Ancestry

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

Hi Rog,

We were able to reproduce this problem with NIS 2008. We have fixed this problem in NIS 2008.5. In order to get that release of NIS, please visit www.symantec.com/newnis and upgrade to NIS 2008.5. Once you have upgraded, please run LiveUpdate. 

 

Please let us know if that fixes your problem. 

 

Or instead of upgrading to 2008.5, why not go straight to the 2009 version by using the Norton Update Center? It’s free if your subscription is current.

1 Like

Hi,

 

I have upgraded and the problems I had after visiting Ancestry are now resolved. Thank you for your help.

 

Hi

 

Yes, I would the site to be safe, and I have been using it for years.

 

Using it is always based on following links within its own web pages, never directly.

 

NIS reports that it is reporting it for review, but there are no responses that i can see.

 

My system is Win 7 Ultimate 64 bit, i5-2500 CpU and 8 GB RAM, running IE 9 32 bit, and fully up to date from M/S.

 

Another issue is that IE will sometimes get a timeout or crash on a web page, not just Ancestry, and have to reload it.

 

The system was rebuilt late last year after a CPU/motherboard failed, at which point it got a new motherboard, CPU and memory.

 

My concern is whether there is a problem with the system or a virus.

 

Regards

 

Chris

I use the ancestry website a lot. Just visited the webpage you quote with no problem.

 

 Mind you....I am still using NIS2011

 

(System is 32 bit XP SP3 Using Firefox)

Hi hillcf:

 

Have you recently run a Full System Scan with NIS 2012? Is it clean?

You can also download MBAM Free version only (on demand) and run a Full Scan.

Think of it as another opinion- you can download it here.

 

Try the above scans first and report back with your findings.

We can go from there. :smileyhappy:

 

Many thanks,

 

Atomic_Blast :)

 

Yes, I have run a Full Scan - AND I WISH THAT I HAD NOT.

 

NIS 2012 seems to be very OVER-SENSITIVE and has removed 195 files - BUT NOT PROBLEM FILES.

 

It has decided that it was seeing WS.Trojan.H and Suspicious.Cloud.2 and 7.L everywhere - in install files for valid software, in files that were 6+ years old, files that NIS2006 - NIS2011 thought were good. All of the files were buried within .ZIP extensions or Zipped executables.

 

There is also a list of 55 files that it claims need to be dealt with; generally ZIP or installs and some quite old.

 

My guess is that it has not found any problems, and the Ancestry problem is because it is over-sensitive.

 

But now I have to recover the quaratined files and then I will run MBAM through the system.

 

Attached are two files - full scan result.txt is the report from the scan; Full Scan Results.txt is my analysis, sorted by target and is actually an Excel .csv format file.

 

This issue needs to be dealt within Symantec. certainly, the problem never occurred with NIS2011.

 

What I need is for NIS to provide valid results and not guesses, and if so not to quarantine them until told if they are guesses.

 

Regards

 

Chris

The next question is how the way do I unquarantine 195 files, especially when the unquarantine routine does not seem to know where the file originally came from!!!!!!

 

Yes, I can skip some of them, but some of them relate to valid installs and updates for live systems.

 

Chris

I am getting a lot of problems accessing www.ancestry.co.uk :-

>>>

Suspicious Web Page Blocked

You attempted to access:

http://search.ancestry.co.uk/Browse/view.aspx?dbid=1219&path=B.Bu.Bus.26039&sid=&gskw=Charles+George+Buskin

For your protection, this web page has been blocked and submitted for review. Visit Symantec to learn more about phishing and internet security.

It is recommended that you do NOT visit this page, however if you know that this web page is safe, you may choose to visit this web page anyway.
<<<

 

This often occurs when viewing census images, but also occurs on normal web pages. Ancestry is the only site that it occurs on, and it has started doing it over the last few days.

 

I have checked this with Ancestry and they are saying that you are raising a false positive, and that I should add Ancestry to the list of safe sites.

 

But i cannot see in NIS2012 how to do it.

 

Regards

 

Chris

Well, this makes it more interesting.

 

I just tried to unquarantine the last file it had quarantined:

 

Suspicious.Cloud.2  Type: Compressed  Risk: High (High Stealth, High Removal, High Performance, High Privacy)   Categories: Heuristic Virus  Status: Fully Resolved  -----------  1 File [currency converter ppc2003.exe] inside of [d:\users\chris\documents\chris\ipaq\updates\currency_v2.1.zip] - Deleted

WS.Trojan.H  Type: Compressed  Risk: High (High Stealth, High Removal, High Performance, High Privacy)   Categories: Heuristic Virus  Status: Fully Resolved  -----------  1 File [currency converter ppc2003.exe] inside of [d:\users\chris\documents\chris\ipaq\updates\currency_v2.1.zip] - Deleted

 

Yes, it got installed - BUT not back into the ZIP file, it just appeared back into C:\Users\Chris, since I did not tell it where to put it.

 

BUT, even more. The Zip file had three programs in it, ALL OF WHICH were quarantined - ppc2000, ppc2002 and ppc2003. HOWEVER, in the same folder there is a unzipped folder extracted from the Zip file, containing the same three files - AND WHICH NIS 2012 DID NOT QUARANTINE !!!!!

