johna you sad me you will yourself submit these failes… 

I have tsilo, seems to be delays with SSR at the moment.

 

The tracking numbers would be a help.

 

Cheers

If you could PM me the files too, that would be great.

 

Hm, "aggressive" heuristics isn't doing it for you?

 

I know this is insane, however execute the files. Norton should be able to flag the suspicious behavior. That is what happened to Combofix. It was detected as a backdoor/generic malware by the majority of AV enngies on Virustotal, excluding Symantec. When scanned by NIS09, it didn't flinch. When executed, certain behaviors and actions of Combofix were blocked by SONAR, and subsequently ComboFix failed. 

 

Hope this helps. 

 

PS, I would try it on a test computer or on a virtual machine. 

Also run a HiJackThis scan and post the logfile here, for inspectional purposes.

 

And I believe that it is http://www.matousec.com/

Is it possible that Norton fixed the files by removing the malicious code without completely deleting them?  When I tested my new 2009 NIS installation by downloading various versions of the EICAR test, that’s what happened with the ones that were zipped. The bad part within the zip was removed, but the Zip file itself remained.

---

Dch48 wrote:

Is it possible that Norton fixed the files by removing the malicious code without completely deleting them?  When I tested my new 2009 NIS installation by downloading various versions of the EICAR test, that's what happened with the ones that were zipped. The bad part within the zip was removed, but the Zip file itself remained.

---

I do not believe that is capable; Norton can either keep the archive or delete the whole thing. 

Also, try executing the malwre on a test computer and see if Norton can flag the behaviour. A unreleased beta back in May detected~41% of malware using 1 mo. old sigs.

---

Tech0utsider wrote:

---

Dch48 wrote:

Is it possible that Norton fixed the files by removing the malicious code without completely deleting them?  When I tested my new 2009 NIS installation by downloading various versions of the EICAR test, that's what happened with the ones that were zipped. The bad part within the zip was removed, but the Zip file itself remained.

---

I do not believe that is capable; Norton can either keep the archive or delete the whole thing. 

Also, try executing the malwre on a test computer and see if Norton can flag the behaviour. A unreleased beta back in May detected~41% of malware using 1 mo. old sigs.

---

I don't know if Norton can do it, but if the compressed file is neither too many layers, too large, or password protected, it certainly wouldn't be hard to do.  Windows itself treats non-password protected files as folders and allows the user to delete, copy, or move individual files.

the 2 zipped versions of Eicar were cleaned but the zip files were not deleted. When I opened them again, they were empty.  At first, they contained the test string.

 

OK these files are still undetectable....
I uploaded these viruses to rapidshare.com, it's password protected and password is: virus
Now who don't believ me can download this file.. extract it and chek them... oh yes.. I added 2 files that I submited to Symantec but are also undetectable.... 
Good luck!

 

**link removed - still available internally**

 

[edit: removed link to malicious files per the Participation Guidelines and Terms of Service.]

 

 

---

Dch48 wrote:
the 2 zipped versions of Eicar were cleaned but the zip files were not deleted. When I opened them again, they were empty.  At first, they contained the test string.

---

Wierd. I put a couple viruses inside a zip and all Norton could do was ignore or delete...

 

 

Maybe because of file format...

 

 

Hey I used Threatfire to scan those files and it flagged a autoit.** and another trojan. 

 

 

---

tsilo wrote:
johna you sad me you will yourself submit these failes.. 

---

Hi tsilo

 

I did submit these files for you, albeit with no reply.

 

I don't know what's going on with Symantec Security Response at the moment, but I can hear your frustration, and thanks for submitting the files for analysis.

 

I have marked this thread for the attention of SSR.

 

All the best.

Hi johna,

 

Do you have the submission reference numbers for these threats?

Hi Tim

 

Here is the latest tracking number:

 

Tracking #10010821‏

 

Thanks!

 

 

try this ..

 1. Download this file - combofix.exe   http://download.bleepingcomputer.com/sUBs/ComboFix.exe      and
http://siri.urz.free.fr/Fix/SmitfraudFix.exe        
and save it to desktop 

start  ….in  safe mode with network

 

 

Double click on smitfraudfix from desktop
o Click Enter on the first blue message
o Clcik on keyboard the  2 and  Enter
o Wait until you see : Do you want to clean the registry ? click on keyboard the  Y   and  Enter
o WAIT UNTIL IS FINISCH, you will see a text log message close all the windows

 

2. Double click combofix from desktop
3.  and wait accept with yes  .
4. When finished, it will produce a log for you. 
Note:
• Do not mouseclick combofix's window while it is running. That may cause it to stall.

 

 

start in  normal mode---and tell me

 

i think he is trying to ask WHY norton does not detect it…he can manually remove it…he knows where it is…he said it is in his " special folder "…so he is trying to ask WHY the virus is not in the symantec virus definition data base…and how did it find a hole in symantec wall and loop through it…the SONAR and lots of security dint block it ? kind of funny…and it detected NOTHING…

Thanks tanmx… finally one person who understood what I ask for.  Everyone who try help me, I repeat I’ AM NOT INFECTED!!! I only want that my NIS 2009 can detect viruses I have.
Oh yeas… I added 2 files…so today I  already collected 7 viruses undetected by Norton

Run Combofix. It will detect and removal any malware, and in the same process restore all your settings, hopefully restoring your DNS settings. Please report back after running Combofix.

he already said he know WHERE THE VIRUSES ARE and he can manually REMOVE IT…he only what to know what happened to norton or something…he dont need to know how to fix it…he knows himself…he just wants to ask why norton does not detect it ?

Hi tsilo

 

If you read a few posts up you will see we understand what you are asking, and at this very point are

 

investigating the matter for you.

 

Thanks

 

HI johna I know that you understand what I ask, I sad about others…