I keeping getting a message that Adware.Gen has been detected. I have looked at the file, and am rather sure that this is not malware, it has been there since 2007, and has never been detected my NIS 2009 in several months. If I click ignore NIS indicates that the risk is resolved and then 5 minutes later identifies it again.I suspect this is heuristic mode finding it.
I have set the file to be excluded from scanning by listing it under settings, scan excusions and putting in under both auto-protect and scanning, yet it still finds it and notifes me over and over about the security risk.
What can I do to stop this?
If I tell NIS to ignore it why doesn't it? If I exclude the file from being scanned how does NIS 2009 still find it?
Start by telling us your Windows version and what service packs you got. Thereafter we would like to hear the applications name and where it is on your computer. You might even want to try to upload it to http://www.virustotal.com/en/indexf.html.
I keeping getting a message that Adware.Gen has been detected. I have looked at the file, and am rather sure that this is not malware, it has been there since 2007, and has never been detected my NIS 2009 in several months. If I click ignore NIS indicates that the risk is resolved and then 5 minutes later identifies it again.I suspect this is heuristic mode finding it.
I have set the file to be excluded from scanning by listing it under settings, scan excusions and putting in under both auto-protect and scanning, yet it still finds it and notifes me over and over about the security risk.
What can I do to stop this?
If I tell NIS to ignore it why doesn't it? If I exclude the file from being scanned how does NIS 2009 still find it?
Manually add the file to quarantine in NIS2009 and submit the file to Symantec.
Go to the Quarantine section off the main screen and Click Add to Quarantine if there is not a listing of this file there.
Once there is a listing in the left hand pane, select that by double clicking on it. Then click submit to Symantec. They will receive the file in question. If found clean, then they will adjust the virus scanning definitions / setting on SONAR and BASH so that the False Positive will go away.
When the file has been submitted to Symantec then Restore the file to your system from Quarantine.
Message Edited by dbrisendine on 04-26-2009 09:13 PM
2. When you place the file path in both exclusion lists, by browsing for the file did you click "apply" then click "OK" is the file and path still in the exclusion lists??
3. There may be other files of that name in the "system32" folder.
Threat Expert recognizes the Gamsbar file as 50% likely to be a threat
%ProgramFiles%\gamesbar\obget.exe
This threat is known to be associated with the Gamesbar file
Adware.Zango_Search_Assistant
Prevx has this to say about Obget.exe
OBGET.EXE has been seen to perform the following behavior:
Reads email address and phone book details
The Process is polymorphic and can change its structure
OBGET.EXE has been the subject of the following behavior:
Executed as a Process
Created as a process on disk
McAfee has recognized I386\gtdownde_87.ocx. as a false positive.
You will probably have to put all three of those files in as exclusions in auto scan and auto protect. It would still be a good idea to submit the file that is continually detected to Symantec. If any of the files go to quarantine, you can submit them from there. Or submit it at this site:
OK I am still puzzled because the files are clearly in my exclusions for both scanning and autoprotect but continue to be found every day by NIS 2009. There is mention of 1 file 1 brewser cache, and in the details it gives the two files in their location on the hard drive.
Again if I choose to ignore them, they are rescanned anyway. I still don;t know why they are discovered if they are exlcuded
Is there an option to "exclude" rather than "ignore" when this adware is detected? If Adware.Gen is a low risk threat you should see exclude as an option on the scan window.
If you are still seeing this problem (not sure what Symantec sent to you); in the next pop up, if there is an option to Fix or Quarantine select that. Then go to the Quarantine list off the main screen. Select the file record and then click on Restore. In the pop up, tell Norton that Yes, you want to add this to the exceptions. Norton will then restore the file AND add it to the SONAR exceptions. This is the only way to add anything to the exceptions list for SONAR (heuristic detection). Users are not allowed to manually add exceptions to the list (it is not viewable or editable).
We have released the fix to address this false positive detection on 5/12. Please run LiveUpdate and files with this signature should no longer being detected.
An additional step I had to take was to quarantine the files when NIS discovered them as threats, and then restore them. Then in conjunction with Live Update, they were no longer being detected. Simply choosing ignore, and running live update, did not allow NISS to stop detecting the threats.
Thanks for overall excellent support frm Symantec!