I’m trying to remove this malware and Norton won’t remove it, I’ve tried several times.

image992×541 57.3 KB

I was informed that it was not possible to resolve some threats.

Am I infected?

Näo foi possivel resolver algumas ameaqas
Ameagas näo resolvidas podem comprometer a seguranga do seu computador
It was not possible to resolve some threats.
Unresolved threats may compromise the security of your computer.

Win64:MalwareX-gen [Mi…
care to share full name?

Arquivo infectado
Infected file
care to share file type?

ameaqa resolvida
Threat resolved

Nåo hå mais nada para resolver
There’s nothing left to resolve.

==========================================================

fwiw ~ my boiler plate reply

Related? Do you by chance use Torrents or Steam? Was the file a PDF? Being located on the desktop suggests a file downloaded to that space.

https://forums.malwarebytes.com/topic/263138-possible-2-malware-files-avg-detected-win64and-32malware-gen-false/

SA

It was a compressed file, so I scanned it with Norton and it couldn’t delete it. I got scared and removed it manually, which is why I asked if I was sure I was safe since Norton couldn’t delete it.

It was a compressed file, Norton couldn’t delete it, so I did it manually since Norton couldn’t.

@SoulAsylum It was a compressed file, Norton couldn’t delete it, so I did it manually since Norton couldn’t.

Hello @New_Style_xd

=========================================

Norton 360 can scan the contents of compressed files during on-demand (manual) scans. This feature is typically enabled by default, but you can also explicitly configure the settings for scanning compressed files in the advanced options.

Key Points

• On-Demand Scans: When you manually run a Full Scan or a Custom Scan on a specific file, folder, or drive, Norton 360 will extract and scan the individual files contained within compressed archives (like .zip files) to detect hidden malware.
• Auto-Protect: Norton’s real-time protection (Auto-Protect) generally does not scan inside compressed files on Windows computers due to the processing overhead. Instead, it scans the files immediately when they are extracted or opened.
• Configuration Options: Users can often adjust the settings, such as:
  • Enabling/Disabling the scanning of compressed files for manual scans.
  • Setting a data extraction limit to prevent scans from getting stuck on extremely large archive files (e.g., extracting a maximum of 2 GB of data).
  • Specifying the maximum nesting depth for scanning nested compressed files.
• Right-Click Scan: You can initiate an on-demand scan of a specific compressed file by right-clicking it in Windows Explorer or macOS Finder and selecting the “Scan with Norton 360” option.

By using an on-demand scan, you can ensure that even files packed within archives are thoroughly checked for potential security risks before you decide to extract or run them.

image710×585 33.4 KB

========================================

While scanning compressed files with Norton 360 is a safe practice recommended for thorough security, there are a few minor risks and performance impacts to be aware of.

Performance Impacts

The primary effect of scanning compressed files is on system performance and scan time.

• Increased Scan Time: Scanning compressed files requires Norton to temporarily decompress the contents of the archive to inspect individual files. This takes extra time compared to scanning uncompressed files.
• Higher System Resource Usage: The decompression process, especially for large archives or those with many nested files, consumes more CPU and memory resources. This can temporarily slow down your computer during a full or custom scan.

Potential Security and Operational Issues

The security risks are generally low, as the process happens within the antivirus software’s controlled environment, but some theoretical issues exist:

• Zip Bombs (Decompression Bombs): This is a specific type of malicious archive designed to exploit the decompression process. A zip bomb might be only a few kilobytes in size but expands exponentially into petabytes of data when decompressed, aiming to overwhelm your system’s resources and cause a crash or denial of service (DoS). Norton 360 includes protection against these and is designed to detect and block them before they can cause damage.
• False Positives: Sometimes, heuristic analysis (which looks for suspicious characteristics rather than known signatures) might flag a legitimate compressed file as suspicious, especially if the compression method or file characteristics resemble those used by malware authors. You can generally manage these false positives within the Norton settings.
• Password-Protected Archives: Antivirus software cannot scan inside password-protected or encrypted archives without the password. If a malicious file is hidden in an encrypted zip file, it will go undetected during the scan. The malware would only be caught by Norton’s real-time protection (Auto-Protect) if you later extract and attempt to open the malicious content.
• Theoretical Zero-Day Exploits: In a very rare scenario, a sophisticated, targeted attack might use a zero-day exploit in the specific decompression software used by the antivirus program to run malicious code during the scan itself. This is highly unlikely for average users, as these vulnerabilities are valuable and quickly patched once known.

In summary, scanning compressed files is a crucial step in maintaining thorough security, and modern antivirus programs like Norton 360 are designed with safeguards to handle the associated risks effectively. The main trade-off is a temporary increase in system resource usage during the scan.

