• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Norton Security Vs VirusTotal!

Hi all, I am using Norton Security 22.8.1.14 in Windows 10. Background:- 2 days ago I found website virusTotal. I think its very useful. I check few exe files by that website & surprisingly it shows threat present in those files. I communicate with Norton customer care by chat option. Virus removal team take secure connection of my pc. Use VRQ tool, Power Eraser, Full system scan etc. found 0 threats. I seen VRQ use many apps stored in program files. I use one of them named Autoruns. It show lots of internal things. But all check by Virustotal. Surprisingly 6 files I found infected as per Virustotal. files:- 1. c:\program files\common files\wondershare\wondershare helper compact\wshelper.exe Antivirus:- ClamAV Threat:- Win.Worm.Runouce-823 2. c:\windows\system32\drivers\hdaudbus.sys Antivirus:- Bkav Threat:- W32.eHeur.Malware09 3. c:\windows\system32\diagtrack.dll Antivirus:- Baidu Threat:- Win32.Trojan.WisdomEyes.16070401.9500.9999 4. c:\windows\system32\msiexec.exe Antivirus:- Baidu Threat:- Win32.Trojan.WisdomEyes.16070401.9500.9984 5. c:\windows\system32\drivers\ahcache.sys Antivirus:- Bkav Threat:- W32.eHeur.Malware11 6. c:\windows\system32\audiosrv.dll Antivirus:- Baidu Threat:- Win32.Trojan.WisdomEyes.16070401.9500.9809 Question:- 1.What should I do when Norton not detect those threats, but Virustotal shows as worms, trojan, virus etc.? 2. Is there any way to remove threats by Norton or submit to them for more investigate? 3. Which is more powerful, Norton by Symantec or Virustotal? As per Google search I found tools also for remove those, but then what point of spending money on Norton for 3 years. Thanks,

Replies

Kudos1 Stats

Re: Norton Security Vs VirusTotal!

First of all Virutotal is not a cure all. Autruns is not a means of removing or detecting malware. Wondershare is not malware. It is legit software. You need to provide actual links. Now how many companies found these items threats? 2 or 3? If that is the case then that is a false positive. Clam Antivirus is a joke. Baidu antivirus is another joke. You most likely remove legit files. Now if Kaspersky, Eset, BitDefender, Avast, AVG or Avira found these as threats on Virustotal I could see that. More so you should be concern if you actually had 6 viruses on your machine. Which believe you me you did not. 

audiosrv.dll and ahcache.dll are not viruses or malware. audiosrv.dll is for audio files and ahcache.dll is part of Windows. 

http://www.file.net/process/ahcache.sys.html

You got some misleading info. Wondershare belongs to software on your pc. Nothing you listed is an actual threat and none are found by a real legit antivirus. 

https://www.wondershare.com/download-software/

http://www.file.net/process/hdaudbus.sys.html.

In the future you are better off Googling things and then you would find out that they are threats and actual real software belonging to your pc. I hope you have a backup of your pc cause you most likely removed things your pc needs such as auto drivers.I Googled everything you listed and everything is legit software. None are threats. What made you think you were infected? ClamWin and Baidu are a joke. They are even listed by AVTest.org or AV Compartives. 

Kudos2 Stats

Re: Norton Security Vs VirusTotal!

You are not using Virus Total for the purpose for which it is intended.  It is not an antivirus analysis tool, and results shown do not reflect the relative merits or overall effectiveness of the individual products used in a VirusTotal scan, but only indicate which files are currently being classified as potential threats by the participating vendors.  There are always disparities among all the products that participate in VirusTotal for a number of reasons including, but not limited to, the fact that not all products immediately detect new malware variants at the same time, and because not all products use the same criteria to identify what is malware and what is not. 

BAD IDEA: VirusTotal for antivirus/URL scanner testing

At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:

  • VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.

These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea.

 https://www.virustotal.com/en/about/

Kudos0

Re: Norton Security Vs VirusTotal!

https://www.av-test.org/en/antivirus/home-windows/

https://chart.av-comparatives.org/chart1.php

http://www.amtso.org/members/

Notice how these top sites do not even list Baidu or ClamWin. Now Virustotal gives you a list of about 100 different antiviruses. If 1-3 find something malicious and those 1-3 companies are not top companies then it is a false positive on their part. Now id 20 or more antiviruses find a file malicious and those are from well known companies then chances are it is something malicious. That sums it up. What SendofJive posted from Virustotal is spot on. 

Kudos0

Re: Norton Security Vs VirusTotal!

@khiremandar:

Somehow, you posted a question that has no standard answer.

Every security-related service has its own "standard" and/or several layers of malware protection to identify -> flag -> request the user's attention to take proper action(s).

1. You can get extra info (e.g., sha256, software history, comments, etc.) from VirusTotal (VT) what your Norton may miss out on, or did not present.

Even though, the report you read either from VT or Norton could be a false positive (F/P). For example, the app maker could "Report a Suspected Erroneous Detection" soon once he or she got the info re the F/P.

2. To remove threats by Norton, you first update your NS and scan your system in Safe Mode. And to submit to them for more investigate, you need the help of the above link for "Report a Suspected Erroneous Detection".

3. Reviewing different security programs/services is wasting your/our time. There ain't no such thing as "BEST antivirus/ other things". Just... make the best of the thing you know/need.

Additionally,

  • you have to use Norton Power Eraser carefully.
  • As for Wondershare-related issue, posting your issue on their forum would also help fix your issue better.

Thx.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)

This thread is closed from further comment. Please visit the forum to start a new thread.