Hello JohnOzuk
Please submit again to Norton for false positive. They reply within 24 hours with a file number. If you get the file number from Norton, please post it in here. Also, if you have already emailed it to Norton, please check your Spam Detector. Often emails like this end up in Spam Detectors. If you get a file number from Symantec/Norton, then I can check it out with Norton.
To report a false positive, please use this link
https://submit.symantec.com/false_positive/
Thanks.
Still not a peep out of Norton. Am I being too anxious? I am not 100 percent sure it was sent.
Hope submitted, web page never came back with a success message
@JohnOzuk: What are the most recent changes you made to your PC? E.G., downloading/installing some software (Free YouTube Downloader, e.g.)?
Try un-quarantining that dll file; share us with an img of the Properties tab. Please do no miss the Digital Signatures part if it is available there.
PS: Heur.AdvML.x: Heuristic Adware v(?) Malware (Down)Loader?
VirusTotal > File not found > The file you are looking for is not in our database.
send to Norton option in quarantine will not reply to you.
How to report false positives ...will reply to you.
Do you have Norton Heuristic Protection at Automatic. If you turn Heuristic Protection Off and can reproduce event. Norton may report e.g., WS.Reputation.1
Thanks again, did find a send to Norton option in quarantine, which I did. This is only hash I could find. Hope Norton replies at some point.
Filename: razoapi8.dll
Threat name: Heur.AdvML.BFull Path: c:\users\john ozuk\appdata\local\temp\razoapi8.dll
____________________________
____________________________
On computers as of
2/21/2016 at 10:06:07
Last Used
7/3/2016 at 08:51:50
Startup Item
No
Launched
No
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________
razoapi8.dll Threat name: Heur.AdvML.B
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
New
This file was released 9 days ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
csc.exe
File Created:
razoapi8.dll
____________________________
File Actions
Infected file: c:\users\john ozuk\appdata\local\temp\ razoapi8.dll Removed
____________________________
File Thumbprint - SHA:
2080408b68634716424417f946b32fff3563be654b1c1d2fd0dfdefc6d6c5372
File Thumbprint - MD5:
Not available
Quarantine > More Options > Copy to Clipboard may offer Secure Hash Algorithm.
step thru form and see options e.g., https://submit.symantec.com/false_positive/standard/
Heuristic detection as you know is an artificial intelligence guess.
Thanks
So I will need to un-quarantine to send to them?
For second opinion choose File and / or Search hash at VirusTotal and/or submit to Symantec for review analysis > see > How to report false positives