=============================

What is a zip bomb and how does it work? here

===============================

If Norton 360 detects a malicious archive but cannot remove it automatically (often because the file is in use or the archive is password-protected), you need to take additional steps to force its removal or get help.

Here are the recommended actions:
Let Norton Move it to Quarantine
By default, Norton attempts to move malicious items to Quarantine, isolating them from the rest of your system so they can’t cause harm. Check the security history to confirm the item’s status:

• Open Norton 360 and go to the Security History or Quarantine section.
• The item should be listed there. Once quarantined, the threat is neutralized, and you can generally leave it there or choose to “Remove from History” to delete the record. Norton may automatically purge items from quarantine after a certain time.

Manual Removal in Safe Mode
If the file cannot be moved to quarantine or keeps reappearing, it might be actively running in the background. Booting into Safe Mode loads only essential Windows/macOS services, which typically prevents malware from running and makes manual deletion possible.

• Restart your computer in Safe Mode (with networking, if you need internet access).
• Once in Safe Mode, navigate to the location of the malicious archive file using File Explorer (Windows) or Finder (Mac).
• Manually delete the file (and the entire folder it’s in, if necessary).
• Restart your computer normally and run a full Norton scan to confirm the threat is gone.

Contact Norton Support
If all self-help options fail, the best course of action is to contact Norton’s customer support directly.

• They have experts who can provide advanced, step-by-step guidance, sometimes even remotely accessing your computer (with your permission) to remove the stubborn file.
• Visit the Norton Support website to find contact options like live chat or phone support.

AI Mode may make mistakes

I ran a local scan on the file.
With Norton.

When Norton 360 displays a message that it was not possible to resolve some threats, it means some malicious files remain active or inaccessible and require manual intervention.

Here is a breakdown of the steps you should take to neutralize and remove these persistent threats:
Review the Security History
First, identify the exact location and name of the unresolved threat within the Norton application.

• Open Norton 360.
• Click Security, then click History.
• In the Security History window, use the “Show” drop-down list to select Unresolved Security Risks.
• Select the specific risk to view details about its location, file name, and the recommended action. This information is crucial for manual removal.

Manually Remove the Threat in Safe Mode
If the threat is still unresolved, it might be running in the background and preventing removal. Booting into Safe Mode can disable the malware’s ability to run.

• Restart your computer in Safe Mode (with networking, if possible). The exact steps vary by operating system, but generally involve going to the Start menu > Power, then holding the Shift key while clicking Restart.
• Once in Safe Mode, use the location information from the Security History (Step 1) to navigate directly to the malicious file using File Explorer/Finder.
• Manually delete the file and empty your Recycle Bin/Trash.
• Restart your computer normally and run a full Norton scan.

Contact Norton Support for Expert Assistance
If you have tried all the above steps and the threats remain, contact Norton’s technical support.

• Norton provides expert assistance via live chat or phone support on their official support website.
• They can provide advanced instructions or, with your permission, remotely access your system to eliminate the infection.

Important Note: If the unresolved threats are located on an external drive, Norton 360 might detect but not automatically remove them while they are on that drive. You might need to locate the file details and delete them manually when the drive is connected.

AI Mode may make mistakes

It appears Norton 360 initially struggled to contain a threat but subsequently resolved the issue. The combined message indicates a temporary failure followed by a successful mitigation.

Here’s a breakdown of what likely happened and confirmation of your current status:

Interpretation of the Messages

• “It was not possible to resolve some threats.”
  • This initial message indicated that Norton detected malware but couldn’t immediately delete or move it to quarantine (perhaps because the file was actively running in memory, locked by the operating system, or within an inaccessible archive).
• “Threat resolved. There’s nothing left to resolve.”
  • This subsequent message confirms that the issue was successfully handled. Norton either managed to terminate the malicious process, moved the file to quarantine during a subsequent attempt.

Your Current Security Status: Clear
Your system appears to be clean and the specific security risks have been neutralized. The “Threat resolved” message is your confirmation that the danger is gone.

Recommended Final Action Steps
While the threat is reported as resolved, it is always best practice to take these final precautionary measures:

Run a Final Confirmation Scan: Open Norton 360 and run one last Full System Scan. This step verifies that the resolution is comprehensive and no related malware files were left behind.
Verify Quarantine/History: Check your Security History or Quarantine area within Norton 360. You should see entries for the threats marked as “Resolved” or “Quarantined.” You can typically leave items in quarantine; they are neutralized there.
Ensure Updates: Make sure your Norton program and virus definitions are up-to-date to maintain maximum protection moving forward.

AI Mode may make mistakes