NAV 2010 - W32.Licum - doomed or bogus?

NAV 2010 has just started quarantining every executable it can find, claiming W32.Licum virus.

 

1.  Is it possible this is all bogus positive?  (Symantec false pos checker says their robot sees positive)

 

2.  If false positive, is there a mechanism for disabling the false pos checks (and quarantines) without killing ALL checks?

 

3.  If not false pos, how do I track down (hunt and destroy) what is infecting my system?

 

Some details:

NAV 2010 with all latest updates

Vista x64 with all updates

DSL - verizon/frontier, with verizon-supplied DSL modem/router

I have recent Ghost backups of the system disk, including all the 'suspect' apps.

 

I don't know if this is a coincidence or not, but most of the 'infected' files are in two electronic design software suites (Xilinx and Altera).  It strikes me as 'interesting' that FPGA design SW would be preferentially infected first and foremost, with so many other executables on my system (Office, Adobe suites, etc. etc.)

 

Thanks in advance for your suggestions.

 

- Bob

 

 

Hello eteam

 

Welcome to the Norton Community

 

Since you have NAV 2010, what are you using as a fire wall? Here is the write up from ThreatExpert for this malware.

 

http://www.threatexpert.com/report.aspx?md5=184313053b0cfd95cd81275d930cf947

 

You can try a full scan with the free version of Malwarebytes to see if that can stop it.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

(Thanks to Delph for providing the alternative site)

 

If that doesn't clean it up completely, I would recommend a visit to one of the free malware removal sites and put that name of the malware in the topic and give a description of the problems you are having.

 

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

Please pick one of the above sites if Malwarebytes doesn't clean up everything and you continue to have problems. First post a log here from Malwarebytes though. Thanks.

floplot wrote:

Hello eteam


Welcome to the Norton Community


Since you have NAV 2010, what are you using as a fire wall? Here is the write up from ThreatExpert for this malware.

Hardware firewall is a Westell router re-badged by Verizon for its DSL customers.

http://www.threatexpert.com/report.aspx?md5=184313053b0cfd95cd81275d930cf947


You can try a full scan with the free version of Malwarebytes to see if that can stop it.

Thanks for the link.  Malwarebytes did not see any infections during both a quick scan and a full system scan.  NAV 2010 claims to have found hundreds of infected files.  I'm inclined to think that NAV2010 is throwing up false positives, that a recent virus signature update wasn't 'tight' enough.


If you believe NAV 2010, there is some program infecting my files, but yet the source of the infection can't be detected.  Malwarebytes can detect neither the infections in the files, not a running trojan which is spreading the virus.

(Thanks to Delph for providing the alternative site)


If that doesn't clean it up completely, I would recommend a visit to one of the free malware removal sites and put that name of the malware in the topic and give a description of the problems you are having.


Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

Please pick one of the above sites if Malwarebytes doesn't clean up everything and you continue to have problems. First post a log here from Malwarebytes though. Thanks.

I re-installed the SW suite from which most of the infected files were found.  If I continue to have problems, then I will need to take serious action.  If not, then I'm inclined to remain skeptical of NAV 2010 with its current signature set.


Thanks for your help.  You may be hearing me hollering for help again in the near future.


- Bob

Hello eteam

 

You can also submit the files to Norton for further analysis by following these instructions. If they are false positives, they can adjust their definitions.

 

Please use this link if you think that a file is a false positive:
https://submit.symantec.com/dispute/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:


https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

 

In addition to the modem/routers that Verizon provides, I think you really should have a software firewall also., one that works with NAV., Even with a regular router, people have firewalls or use security suites which include a firewall. Even Verizon themselves offer a security suite for their customers which I am sure includes some sort of firewall.

From prior user's experience, if you can still run an application after Norton has quarantined its .exe file, it would be best to consider it as a true infection.  The application should not be able to work without the .exe.