec, when known issues like these have never been resolved with the products we were currently sold on."

Symantec Product Manager, Mike Romo had stated that this problem had been duplicated in house, yet you say it hasn't? Who are we to believe? The Symantec Product Manager or the Symantec Manager of SQA Engineering? It's turning into a complete he said she said syndrome, leaving us the customers out the cold with faulty product.

This isn't the only problem either. In addition to this problem, we are still awaiting a fix for the " SymDaemonCrash.Log "

On a less critical note (only because it is never seen by 98% of my clients or Symantec product users), is the whole "SymDaemon.crash.log" issue. I'm sure you are aware of this also, but it is where the following log file:
 
/var/log/crashreporter.log
 
produces this message every time the system is shut down:
 
Wed Apr  8 00:27:19 2009 crashdump[875]: crashdump started
Wed Apr  8 00:27:20 2009 crashdump[875]: Started writing crash report to:
/Library/Logs/CrashReporter/SymDaemon.crash.log
 
but yet the log:
 
/Library/Logs/Crashreporter/SymDaemon.crash.log
 
...is always empty? 

So, there is my two cents worth so to speak, and I hope this additional information helps in some way Nick. Please feel free to contact me via email or phone if I can help in any way.

The bottom line is that both of these issues are old known issues, and need to be resolved. Or, at the very least, Symantec needs to " Man Up " so to speak, and just tell us the end users that there is going to be no resolution to these issues, and that any further development for NAV v11 outside of virus definition updates is no longer going to take place.

Respectfully, ...albeit very frustrated and disapointed,

Thmas...

Kudos0

Re: Mac Viruses/Malware

Hi--

I apologize for this bug not being fixed. Given the nature of the problem, that it wasn't crashing the system and it wasn't a security hole, it has been given a lower priority in light of the other work the team has been given.  Additionally, we have been having a very difficult time reproducing it here in our labs, and if we can't reproduce it, we can't fix it.

We all understand how irritating this is, to be told that something will be fixed and then to have the problem still linger. I was overly optimisitic in thinking that we could address this faster---optimism in a product manager is not always a good thing.

While I am confident that this issue will get addressed, and though I want to get it addressed as soon as possible, I can't give you a timeline. 

thank you,

mike

mike_romo@symantec.com

Message Edited by mikeromo on 04-12-2009 08:18 PM
Kudos0

Re: Mac Viruses/Malware


mikeromo wrote:

Hi--

I apologize for this bug not being fixed. Given the nature of the problem, that it wasn't crashing the system and it wasn't a security hole, it has been given a lower priority in light of the other work the team has been given.  Additionally, we have been having a very difficult time reproducing it here in our labs, and if we can't reproduce it, we can't fix it.

We all understand how irritating this is, to be told that something will be fixed and then to have the problem still linger. I was overly optimisitic in thinking that we could address this faster---optimism in a product manager is not always a good thing.

While I am confident that this issue will get addressed, and though I want to get it addressed as soon as possible, I can't give you a timeline. 

thank you,

mike

mike_romo@symantec.com

Message Edited by mikeromo on 04-12-2009 08:18 PM

I appreciate these comments, and I've sent you an e-mail requesting a refund. 

Regards.

Kudos0

Re: Mac Viruses/Malware

Hey Thomas,

Thanks for taking the time to go back and clarify your post.

I guess I should have explained a bit more - I agree with your statement "why does navx display them at all?" At first it seemed weird that it was reporting them and yet also reporting that the files are clean. The navx command should only report back the files it believes are infected, unless you give it the option to report back all files scanned (if you type in navx by itself on the command line, you can see the usage and all of the options/switches, -c is to scan compressed archives).

I'm sorry that I didn't first catch up on your conversation with Mike about your issues. I'm trying to encourage him to try to use this forums more, for reasons like this - we are trying to have more than 1 set of eyes on these forums in cases someone goes AWOL. If conversations happen too much off the boards, then it kind of shuts the rest of us out - not to mention other people who have the same problem and might get a good solution. 

It's our fault for not having the right arm talk to the left arm on this - I apologize. 