 

So, the files are safe, unless they are in a Zip file ????? And these files are install decks for software for an Ipaq (not iPaq) dating from 2004.

 

Come on Norton, you have a set of software cannot correctly process Zipped files - That is not an option. Look at what you are quarantining, or complaining about. I am seeing install decks for standard software, like the HTC drivers for my mobile, Google Earth updates, Adobe updates, Embarcadero install decks for RAD 2007 and XE etc..

 

AND, I still need to be able to recover the 194 files back into their original Zip files.

 

HOW DO I DO THAT ???

 

Chris 

Hello hillcf:

 

I understand your frustration. :smileysurprised:

 

Tell me, have you ever had (or still have) any other AV software on the computer in question?

Did you customize any settings in 2012 or are they at the defaults?

 

Atomic_Blast :)

Hi

 

The system was originally Vista 32bit and had been running NIS since I got it 4 years ago. Last summer, I replaced that with Win 7 Ultimate 64bit, which has only had NIS 2011 and 2012 on it. I don't think that I have even run MBAM on it.

 

The Vista was my gaming machine, and all of my personal and business data was on a XP system, which was dying, and had been running NIS for several years. That will have had MBAM run on it at some point, even if only to scan a disk from another PC.

 

In the summer, I transferred all of my data across onto the Win 7 and reinstalled all of the software that I needed, including upgrading Office from 2003 to 2010. I has just completed that when the motherboard blew, and the disk with the data and most non-Windows software had a problem with the SATA case and had to be replaced. I got the data copied, but the company I used would not copy the installed software. So I had to reinstall the software again, which I finished about a month ago. At that point, I was running NIS 2011 and must have had a full scan of it at some time since the summer.

 

I moved over to NIS 2012 at the start of January, and it is running on its normal settings.

 

I am a heavy user of Ancestry and had started getting problems last week, as I started using it more this year. Ancestry support suggesting flagging their web site as 'safe' within NIS, but I have not found out where to do it. I think I could have done it NIS 2011, but the setting are different in NIS 2012. 

 

I really do not think that I have a virus problem, unless it is very well hidden and is not causing any other issues or indications. I can identify three, and now four, 'issues' on the system :

 

1. Norton is giving warnings on.Ancestry web pages

2. IE occasionally 'hangs' on web pages - I think only on Ancestry - and has to reload the page.

3. Norton has 'found' viruses in files within Zipped files, even when they were not found on earlier versions of NIS and even when the same files extracted from the Zipped file are not selected.

4. Windows sometimes 'freezes'. The mouse work for a short period, but you cannot switch applications, run programs etc. Eventually I just have to power off and back on. This has been a problem since the new motherboard.

 

My guess is that items 1, 2 and 3 are all down to problems with NIS 2012 dealing with Zipped files or formats, as they never occured with NIS 2011 or earlier. They may also be related to the system being 64bit.

 

I will run MBAM this evening, again in safe mode as I ran the Norton Full Scan.

 

I have just retired as an IT Manager and developer, and was not expecting problems like this.

 

Regards

 

Chris 

Hi hillcf:

 

Did I suggest running the Scans in Safe Mode? :smileysad:

 

Please run the NIS and MBAM scans from a full boot, not in Safe Mode.

 

There is a known bug in Safe Mode Scan under NIS 2012 with Compressed Files.

Please read this thread for more information.

 

Since they are probably being detected as False Positives (FP's) I would suggest also reading this thread as well in order to restore these files from Quarantine. Once done, you should be able to re-run the NIS scan much more reliably.

 

Symantec is working on a patch (NIS update) to fix this problem and others in NIS 2012.

 

Please post back with your results. :smileyhappy:

 

Thanks,

 

Atomic_Blast :)

Hi

 

I ran it in Safe mode because the PC had locked up when I left in normal mode. Anyway, I retreived the quarantined items, mostly from my archive backups and a couple from the quarantine list.

 

I then ran MBAM - with no problems

 

Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org

Database version: v2012.01.24.04

Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: FREYR [administrator]

24/01/2012 19:39:12 mbam-log-2012-01-24 (19-39-12).txt

Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 540952 Time elapsed: 55 minute(s), 59 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 0 (No malicious items detected)

(end)

 

I then Norton Full Scan, and kept checking that it was running. The PC did lock at the end, and Norton quarantine a few files:

 

Category: Quarantine Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename 2012-01-24 21:56:11,High,Suspicious.Cloud.7.L detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\updates\stickies\pnotes_7_0_107\pnskinsmegapack.zip 2012-01-24 21:56:10,High,Suspicious.Cloud.7.L detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\updates\stickies\pnotes_7_0_107\pnotes.zip 2012-01-24 21:56:08,High,Suspicious.Cloud.7.L detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\updates\stickies\pnotes_7_0_107\pnotes\pnskinsmegapack.zip 2012-01-24 21:53:15,High,Suspicious.Cloud.2 detected by Virus scanner,Quarantined,Resolved - No Action Required,"d:\updates\borland\rad xe\partner\delphi\magenta_systems_ltd\magenta_systems_check_disk_and_format_disk_component\magdskfmt12.zip" 2012-01-24 21:52:52,High,WS.Malware.2 detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\updates\borland\rad xe\partner\delphi\helmuth_j_h_adolph\prodelphi_25_0_profiler_for_delphi\prodelxe.zip 2012-01-24 20:42:19,High,felix2.exe (WS.Trojan.H) detected by Auto-Protect,Quarantined,Resolved - No Action Required,d:\updates\felix2.exe

