Norton has begun detecting, blocking, and supposedly removing ISB.Downloader!gen252 about every four minutes, so obviously the 'removal' is not working. Neither have a full Norton scan, a Norton Power Erase (with rootkit) scan, or pre-start scans by Malwarebytes and Windows Defender.
This seems to be malware that keeps trying to use Powershell to do something that Norton detects, but no scanner is detecting the actual bad actor. I would appreciate advice on getting rid of it.
My system is Windows 10, with a reinstalled Chrome browser.
Norton's messages: Auto-protect is processing security risk ISB.Downloader!gen252
We removed security risk ISB.Downloader!gen252. No further action is required.
We blocked a suspicious action from one or more programs. No further action is required.
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
File Actions File: PowerShell_C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe_10.0.19041.1 No fix attempted
This could possibly happen due to hijacked DNS or corrupt DNS or Winsock
Have you done Flush DNS and Reset Winsock?
Have you tried checking for bad DNS entries?
In any case, this might be a serious issue, I would contact support and see if you can use their Virus Protection Promise policy.
So far you've assumed that your ISB.Downloader!genxxx detections are related to your recent online purchase, but you might have just as easily visited an infected website that triggered a drive-by download from the insecure (http) site http:// airlinesphonenumbers. com/. The Norton article What are Drive-by Downloads + Drive-by Attack Prevention Tips suggests that users install an ad blocker to their browser to help prevent these types of drive-by downloads. Do you have any browser extensions like uBlock Origin or Malwarebytes Browser Guard installed in your MS Edge browser? I have both these content blockers installed in my default Firefox browser as well as my MS Edge browser.
Hello... I've been following this thread for several days as I am experiencing the same recurring issue .... T9 and Malwarebytes haven't solved this ISB.Downloader!gen252 issue that seems to be hiding in PowerShell from November 14, 2023. Any more recent thinking absent reinstalling PowerShell or other reset options?
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.
Malwarebytes offers free second opinion on-demand scanner.
Malwarebytes Malware Removal Help offers free one-on-one help.
Malwarebytes staff & experts help all. Malwarebytes subscription is not required.
Watching this thread carry along with all the annotations. Its been posted that this is LOL ( Living off the land ) malware infected system .dll infliction which will continue to reappear every time the machine is restarted or from a cold boot. My suggestion is, backup your files onto a separate drive. Format the C:\ drive on the affected machine and install a CLEAN Windows install using the appropriate .iso images provided by Microsoft.
Conversely, I would also review the safety of the browser(s) being used, referring to "protection" not "features", review where I download files and surf as well. More likely than not, this infection happened without any user knowledge.
Malwarebytes Malware Removal Help offers free one-on-one help.
Malwarebytes staff & experts help all. Malwarebytes subscription is not needed.
Were my machine: I'd ask for help.
Malwarebytes Malware Removal Help https://forums.malwarebytes.com/forum/108-malware-removal-help/
Good evening and thanks for commenting... T9 is another "virus fixer" recommended by a couple of sites, but it seems that today, it was identified by Norton as causing a problem... SONAR.UserProc!g3 is now also showing up with the "location" still being PowerShell, so I suppose I need to figure out how to delete and reinstall PowerShell as it seems rather necessary... I did run Norton Power Eraser which made a few tweaks, but no joy with respect to the captioned virus (now + the SONAR one)...
Malwarebytes Malware Removal Help offers free one-on-one help.
Malwarebytes staff & experts help all. Malwarebytes subscription is not needed.
Were my machine: I'd ask for help.
Malwarebytes Malware Removal Help https://forums.malwarebytes.com/forum/108-malware-removal-help/
I have exactly the same issue. That would be great if a fix could be provided by Norton instead of formatting the computer from scratch and reinstall all apps... For what I've read on other forum about this issue, this is a very sensitive and dangerous virus that should not be underestimated. These guys telling to format hard disk as soon as possible :(
I have run each of Malwarebytes and T9 (along with a full Norton scan), resulting in either: No viruses found or a mention of ISB.Downloader!gen.252 with "no action taken"....
on-demand scans are weak protection
Malwarebytes Malware Removal Help will gather & analyze logs and run custom scripts & tools.
What's T9?
Htownpadre:
I am seeing the same messages and screens from above, multiple times. When I ask for "location", the response is the PowerShell application, November 14, 2023.
fwiw ~ my W10 Home 22H2 machine
Filename: powershell.exe
Full Path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Developers
Microsoft Corporation
Version
10.0.19041.3636
Identified
11/18/2023
Many Users
Millions of users in the Norton Community have used this file.
Mature
This file was released 2 months ago.
Trusted
Norton has given this file a trusted rating.
I am seeing the same messages and screens from above, multiple times. When I ask for "location", the response is the PowerShell application, November 14, 2023. I have run each of Malwarebytes and T9 (along with a full Norton scan), resulting in either: No viruses found or a mention of ISB.Downloader!gen.252 with "no action taken"....
