Norton does not scan inside ISO files

Norton Security | Norton Internet Security
1

I have just downloaded Ultimate DLCD Boot 2015 v1.0 [UEFI-GPT + BIOS-MBR] from the following link,

[Removed]

I am trying to create a Rescue disk which can be used to unlock users, recover data and do other troubleshooting steps with this Ultimate DLCD Boot USB drive.

It downloaded a RAR file, which I scanned with Norton on Demand scanner and it gave me no threats detected. Great. Then I unzipped the RAR file and it resulted in 6 files being unzipped. One of them was a ISO file, Ultimate.2015.v1.0.iso. I again had Norton scan these files using the on demand scanner and still no threats detected. Great so far. Then i unzipped the ISO file contents into a folder and then ran a Norton scan over the unzipped contents of the ISO file. That is when the problems started. Norton showed about 11 Viruses that were found. The details are given in the text attachment with the name "The result of Norton OnDemand Scan on unzipped ISO File Content".

So my question is two fold

1) Why is Norton not scanning inside ISO files and detecting threats there itself?

2) If we look at the scan report given below most of the viruses given in the DLD are from utilities that are used. Are they false positives or are there serious concerns over here?

Any help would be appreciated.

___________________________

Appreciating your help in advance

[Edit: Removed hyperlink to a potentially malicious page to conform with the Participation Guidelines and Terms of Service]

2
Joe Blake 1:

This leaves one question still unanswered. How come Norton is not scanning inside the ISO file contents thoroughly even though manual scan is run on the compressed file as well as on the ISO? 

https://community.norton.com/en/comment/8495595#comment-8495595 

3

Allright then this means I cannot create this rescue disk. Even if I were to use a Linux Live CD Distro to create this, I would not be sure that when I plug it into a computer it would not result in some malicious software not infecting the computer.

This leaves one question still unanswered. How come Norton is not scanning inside the ISO file contents thoroughly even though manual scan is run on the compressed file as well as on the ISO? This leads me to question the effectiveness of Norton Anti Virus.

4

@Joe Blake 1 

Joe Blake 1:
2) If we look at the scan report given below most of the viruses given in the DLD are from utilities that are used. Are they false positives or are there serious concerns over here?

Sorry, not enough information - for me.  

FWIW ~ Please review VirusTotal results - from events [here]....my side -

Filename: ADDx86.7z
https://www.virustotal.com/gui/file/a96fda2007ac05c96a39ce1dc30f5d927468cca887ca48031e2c63b1143d1804/detection

Filename: ATI2014.7z
https://www.virustotal.com/gui/file/f16ae3882744368d5008c8955ae067813863be81a9fa2dd4de5298eb2b082a3a/detection

Filename: ATI2015.7z
https://www.virustotal.com/gui/file/9f13150e3c0f5c589e1cf1d3d4136f7cc2077547118477aba0e69468b1d5f0dd/detection

Filename: AutoMountDrives.exe
https://www.virustotal.com/gui/file/d10e359b9792e9d2b42e1b9a2c3670de4284e25af10ea492d8e858a2c09d0329/detection

Filename: HEU_KMS_Activator.exe
https://www.virustotal.com/gui/file/39af9d041c9cc6918a2f7c5cd44898cc6f9ce34714e8a2a68945b9085c2f89fc/detection

Filename: KMSpico.7z
https://www.virustotal.com/gui/file/bed1edcbb67bc36a6f3755c4556d81a20b72d22042d86e114794ae79ef8414fc/detection

Filename: RemoveWAT.exe
https://www.virustotal.com/gui/file/fc22c0054be328fcefab429586d5038c524d33f955168c9ea157fbc4095b3f5c/detection

Filename: ResetWindowsPassword.7z
https://www.virustotal.com/gui/file/ff032020106024dd0cc9d246d7659a3a44a6460a762fbc0099af9e66e710e6d7/detection

Filename: WindowsLoader.7z
https://www.virustotal.com/gui/file/c0c0bd581f060df75057228efa4926ce172b1ed3a6d2b29fac92e8fd69a102e3/detection

Filename: WirelessKeyView.7z
https://www.virustotal.com/gui/file/3d6ff1645a96ba183477dbfc1e478f876a5e092934b40899023219614f1290f7/detection

as always, your mileage may vary

5

Eject ISO
Scan Information:
  Virus Defs Version: 2020.12.26.003
  Virus Defs Seq ID: 210866