We are a small team, and I can guarantee you that it annoys all of us to have bugs out in the field. It's sometimes tough to prioritize what we work on and when we work on it, but we do care about customer issues. It's also very helpful to get feedback from (understandibly) upset/frustrated customers. We take it seriously.

It looks like it's definitely a false positive - and we are able to reproduce the issue using pjp's suggestion of the SlingboxPlayer.app.

It's interesting because it seems to only occur when you are scanning inside of Archives - we use a Library that is created and maintained outside of our team. We are going to ping those guys with the files that produce the FP and, hopefully, we'll be able to get this resolved ASAP.

Thanks again for all your help and continued patience. 

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos0

Re: Mac Viruses/Malware


tomhuff wrote:

 This isn't the only problem either. In addition to this problem, we are still awaiting a fix for the " SymDaemonCrash.Log "

On a less critical note (only because it is never seen by 98% of my clients or Symantec product users), is the whole "SymDaemon.crash.log" issue. I'm sure you are aware of this also, but it is where the following log file:
 
/var/log/crashreporter.log
 
produces this message every time the system is shut down:
 
Wed Apr  8 00:27:19 2009 crashdump[875]: crashdump started
Wed Apr  8 00:27:20 2009 crashdump[875]: Started writing crash report to:
/Library/Logs/CrashReporter/SymDaemon.crash.log
 
but yet the log:
 
/Library/Logs/Crashreporter/SymDaemon.crash.log
 
...is always empty?


Thomas,

I hope this will be fixed by the upcoming NAV 11.0.2 patch. We are publishing it right now and it should be available within the hour.

Please let me know if it prevents your SymDaemon crases.

Thanks!

Nick UchidaManager, SQA EngineeringMacintosh Products
Kudos1 Stats

Re: Mac Viruses/Malware

Nick,

Thanks for the update on this. I have just finished what I consider extensive testing here in the field, and I can confirm this to no longer be an issue. All tests have pointed to this particular bug being resolved in the v11.0.2 update for NAV!

I just received your other post concerning scanning times, and the information is very useful as I am still currently testing this. I will post my results to that thread later today.

Thanks again Nick to you and the entire team!

Respectfully,

Thmas...

Kudos0

Re: Mac Viruses/Malware

I am fully updated* but still receive both the "infected file could not be repaired" and the "did not have permission to repair" messages.

* NAV for Macintosh Virus Defs - Latest

  Vulnerability Protection Engine for Macintosh - 1.3.0

  Vulnerability Protection for Macintosh - Latest

  LiveUpdate for Macintosh - 5.1.0

  Norton AntiVirus for Macintosh - 11.0.2

  Symantech Scheduler for Macintosh - 5.0.2

On 2009/05/10 I received four "Did not have permission to repair" messages and one "Infected file could not be repaired. Archive restored" message.

Here are the results of my navx command (which completes in 4 minutes so it must not be as intensive as the full scan in the GUI that takes an hour):

$ sudo navx -cfhQ

File: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/database-template/data/versioncue/bhassetproperty.ibd
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/database-template/data/versioncue/bhlabeltoversion.ibd
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/plugins/com.adobe.versioncue.persistence_3.0.0/template/vcdbtemplate.zip
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A

Scanning...
File: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/plugins/com.adobe.versioncue.persistence_3.1.0/template/vcdbtemplate.zip
Scan Result: Clean
Repair Attempted: N/A
Repair Result: N/A


Scan results:
714125 files encountered.
714058 files accessible for scanning.
2 archives scanned.
    290597 files inside of archives encountered.
    290597 files inside of archives examined.
    0 files inside of archives infected.

Scan started : Tue May 12 07:07:29 2009
Scan finished: Tue May 12 07:11:13 2009
Scan ended normally.

 

Kudos0

Re: Mac Viruses/Malware

I use the Norton antivirus just installed on 10/2/09 the Mac shuts down and the screen has a black cover that comes over the screen and freezes the system and I have to restart.  It has picked up some viruses  but not all gets halfway and the screen comes in if any one has this problem please help

This thread is closed from further comment. Please visit the forum to start a new thread.