Today, internet security found some suspicious files and (appeared to automatically) submit them to community watch. (I wasn't present for this event)

But, when I came back to the computer there was a notice of  2 actions required on my part (LOW Risk) (Suspicious.S.Vundo.2).

I looked over the files, and they didn't appear to be anything new or recently changed (one of them was in a Turbo Tax installation).

I selected "ignore" for both entries but instead of selecting the button the the right of each entry, I selected the "apply all" button below.

NIS appeared to change my selection of "ignore" to "fix" and now the files are gone.  In addition, they are NOT shown in the quarantine listing.

Will these files ever come back if/when community watch "passes" them?

Will they ever show up in the quarantine list?

Will I need to re-install my Turbo Tax when it doesn't work, like I suspect that it won't?

Thanks in advance...

Well, I want to follow up on my previous post.

I found the files. They were deleted.  An un-delete program could not recover them.

I want to point out that it was Norton Internet Security that deleted them.  NOT me.

Someone needs to add this to the bug sheet.

Now, to re-install Turbo Tax.....

Thanks alot!

---

igness wrote:

Well, I want to follow up on my previous post.

 

I found the files. They were deleted.  An un-delete program could not recover them.

 

I want to point out that it was Norton Internet Security that deleted them.  NOT me.

 

Someone needs to add this to the bug sheet.

 

Now, to re-install Turbo Tax.....

 

Thanks alot!

---

Does Turbo Tax fail to work?  If so, where did you originally get it?

I've never had any warnings about TurboTax on my computer.  Why are you certain the actual files were not contaminated by some malware?

Incidentally, I can think of few things more dangerous in terms of identity theft than malware getting access to your tax problem.  It would be able to steal your social security number(s), dependents, employment information, addresses, phone number, enough information to create a solid identity in your name for someone else. Enough information to get into your bank account, too.

These vundo malware files are pretty dangerous so Norton did a good thing deleting them. No need to worry

Hi,

Thanks for the reply.

Turbo Tax appeared to be working fine prior to the "discovery" by NIS. It did NOT work after the file was deleted.

My point is that when NIS discovered the supposed malware, it even made a point of telling me that it had used some advanced hueristic that was extremely sensitive and might give a "false positive".  I was led to believe that WHATEVER option I took, that the files would NOT be deleted, but would only be placed in quarantine. And that if the alert turned out to be a false alarm, that I could restore the files from quarantine.  I even manually highlighted each file in explorer and did a manual scan on each one.  Interestingly, both came up negative.  But, even so, once I told it to "ignore" the files, it went ahead and totally deleted them anyway.  No quarantine---total deletiion instead!  Maybe they WERE infected, but since they were deleted, we will never know.  By the way, there is no record of any deletion in the NIS history--the "action required" popup from NIS and my response to it, is totally un-logged.

So my purpose in posting here, is just to vent (a bit) and let someone(?) know that something, somewhere,  isn't right.

I re-installed the turbo tax (a minor annoyance) and I'm back to what I would consider "normal".

Thanks again for your reply,

ig

Thank you for bringing this to attention here.  Some of us are looking into this to see exactly what happened and I will try and get back to you with any information as soon as possible. 

---

igness wrote:

Hi,

 

My point is that when NIS discovered the supposed malware, it even made a point of telling me that it had used some advanced hueristic that was extremely sensitive and might give a "false positive".  I was led to believe that WHATEVER option I took, that the files would NOT be deleted, but would only be placed in quarantine. And that if the alert turned out to be a false alarm, that I could restore the files from quarantine.  I even manually highlighted each file in explorer and did a manual scan on each one.  Interestingly, both came up negative.  But, even so, once I told it to "ignore" the files, it went ahead and totally deleted them anyway.  No quarantine---total deletiion instead!  Maybe they WERE infected, but since they were deleted, we will never know.  By the way, there is no record of any deletion in the NIS history--the "action required" popup from NIS and my response to it, is totally un-logged.

 

So my purpose in posting here, is just to vent (a bit) and let someone(?) know that something, somewhere,  isn't right.

 

I re-installed the turbo tax (a minor annoyance) and I'm back to what I would consider "normal".

 

Thanks again for your reply,

 

ig

---

The complaints above are legitimate.  I am wondering, however, if NIS design is directly at fault or whether the problem is due to some unintentional blip or some other component.  The thing that makes me wonder is that I use a photo-editing program produced by Nikon.  It is a superb piece of software ... except that sometimes when I save a file it just ... disappears.  The software thinks the photo still exists and displays it in the recent files, but when I try to call it up, it says "unable to find file."  When I do a search, it does not find the file.

I did finally figure out something.  When the file is being edited, the software makes a copy, renames it and produces a tmp version.  Somehow, the program occasionally thwarts itself and does not rename the edited tmp to the old name after deleting the no longer wanted original.  Poof, to all appearances the photo is lost forever.  I still don't know if the problem is with the Nikon software or with some Windows interference.

Your disappearing file sounds very similar.  What makes me say that is the lack of records in NIS.  Up to where you said NIS made a unilateral decision to remove the file, I was going "okay, yes, I can see that."  But one thing NIS tries to do is make a record of all such decisions.  If it doesn't even mention the file it wiped out in its history, that says to me that it didn't mean to erase that file.

If this is true, then the behavior is not as designed and we need to find out what it going on.  This is another place we need to get an actual Symantec technician's input.

In the meantime, have you disabled Norton?  If not, has it reidentified the same files as potential malware?  Have you changed the sensitivity level of the heuristic detections so as to accomodate these files?

---

dbrisendine wrote:
Thank you for bringing this to attention here.  Some of us are looking into this to see exactly what happened and I will try and get back to you with any information as soon as possible. 

---

Thanks dbrisendine.  I DO want to say that the new NIS is heads and shoulders above the old NAV stuff.  It's obvious that a lot of really good and hard work has been put into it.  That's why I even bothered to complain/report this behavior. If you do find the time to report back any findings, that would be great.

And BTW, mijcar,  no I have not disabled NIS. But I'm (obviously) keeping an eye on it.....as I do with everything related to this computer....  Also, it has NOT re-identified the files...for what that's worth....

Again, Thanks to everyone  who has commented.

Regards,

ig