Scan Statistics:
  Scan Start:
   Local: 12/27/2020 5:06 AM
   UTC: 12/27/2020 10:06 AM
  Scan Time: 694 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 510,970
   - Files & Directories: 506,666
   - Registry Entries: 663
   - Processes & Startup Items: 2,928
   - Network & Browser Items: 604
   - Other: 4
   - Trusted Files: 63,037
   - Skipped Files: 300,311

   Total security risks detected: 24
   Total items resolved: 24
   Total items that require attention: 0

Resolved Threats:
Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
F:\DLCD\Programs\Files\AutoMountDrives.7z - No Action Required

Risks in compressed file "ATI2015.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 2 Infected Files
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Fully Resolved
[ati15.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Fully Resolved

Risks in compressed file "ADDx86.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
[addx86.exe] inside of [F:\DLCD\Programs\Files\ADDx86.7z] - Fully Resolved

Risks in compressed file "ATI2014.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2014.7z] - Fully Resolved

SMG.Heur!gen
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 File
F:\DLCD\Programs\Files\HEU_KMS_Activator.7z - No Action Required

Risks in compressed file "KMSpico.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 3 Infected Files
[installAll.cmd] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Fully Resolved
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Fully Resolved
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Fully Resolved

Hacktool.Kms
 Type: Anomaly
 Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
 Categories: Hack Tool
 Status: Fully Resolved
 -----------
 1 File
F:\DLCD\Programs\Files\RemoveWAT.7z - No Action Required

Risks in compressed file "ResetWindowsPassword.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 3 Infected Files
[rwp_Loader.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Fully Resolved
[rwp.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Fully Resolved
[RunRWP.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Fully Resolved

Risks in compressed file "WindowsLoader.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
[Windows Loader.exe] inside of [F:\DLCD\Programs\Files\WindowsLoader.7z] - Fully Resolved

Risks in compressed file "WirelessKeyView.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
[WirelessKeyView.exe] inside of [F:\DLCD\Programs\Files\WirelessKeyView.7z] - Fully Resolved

Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\BkavDetectShortcutFileVirus.exe - Failed
 1 Browser Cache

Trojan.Gen.NPE
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\Files\WebBrowserPassView.7z - Failed
 1 Browser Cache

Trojan.Gen
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\FixAttrb.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\Font-Install-Backup.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\KillBox.exe - Failed
 1 Browser Cache

Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\SetPageFile.exe - Failed
 1 Browser Cache

Heur.AdvML.C
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
CSIDL_DRIVE_CDROM\dlcdmenu.exe - No Action Required
 1 Browser Cache

Unresolved Threats:
No unresolved risks

======================================

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Activity - Details
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"ADDx86.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,Medium,RemoveWAT.exe (Hacktool.Kms) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"KMSpico.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 2
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"ATI2015.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 2
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"ResetWindowsPassword.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 3
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"WirelessKeyView.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"ATI2014.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,High,"Risks in compressed file \"WindowsLoader.7z\" detected by Virus scanner",Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,High,AutoMountDrives.exe (Heur.AdvML.B) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:30:33 AM,Low,HEU_KMS_Activator.exe (SMG.Heur!gen) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:53 AM,High,dlcdmenu.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,Picachu.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,Picachu.exe (Heur.AdvML.C) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,Font-Install-Backup.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,KillBox.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,FixAttrb.exe (Trojan.Gen) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:52 AM,High,SetPageFile.exe (Heur.AdvML.B) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:51 AM,High,WebBrowserPassView.7z (Trojan.Gen.NPE) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1
12/27/2020 5:17:37 AM,High,BkavDetectShortcutFileVirus.exe (Heur.AdvML.B) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1

6

Okay ... started over as per Chat Support session -
1) Extract archive
2) Mount ISO
3) Run Full System Scan

Resolved Threats:
Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
CSIDL_DRIVE_CDROM\dlcdmenu.exe - No Action Required
 1 Browser Cache

Unresolved Threats:
Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 File
F:\DLCD\Programs\Files\AutoMountDrives.7z - Delete Failed

Risks in compressed file "ATI2015.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 2 Infected Files
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Not Attempted
[ati15.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Not Attempted

Risks in compressed file "ADDx86.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[addx86.exe] inside of [F:\DLCD\Programs\Files\ADDx86.7z] - Not Attempted

Risks in compressed file "ATI2014.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2014.7z] - Not Attempted

SMG.Heur!gen
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 File
F:\DLCD\Programs\Files\HEU_KMS_Activator.7z - No action taken

