• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Norton removed a virus, but how do I find out what kind of virus it removed?

I recently got a suspicious .zip file that Norton failed to detect, so I uploaded it via the form at

https://submit.symantec.com/retail

I got an e-mail from SecurityResponse@Symantec.com with a tracking number, 36000508, and then I ran LiveUpdate daily for 2 days, after which Norton reports that it successfully "repaired" the file.  (After the "repair," the zip file was 22 bytes.)

But the Norton product did not display the name of the virus, either at the time of removal or in the log!

Is there any way to find out what kind of virus I had?  Thank you.

Replies

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

I recently got a suspicious .zip file that Norton failed to detect, so I uploaded it via the form at

https://submit.symantec.com/retail

I got an e-mail from SecurityResponse@Symantec.com with a tracking number, 36000508, and then I ran LiveUpdate daily for 2 days, after which Norton reports that it successfully "repaired" the file.  (After the "repair," the zip file was 22 bytes.)

But the Norton product did not display the name of the virus, either at the time of removal or in the log!

Is there any way to find out what kind of virus I had?  Thank you.

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

I removed and reinstalled Norton AntiVirus, and now it is reporting an infection every time I send an e-mail message from Mozilla Thunderbird!  But, the interesting thing is that when I click "attempt to repair" (I have auto-repair turned off so that I can have more control over the repair process), another pop-up appears saying that no virus was detected.  Furthermore, I have run a full system scan (twice, a few days apart with a LiveUpdate in between) and it reports "scan completed with no virus found."

Can a Symantec employee please look up submission #36000508 and tell me what type of virus it was?  Is it a Mac virus or a PC virus?  If it is not a Mac virus then I assume that the first "repair" (see below) was successful, and all the current detections are false alarms.  If it is a Mac virus, however, then the Mac still may be infected and we have to figure out a way to fix that.

Please note that I have my Thunderbird set to save its sent-items to its own Local Folders (instead of to my e-mail provider's sent-items folder), and that when I specifically scan the "Local Folders" in Norton AntiVirus it also reports "scan completed with no virus found."  I do get a lot of spam, and to ensure that it wasn't a spam complaint that triggered this process, I went through my sent-items over the weekend and eliminated most of the items that resulted me from forwarding messages to ISP abuse departments "as attachment."

Finally, the last time that I sent an e-mail it not only reported my "sent" folder is infected, but also that 2 temporary files, "nsemail.eml" and "nscopy.tmp," were infected.  I told it to delete the temporary file "nscopy.tmp" and to attempt to repair the other 2, but for some reason, it prompted me for my administrative password twice.  And then, even though I told it to delete the "nscopy.tmp" file, the Norton AntiVirus activity log says that it deleted "nsemail.eml" instead!  More worrisome is that, in spite of the fact that I was very careful not to tell Norton AntiVirus Auto-Protect to delete the infected "sent" folder, the entire sent-items folder is wiped.

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

Am I correct that you are using NAV 12.x (or NIS 5.x)?  If so, you should be able to see the virus name and full path by double clicking the entry for the file in question under Virus Detections in the History window.  If you want to know type (e.g. PC vs. Mac), that isn't currently shown in History info, but you can find it by searching for the virus name in the virus def info window.

I'll have to find another contact to look-up via your submission number, but I if you can get the virus name, using the above technique, that should help.

I am not sure why choosing to delete a file would clear a folder, that doesn't sound like correct behavior.  I can't say that I've ever seen that issue, but will be on the lookout for it.  Let me know if it occurs again.

-- Lee

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

Apparently, from a look up of the submission, it was a Windows threat.  If you need more details I'll need to check what our policy is about that info (maybe it can be sent privately).

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

Hi, and thank you for the reply!  I currently run Mac OS 10.4.11 (it's a single-core computer, and I had trouble after upgrading to 10.6.8, and ended up downgrading), so I rely on Norton AntiVirus 11.1.2 to protect me at this time.

Regarding the e-mail, the "sent" "folder" in Thunderbird is actually a large file, not an actual directory, but my concern is that I told Norton to delete a temp. file and somehow I lost the information in the "sent" file instead.  Maybe a Thunderbird problem and not a Norton problem.  Nevertheless, the fact that it repeatedly said that there was an infection every time I send an e-mail suggests that there were residual traces of infection after the repair.

I wonder why residual traces of infection would remain if it was a Windows threat and not an actual Mac infection?  (If it was just that my sent-items folder contained copies of complaints that I forward to ISP abuse departments about spam received, the problem is that Norton does nothing – or rather, says that a virus was found and then says that no virus was found – when you click to repair, but without actually doing anything unless you "delete.")

If you can please get the "SecurityResponse@Symantec.com" system to send me the standard "closing" e-mail for this particular submission, that should be good enough for me   For some reason, it no longer does that consistently.

Kudos1 Stats

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

OK, I'll try a couple customer support folks to see how to get that sent.

Kudos0

Re: Norton removed a virus, but how do I find out what kind of virus it removed?

Hi,

and thanks for your earlier reply.  I still get a notification of infection every time I send an e-mail in Thunderbird, but when I click on "Attempt to repair," I get another pop-up saying that no virus was found (followed by still another pop-up that says "Virus detected" and offers to open Norton AntiVirus for me).  When I scan my computer or Thunderbird's mail folders, it is finding no virus.

Can you please private-message me and tell me the exact kind of virus that was found in https://submit.symantec.com/retail submission #36000508? I still have not gotten the automated "closing" e-mail from the automated submission system.

If the mailbox is merely passively carrying a PC virus it still should not alternate between warning of an infection and saying that it can't find one. I think that it should offer to remove the individual suspicious mail item from the infected mail folder.

If it's infected with a Mac virus, then you should remove it; obviously, it wasn't removed completely, or else it wouldn't keep detecting traces of it every time I send an e-mail.

Regardless of whether I merely had a PC virus in my e-mail, or my computer was infected by a live Mac virus, or it's a false alarm and there never was an infection, Norton should not keep saying that a file is infected when it is accessed, immediately followed by saying that it is not infected when it is scanned! (Although I use IMAP mail, it is the "local folders" on the hard drive where the infection is detected – when I send e-mail, not when I receive it. And, here is another thing: when I "attempt to repair" the infection, AutoProtect is leaving no entries in the activity log within the Norton AntiVirus application program.)

Thank you,

Jonathan

This thread is closed from further comment. Please visit the forum to start a new thread.