Norton refuses to stop identifying incorrectly identified malware

I keeping getting a message that Adware.Gen has been detected. I have looked at the file, and am rather sure that this is not malware, it has been there since 2007, and has never been detected my NIS 2009 in several months. If I click ignore NIS indicates that the risk is resolved and then 5 minutes later identifies it again.I suspect this is heuristic mode finding it.

 

 

I have set the file to be excluded from scanning by listing it under settings, scan excusions and putting in under  both auto-protect and scanning, yet it still finds it and notifes me over and over about the security risk.

 

What can I do to stop this?

 

If I tell NIS to ignore it why doesn't it? If I exclude the file from being scanned how does NIS 2009 still find it?

 

 

Thanks

 

Greg

Start by telling us your Windows version and what service packs you got. Thereafter we would like to hear the applications name and where it is on your computer. You might even want to try to upload it to http://www.virustotal.com/en/indexf.html.

 

Please post a link to the results.

Thanks the file is C:\I386\gtdownde_87.ocx.

 

I am using Windows XP Home SP2.

 

I can try uploading the file.

 

it seems to be associated with another folder C:\program files\ gamesbar\OBGet.exe.

 

it is identified as  heuristic virus low priority by NIS 2009

 

Been on the computer since 2007

 

Greg

I keeping getting a message that Adware.Gen has been detected. I have looked at the file, and am rather sure that this is not malware, it has been there since 2007, and has never been detected my NIS 2009 in several months. If I click ignore NIS indicates that the risk is resolved and then 5 minutes later identifies it again.I suspect this is heuristic mode finding it.

 

 

I have set the file to be excluded from scanning by listing it under settings, scan excusions and putting in under  both auto-protect and scanning, yet it still finds it and notifes me over and over about the security risk.

 

What can I do to stop this?

 

If I tell NIS to ignore it why doesn't it? If I exclude the file from being scanned how does NIS 2009 still find it?

 

 

Thanks

 

Greg

Manually add the file to quarantine in NIS2009 and submit the file to Symantec.

 

Go to the Quarantine section off the main screen and Click Add to Quarantine if there is not a listing of this file there.

 

Once there is a listing in the left hand pane, select that by double clicking on it.  Then click submit to Symantec.  They will receive the file in question.  If found clean, then they will adjust the virus scanning definitions / setting on SONAR and BASH so that the False Positive will go away.

 

When the file has been submitted to Symantec then Restore the file to your system from Quarantine.

 

Message Edited by dbrisendine on 04-26-2009 09:13 PM

Hi

 

1. are you using a Dell Machine??

2. When you place the file path in both exclusion lists, by browsing for the file did you click "apply" then click "OK" is the file and path still in the exclusion lists??

 

3. There may be other files of that name in the "system32" folder.

 

4. Not only Norton is detecting this file.

 

Quads 

Threat Expert recognizes the Gamsbar file as 50% likely to be a threat

 

%ProgramFiles%\gamesbar\obget.exe

 

This threat is known to be associated with the Gamesbar file

 

Adware.Zango_Search_Assistant

 

Prevx has this to say about Obget.exe

 

OBGET.EXE has been seen to perform the following behavior:

  • Reads email address and phone book details
  • The Process is polymorphic and can change its structure

OBGET.EXE has been the subject of the following behavior:

  • Executed as a Process
  • Created as a process on disk


McAfee has recognized I386\gtdownde_87.ocx. as a false positive.

 

You will probably have to put all three of those files in as exclusions in auto scan and auto protect.  It would still be a good idea to submit the file that is continually detected to Symantec.  If any of the files go to quarantine, you can submit them from there.  Or submit it at this site:

https://submit.symantec.com/websubmit/retail.cgi 


 

I am using a dell machine, and did select apply.

I have submitted all of the files, and will put them into exclusion for the time being.

 

Thanks for all of the help!

 

Greg

OK I am  still puzzled because the files are clearly in my exclusions for both scanning and autoprotect but continue to be found every day by NIS 2009. There is mention of 1 file 1 brewser cache, and in the details it gives the two files in their location on the hard drive.

 

Again if I choose to ignore them, they are rescanned anyway. I still don;t know why they are discovered if they are exlcuded

 

Thanks

 

Greg

Hi Greg

 

Is there an option to "exclude" rather than "ignore" when this adware is detected? If Adware.Gen is a low risk threat you should see exclude as an option on the scan window.

Message Edited by Qi on 04-30-2009 12:14 PM

Yes, I see in the Help section that such an option should exist as you state, but the only two options are "FIX" and "IGNORE".

 

Twice a day I have the alert come up and just choose ignore over and over. Perhaps this is a bug?

 

Greg

What protection component does the pop up say detected the files?  If it’s SONAR did you follow my instructions in an earlier post?

Hi Greg,

 

I have sent you a PM and asked you for some more infomation.

If you are still seeing this problem (not sure what Symantec sent to you); in the next pop up, if there is an option to Fix or Quarantine select that.  Then go to the Quarantine list off the main screen.  Select the file record and then click on Restore.  In the pop up, tell Norton that Yes, you want to add this to the exceptions.  Norton will then restore the file AND add it to the SONAR exceptions.  This is the only way to add anything to the exceptions list for SONAR (heuristic detection).  Users are not allowed to manually add exceptions to the list (it is not viewable or editable).

We have released the fix to address this false positive detection on 5/12.  Please run LiveUpdate and files with this signature should no longer being detected.

An additional step I had to take was to quarantine the files when NIS discovered them as threats, and then restore them. Then in conjunction with Live Update, they were no longer being detected. Simply choosing ignore, and running live update, did not allow NISS to stop detecting the threats.

 

Thanks for overall excellent support frm Symantec!

 

Greg