Risks in compressed file "KMSpico.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Not Attempted
 -----------
 3 Infected Files
[installAll.cmd] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted

Hacktool.Kms
 Type: Anomaly
 Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
 Categories: Hack Tool
 Status: Remove Failed
 -----------
 1 File
F:\DLCD\Programs\Files\RemoveWAT.7z - Delete Failed

Risks in compressed file "ResetWindowsPassword.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 3 Infected Files
[rwp_Loader.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted
[rwp.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted
[RunRWP.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted


Risks in compressed file "WindowsLoader.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Not Attempted
 -----------
 1 Infected File
[Windows Loader.exe] inside of [F:\DLCD\Programs\Files\WindowsLoader.7z] - Not Attempted

Risks in compressed file "WirelessKeyView.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[WirelessKeyView.exe] inside of [F:\DLCD\Programs\Files\WirelessKeyView.7z] - Not Attempted

Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\BkavDetectShortcutFileVirus.exe - Failed
 1 Browser Cache

Trojan.Gen.NPE
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Files\WebBrowserPassView.7z - Failed
 1 Browser Cache

Trojan.Gen
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\FixAttrb.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Font-Install-Backup.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\KillBox.exe - Failed
 1 Browser Cache

Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\SetPageFile.exe - Failed
 1 Browser Cache

Heur.AdvML.C
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache
=========================================================

View or fix device security risks that Norton detects
When Norton detects a security risk, it automatically removes it, unless it requires your input to understand how you want to resolve the risk. If you do need to provide input, Norton displays a Threats Detected alert or Security Risk alert with suggestions on how to respond to the security risk.

View risks automatically resolved during a scan
Fix unresolved risks detected during a scan

https://support.norton.com/sp/en/us/norton-360/22.20.5.39/solutions/v1910999 

7

Mount image from context menu
To mount an ISO image with the File Explorer context menu, use these steps:

  1. Open File Explorer.
  2. Browse to the folder with the ISO image.

  3. Right-click the .iso file and select the Mount option.

    <p><em>Source: Windows Central</em></p>

<p><a href="https://www.windowscentral.com/sites/wpcentral.com/files/styles/xlarge/public/field/image/2020/11/file-explorer-context-menu-mount-option.jpg" title="File Explorer context menu mount ISO"><img src="https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/11/file-explorer-context-menu-mount-option.jpg" /></a></p>
</li>

Once you complete the steps, you can access the contents of the image by selecting the virtual drive from the left navigation pane.

https://www.windowscentral.com/how-mount-or-unmount-iso-images-windows-10

8

@John Blake 1

FWIW ~ excerpts from Chat Support session -

What is it about the ISO file format that Norton cannot access inside directly.
Why do I need to first mount the ISO in order for Norton to then have access inside the ISO.

Mounting a file system attaches that file system to a directory (mount point) and makes it available to the system.

The ISO file can only be accessed directly when it is mounted and Full System Scan will then be able to scan all the files. 

If you wish to scan ISO files, you need to mount them, as its compatibility concern that is the reason Norton doesn't scan without mounting.

9

Is there a Norton Product that will scan ISO files,

If you have a tool that can mount an ISO as a virtual drive you can scan them through explorer.

I have an old version of Nero image drive and UltraISO that mounts then as virtual DVD-Roms but I'm sure there are many other tools.

Although compression tools can extract them, they are really not compressed archives and they use a different file format that windows or Norton cannot access directly.

https://community.norton.com/en/comment/3489403#comment-3489403 

Can malware in an RAR or ISO format harm a computer?

Yes, When you extract it.

RAR files are not dangerous in themselves. They are similar to ZIP files, and their purpose is to contain other files. However, the files that you find inside the RAR file can indeed be dangerous. And malware is frequently spread via RAR files (as well as ZIP files).

There is no harm in opening a RAR file and looking at what is inside of it. But don’t extract the files within unless you are confident that they are not malware, or you have a virus scanner ready to check them. One dead giveaway is a RAR that you expect to contain a video, but when you look inside you see a .exe file. That’s pretty much guaranteed to be malware.

https://www.quora.com/Can-malware-in-an-RAR-or-ISO-format-harm-a-computer 

10

 

1.42 GB is a lot to pick at .. layer by layer ...via on-demand scans. 

May be prudent to on-demand scan & allow Auto-Protect to work & only download from reputable sources & have recent image backups...just in case.    

