• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton didn't detect this???

ok I ran a malewarebytes full system  scan. It detected some for of koobface virus located in a program folder called mindscape which I beleive is some type of program that does fonts and all here is the path

  C:\Windows\Programfiles\Mindscape

It detected it as a dll file I think it was HUBER.DLL  anyway after the malewarebytes scan detected it, I went to that folder and scanned the dll item with my Norton Antivirus (up to date defs). The Norton scan did not detect this as a virus

Could it be the malewarebytes scan detected this as a form of the kkobface worm but that it was a false positive?

The file has been in place since April 2008 and there were no changes to the file recently when I checked the properties.

I do Norton AV scans Full System several times a week and have done so for years. So it concerns/confuses me why Norton never detected it, thats why I wonder if it was a false positive on malewarbytes part.

No to complicate matters, after the Malewarebytes scan when I indicated I wanted to delete this file, malewarebytes program indicated that I needed to restart my computer. I DID NOT wan to restart. So like a fool, I went into C:\Windows\Programfiles\Mindscape and just deleted the whole mindscape folder, sent it to the recycle bin and then deleted it from the recycle bin.

So I ran another malewarebytes scan (quick scan this time) and nothing came up. No I went ahead and deleted the malewarebytes program from my computer

So my questions are

1. Why would Norton not have detected this before?

2. Can it be a false positive from malewarebytes?

3. By sending the item to the recycle bin and deleting it from there, would that most likely have removed it from my system?

4. By deleteing the malewarebytes program from my computer, would that have taken th offending item with it?

5. thoug the malewarebytes program is not on my computer now, if I restart my computer at this point, would that remove the item?

Replies

Kudos0

Re: Norton didn't detect this???

1. Why would Norton not have detected this before?

If it is a false positive from Malwarebytes, surely Norton would not have detected this.

2. Can it be a false positive from malewarebytes?

Yes, there are possibilities. You could have submited that file to Symantec Security Response for further analysis instead of deleting the file. If it indeed consists of any malicious code, then Symantec Security response can verify and confirm it.

http://www.symantec.com/business/security_response/submitsamples.jsp

 

Once the file has been deleted from your computer, it's difficult to verify whether it's a false positive or not.

3. By sending the item to the recycle bin and deleting it from there, would that most likely have removed it from my system?

Yes, mostly. But if it is a virus related one, there are chances for it to re-created after some time like when you restart the computer.

 

4. By deleteing the malewarebytes program from my computer, would that have taken th offending item with it?

I think so, it may have deleted the Quarantined items as well during uninstallation process.

 

5. thoug the malewarebytes program is not on my computer now, if I restart my computer at this point, would that remove the item?

Once you delete the file from Recycle bin, there won't be much that Malwarebytes can do.

Kudos0

Re: Norton didn't detect this???

thank you for your quick response. I know I messed it up by the actions I took.

Since I deleted the offending file through delet- recycle bin- empty recycle bin and the file is now gone

If I restart my computer how would the virus file show up? I mean if the file it was attched to  is now gone?

Kudos0

Re: Norton didn't detect this???

I know this is a Norton forum, but as malewarebytes is often suggested on here,

does anyone know if malewarebytes is prone to false positives regarding the koobface virus?

The program that the dll item was detected to be infected with koobface is not a very well none program, so I'm wondering if because of that the item had "similar" features associated with the koobface virus?

Message Edited by 12Owen8 on 08-24-2009 09:20 AM
Kudos0

Re: Norton didn't detect this???

12Owen8

I also had some fonts falsely identified as Koobface.  I have had these fonts for a number of years.  When you know that it has been around that long, you can normally understand that some of the security protocols now recognize sloppy code as malicious.  When it is a recent file there is more cause for concern.  When in doubt, delete.  I allowed Malwarebytes to remove the fonts because I don't use them anyway.

Regardless of the security program involved, you need to look at the information, make a rational judgment about what you are told, and proceed accordingly.  Also, any program recognizing a particular problem, doesn't necessarily mean an infection.  Norton recognized both our issues as not being of a malicious nature and disregarded it.

That is also why it is good to use an on demand scanner for a cross-check.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Norton didn't detect this???

Thanks Del.

Now that I think about it, I don't think it was a Fonts program. I think it had to do with card making or soem such font/type face kind of thing. maybe its the same type of thing. My wife put that program on there. And I think it might be from April 09. So would that make any difference, or are you saying that sometimes Malewarebytes sees some "sloppy written programs" as resembling koobface virus ( thus why Norton didn't see it)? Del was yours a dll file?

Also, the program had two folders and only 1 item in 1 of the folders was shown as "infected" it was a dll file. But only one. Does that support the idea that it was a false positive?

so you think malewarebytes may detect  a few false koobface positives from less strongly/sloppy written programs? I know the program I'm referring to might have been one of those second rate programs you pick up at the dollar stores

( would this be similar to when Norton detects someting as 'suspicious" because some part of the code looks similar to a bad code? Only malewarebytes doesn't have a "suspicious label"?))

 I would be interested in hearing from others who may also gotten false positives in this regard from malewarebytes scan. Mind you, I rather have false positives than letting the baddies get through, so I'm not complaining ( though I may have needlessly deleted the program :)

as a side note, maybe this program was once detected by Norton as "suspicoius" , checked, and cleared and that is why Norton did not detect it as koobface? ( I am participating in community watch a peiodically get the Norton suspicious items that are sent for review by community watch, if that makes sense)

Message Edited by 12Owen8 on 08-24-2009 02:53 PM
Kudos0

Re: Norton didn't detect this???

12Owen8:

The answer to most of your questions is yes.  Any program can show false positives and it usually with regard to older or sloppy code. It also depends on whether the FP is based on heuristic detection or signature detection.

As far as a discussion on false positives with regard to Malwarebytes, you will need to look on their forum for that information rather than the Norton forum.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.