How do I go about reporting an high priority fake virus software

Before I post I must admit this forum is Crap does not work with Chrome (I had to use IE in the end to post this after short time trying to mess with the VT post)  as it was saying there was HTML errors when I when to preview or try to post, so the dev who made the forums must be doing something Wrong, IE does not rule the world

 

How do I go about reporting an high priority fake virus software, as its been 2 weeks now and Norton is still not detecting this fake security tools (changes the desktop to blue with redlines and pops up with securest tools) the Fake virus warning software it self is 1 exe (350kb norm) and (1kb) 1 dat file,

 
stupid thing is below it says Norton is detecting it but I guess that's Only for business Client versions (i post more VT links later on as this is just this system)

http://www.virustotal.com/file-scan/report.html?id=8726d37238b380c15b620b839a02d2d13b22dd09c790b9843b1a7a404dbdbe74-1298982522#

 

it seems to be happening on Any web site so it mite be Google ads as I have seen that happen before (the bad web site will only work if the web last site was Google referral search that was clicked on) that are the problem but they are using an IE expote to drop it onto the system (why I am telling every one to use Chrome with Flashblock or opera with Load plugins on demand ticked stops flash unless you click on them) this is XP to win7 fully patched systems and it runs with local permissions but can end task any processes that is opened but does nothing to the system it self apart from reporting fake virus warning and wants X amount of money to fix it (only auto start via reg is changed so it opens on start up)

 

as its looking bad on me as norton Not protecting for something thats not that hard to remove or detect

Hi,

Welcome to Norton Community

 

norton is Detecteing it Have you tried to update the antivirus?

 

 

Please change the settings to agressive and run a full system scan.

 

Please run a scan in safe mode 

 

 

Which product do you use 

 

you can find by clicking support > about its present in the Top right corner!

 

 

 

since the threat is being detected i really doubt any use resubmitting it but if you do want then you can use this link

 

https://submit.symantec.com/websubmit/retail.cgi

 

 

 

 

 

The forum works fine with Chrome I use only chrome browser and it works fine!

 

 

You said you are infected so it might be the problem in this case/it might be preventing you from viewing a security realted site!

 

 

 

 

 

If you want you may as well try malware bytes 

 

You can download it from here http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

 

 

 

 

Don`t Remove the threats instead just put up a log file here you can remove if you so choose but it may make things even more bad!!

 

 

By the looks of it I think you `re definitions may be corrupted or out of date so please update and run a full system scan!

 

:smileywink:

Hi leexgx,

 

What is the name of the rogue antivirus?

I am an computer tech who does home repair, this is not an issue with Norton been up to date its more an issue it not havening the detection for Very new virus as it was out for more then an week or so before Norton started deleting it, is sending the files to Virus total (does Norton get an copy of that file when I send it to them) or Submit option once I have Quarantine (you have to press Options then press submit to Norton) I norm do both

 

the one below seems to end up on users PC's just by Viewing an website be it good or bad (read my first post)

 

http://www.virustotal.com/file-scan/report.html?id=8726d37238b380c15b620b839a02d2d13b22dd09c790b9843b1a7a404dbdbe74-1298982522

 

is now been detected now, malwarebytes would be useless in this case as its only 1 file that just stops every thing from running  so you would of not been able to run an scan (go to safe mode delete the random named folder in all users / Apps data or what ever vista and win7 call threes, you need to show hidden files under vista and 7)

 

there is one other Rootkit that Norton is Not detecting and its 2-3 years old and that's TDS serv rootkit (no files in windows just the rootkit on the bootloader redirects Google search to ad sites once per search ), why does Norton Not detect that such old rootkit

 

the Virus name is norm Security tools or something like that it norm changes the background to blue with stripes though it (its an 1-5 min job to remove and does not require an malwarebytes scan or combofix as all it does is add it self to system start up at desktop load)

 

Norton should protect it self bit better from other apps that try and kill the Norton process (it should in turn block the command and then kill the process that was trying to kill Norton and Norton should tell you, it should not be that hard to code for that maybe add it to Norton 2012 as an feature even thought most likely can just be patched onto any 2009-2011 product)

Hi does running TDS removal tool Help?

(Detection of rootkit)

 

I don`t think submitting the file to virus total gets the copy to norton but From quarantine Yes

 

 

TDS serv should beeen detected by norton  easy to detect and remove (it inserts redirects into google search results that are clicked on an search result)

 

below that have not been detected by norton (submitted as well)

 

below files set all files to System and hidden (every file and folder on the system)

 

http://www.virustotal.com/file-scan/report.html?id=b4af1a1e6aeae9fbe5a76ea810b767a0ddff9acee2665ad529e44bee2052718b-1303147349

 

 

http://www.virustotal.com/file-scan/report.html?id=0f7edf861b98734e928c60b8e33ac35b4dcd036b01e068d3e6835d7a94dd9e6e-1303146705

 


SendOfJive wrote:

Hi leexgx,

 

What is the name of the rogue antivirus?


 

SOJ

 

Looks like we are talking about the FakeAV "Windows Restore" by what was noted on the Virustotal links about the likes of hidden files.

And a TDL variant in behind which I warned on the Outpost forum just recently with Fake HDD Defrags.

 

It won't be a 2 year old TDL, due to the fact TDL keeps altering and repacking to evade detection.

 

Quads

Per VirusTotal. Looks pretty nasty to me.
 
VT Community

 

1
User:
leegx
Reputation:
6 credits
Comment date:
2011-04-18 17:15:37 (UTC)

 

fake virus software [*lb*](files are in all users apps data but you need to goto safe mode and do the below)[*lb*]you need to goto safe mode and do goto command prompt and cd to the root dir (c:)and do attrib -h -s -r +a /s /d[*lb*]as this fake av software sets every file on the system to hidden

 

You can also reset file attributes from the Recovery Console if you can't boot into safe mode. Instructions here for XP SP3 per MS: http://support.microsoft.com/kb/307654