Cheers

11

png_8513.pngpng_8514.pngpng_8515.png

Scan Information:
  Virus Defs Version: 2020.12.26.003
  Virus Defs Seq ID: 210866

Scan Statistics:
  Scan Start:
   Local: 12/26/2020 6:13 PM
   UTC: 12/26/2020 11:13 PM
  Scan Time: 142 seconds
  Scan Targets: F:\DLCD\Programs
  Counts:
   Total items scanned: 6,091
   - Files & Directories: 6,091
   - Registry Entries: 0
   - Processes & Startup Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 0
   - Skipped Files: 0

   Total security risks detected: 22
   Total items resolved: 0
   Total items that require attention: 22

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 File
F:\DLCD\Programs\Files\AutoMountDrives.7z - Delete Failed


Risks in compressed file "ATI2014.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2014.7z] - Not Attempted


Risks in compressed file "ADDx86.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[addx86.exe] inside of [F:\DLCD\Programs\Files\ADDx86.7z] - Not Attempted


Risks in compressed file "ATI2015.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 2 Infected Files
[install.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Not Attempted
[ati15.exe] inside of [F:\DLCD\Programs\Files\ATI2015.7z] - Not Attempted


SMG.Heur!gen
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 File
F:\DLCD\Programs\Files\HEU_KMS_Activator.7z - No action taken


Risks in compressed file "KMSpico.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Not Attempted
 -----------
 3 Infected Files
[installAll.cmd] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted
[AutoPico.exe] inside of [F:\DLCD\Programs\Files\KMSpico.7z] - Not Attempted


Hacktool.Kms
 Type: Anomaly
 Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
 Categories: Hack Tool
 Status: Remove Failed
 -----------
 1 File
F:\DLCD\Programs\Files\RemoveWAT.7z - Delete Failed


Risks in compressed file "ResetWindowsPassword.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 3 Infected Files
[rwp_Loader.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted
[rwp.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted
[RunRWP.exe] inside of [F:\DLCD\Programs\Files\ResetWindowsPassword.7z] - Not Attempted


Risks in compressed file "WindowsLoader.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Not Attempted
 -----------
 1 Infected File
[Windows Loader.exe] inside of [F:\DLCD\Programs\Files\WindowsLoader.7z] - Not Attempted


Risks in compressed file "WirelessKeyView.7z"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Not Attempted
 -----------
 1 Infected File
[WirelessKeyView.exe] inside of [F:\DLCD\Programs\Files\WirelessKeyView.7z] - Not Attempted


Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\BkavDetectShortcutFileVirus.exe - Failed
 1 Browser Cache

Trojan.Gen.NPE
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Files\WebBrowserPassView.7z - Failed
 1 Browser Cache

Trojan.Gen
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\FixAttrb.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\KillBox.exe - Failed
 1 Browser Cache

Heur.AdvML.B
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\SetPageFile.exe - Failed
 1 Browser Cache

Heur.AdvML.C
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache

Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCD\Programs\Picachu.exe - Failed
 1 Browser Cache

12

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
F:\DLCDMenu.exe - Failed
 1 Browser Cache
 

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Activity - Details
12/26/2020 6:04:10 PM,High,FONT-INSTALL-BACKUP.EXE (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required, Actions performed: 0
12/26/2020 6:04:10 PM,High,FixAttrb.exe (Trojan.Gen) detected by Auto-Protect,Blocked,Resolved - No Action Required, Actions performed: 0
12/26/2020 5:56:42 PM,High,BKAVDETECTSHORTCUTFILEVIRUS.EXE (Heur.AdvML.B) detected by Auto-Protect,Blocked,Resolved - No Action Required, Actions performed: 0
12/26/2020 5:44:08 PM,High,dlcdmenu.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,Threat Actions performed: 1

++++++++++++++++++++++++++++++++++

 

13

Okay...mount ISO and scan DLCDMenu.exe

Scan Information:
  Virus Defs Version: 2020.12.26.003
  Virus Defs Seq ID: 210866

Scan Statistics:
  Scan Start:
   Local: 12/26/2020 5:43 PM
   UTC: 12/26/2020 10:43 PM
  Scan Time: 18 seconds
  Scan Targets: F:\DLCDMenu.exe
  Counts:
   Total items scanned: 1
   - Files & Directories: 1
   - Registry Entries: 0
   - Processes & Startup Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 0
   - Skipped Files: 0

   Total security risks detected: 1
   Total items resolved: 1
   Total items that require attention: 0