 

Checking that list, the PNotes file 'pen 1.skn'  and the Magenta 'diskfmt.exe' had picked up before. The Helmuth file 'profnavi14.dll' and the 'felix2.exe' had not been picked before.  Personally, I suspect that the files are not viruses, given that are official install files, but I can ignore that.

 

I ran the scan again this morning which came up clean, apart from some cookie files.

 

OK, so the system is good, which puts me back to the original question - Why does Norton give me errors on accessing Ancestry.co.uk and how do i tell Norton that the site is 'safe'.

 

Regards

 

Chris

Hi hillcf:

 

Good. Now we are back to the starting point. :smileylol:

 

May I suggest flushing all your cookies from IE 9 (you will need to temporarily uncheck Preserve Favorites website data.) then restart IE 9 and try the Ancestry.co.uk website again. If that does not work, I would reset IE 9 back to it's default state and retry the website one more time.

 

Another thought is installing another browser such as Firefox or Chrome just to test the URL.

Something on your system is not working right anyway, hence the lockups.

 

We can go from there, OK? :smileyhappy:

 

Regards,

 

Atomic_Blast :)

Hi

 

Do we think that the problem is with cookies? I can always get into Ancestry with no problems. The problem is with Norton blocking access to some pages, and these are generally images such as census pages which are normally Adobe Flash images. My copy of Adobe is up to date - 11.1.102.55.

 

I have just loaded a census page and then worked forward through the census. After about 10 pages I get a failure:

>>>

symres:C:\Program Files (x86)\Norton Internet Security\MUI\19.2.0.10\09\01\coUICtlr.loc/SUSPICIOUSREDIRECT.HTML

 

Suspicious Web Page Blocked

You attempted to access:

http:// search . ancestry . co.uk/ Browse/ view.aspx?dbid=8860&path=Gloucestershire. Bristol+St+Philip+and+St+Jacob.St+Philip+and+Jacob.1q. 22&sid= &gskw= Mary+Ann+Rogers

For your protection, this web page has been blocked and submitted for review. Visit Symantec to learn more about phishing and internet security.
It is recommended that you do NOT visit this page, however if you know that this web page is safe, you may choose to visit this web page anyway.

Exit this site

<<<

 

Visiting the site gives me the 'static' web page, but with the display as solid black. Norton is not reporting anything in the full history. The normal HTML parts seem to be working. When I clicked on the Custom drop down I got any error that IE has stopped working. In that case IE then closed the page, but at other times it manages to reload it. I have then reconnected backto Ancestry, gone back to the census page I had started with and then jumped to the one that had failed.It did load, but seem to take longer.

 

The next page again come up black, with very little network activity. No effect to a request to pit the image and a reload recovers the basic page, but still no image. The next page loaded normally, and a step back still fails, so that page may be a problem so I have reported it to Ancestry.

 

Rather than removing the cookies, I will try out Chrome tomorrow.

 

Is there any information on why Norton would regard the pages as 'phishing' ??

 

Regards

 

Chris

 

[Edit: Removed hyperlink to a potentially malicious webpage to conform with the Participation Guidelines and Terms of Service]

 

Hi hillcf:

 

You might also wish to consider cleanly uninstalling and reinstalling Java and Flash Player with the latest revisions. It can't hurt.

I feel that something else is in play here but I'm not sitting in front of our computer, so it's hard to pass judgment.

 

The Antiphishing component analyzes the security level of the Web sites that you visit. I don't know exactly why it is detecting this state. Could be that some element on the website is initiating it but everything ties in with your browser, java and flash, I think.

 

Please try all the steps which I had mentioned and let's see what happens. You can always backup your cookies to a folder.

 

Let us know how you do.

 

Best,

 

Atomic_Blast :)

Hi

 

I have started testing it with Chrome - so far no problems. I picked the same census that I was reading yesterday and went through some 20 pages with no errors. I then loaded IE and ran the same test. It failed after 11? pages - it got the one that had failed yesterday and then errored on the next page, which had been showing up without the image yesterday. So it looks like a problem with Norton and IE?

 

Regards

 

Chris

Hi hillcf:

 

Good! Now...

 

From Message #13 -

 

"May I suggest flushing all your cookies from IE 9 (you will need to temporarily uncheck Preserve Favorites website data.) then restart IE 9 and try the Ancestry.co.uk website again. If that does not work, I would reset IE 9 back to it's default state and retry the website one more time."

 

This is what I would suggest as the next step. :smileyhappy:

 

Thanks,

 

Atomic_Blast :)