Resolved Threats:
Trojan.Gen.2
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Fully Resolved
 -----------
 1 Infected File
CSIDL_DRIVE_CDROM\dlcdmenu.exe - No Action Required
 1 Browser Cache

____________________________

File: DLCDMenu.exe
File size: 840 KB (860,160 bytes)
MD5 checksum: 79701B5E50A2AC4187CA01D4099C29AC
SHA1 checksum: B276785753AEFAD9B7B292E4AF556287436BA315
SHA256 checksum: C4B0E8DCF2638D06FCA027B631D4038AE224A7E410614819F239CEEBD431E7F4
png_8507.pnghttps://www.virustotal.com/gui/file/c4b0e8dcf2638d06fca027b631d4038ae224a7e410614819f239ceebd431e7f4/detection

14

Scan Statistics:
  Scan Start:
   Local: 12/26/2020 5:38 PM
   UTC: 12/26/2020 10:38 PM
  Scan Time: 0 seconds
  Scan Targets: C:\Users\bjm\Desktop\Ultimate.DLCD.Boot.2015.v1.0\Ultimate.2015.v1.0.iso
  Counts:
   Total items scanned: 1
   - Files & Directories: 1
   - Registry Entries: 0
   - Processes & Startup Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 0
   - Skipped Files: 1

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

15

FWIW ~

Scan Statistics:
  Scan Start:
   Local: 12/26/2020 5:09 PM
   UTC: 12/26/2020 10:09 PM
  Scan Time: 15 seconds
  Scan Targets: C:\Users\bjm\Desktop\Ultimate.DLCD.Boot.2015.v1.0.rar
  Counts:
   Total items scanned: 77
   - Files & Directories: 77
   - Registry Entries: 0
   - Processes & Startup Items: 0
   - Network & Browser Items: 0
   - Other: 0
   - Trusted Files: 0
   - Skipped Files: 0

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

___________________________________

static scans = No threats detected

16

FWIW ~

File: Ultimate.DLCD.Boot.2015.v1.0.rar
File size: 1.35 GB (1,448,976,865 bytes)
MD5 checksum: B5476F2E91AFA695766D62E72308E96C
SHA1 checksum: 09AADEB9CB15D1CC907DDE92EB4878DCB2BDB006
SHA256 checksum: 3880251312CA2A9E02DA1F94065B1587BFE6FE5806B49D8DD0C25F7B13D7532A
SHA384 checksum: 3309A0F136EAFB91FFE0E24D5915F85BFE844DD7E698F76662C0A821DDE44911DC4C5DE5B2816F23801F1056634165D3
 

17

Maybe, ISO has an autorun.ini which Windows by default executes pointing to the virus file/s included with the ISO, and you have automatically started malware that gets run without the user starting any programs. 

An ISO could potentially contain files which could be viruses. Identical to how a ZIP file (or any other archive file format) could contain an infected file.

An ISO is generally less likely to contain malware, as a virus creator could just as easily infect peoples computers with much smaller files (single executable), which they would be more likely to download, but it is possible.

source google

18
Joe Blake 1: 

It downloaded a RAR file, which I scanned with Norton on Demand scanner and it gave me no threats detected. Great. Then I unzipped the RAR file and it resulted in 6 files being unzipped. One of them was a ISO file, Ultimate.2015.v1.0.iso. I again had Norton scan these files using the on demand scanner and still no threats detected. Great so far. Then i unzipped the ISO file contents into a folder and then ran a Norton scan over the unzipped contents of the ISO file. That is when the problems started. Norton showed about 11 Viruses that were found. The details are given in the text attachment with the name "The result of Norton OnDemand Scan on unzipped ISO File Content".

1) Why is Norton not scanning inside ISO files and detecting threats there itself?

2) If we look at the scan report given below most of the viruses given in the DLD are from utilities that are used. Are they false positives or are there serious concerns over here?

The download is compressed -
Maybe, your on-demand scans were against static - compressed files -
Maybe, 1.3GB influenced scan results -

Sorry, I don't have saved ISOs, at this time, to scan -  

as I recall...by habit....I'll Norton on-demand scan & second opinion scan archives -
When archive is extracted - on execution - when file moves - changes - file created - Norton real time Auto-Protect kicks in -

IMO ~ Norton scan function is less protection than Norton real time function. 

19

appears, I'd need to Sign up to download files 

and sans 4shared Premium account

20

~ IPS off = fake loud scare audio message with moving mouse pointer on fake tech support page -

and
png_8494.png