Hi All,
Norton is reporting a Trojan.Gen in the "/Library/Application Support/Symantec/AntiVirus/" directory. The file is called "QTFiles" and Norton keeps adding it to the quarantine ever 5 minutes, but the file keeps just reappearing. Mac is reporting that this is a Windows 32 bit Mono/.Net file and it is actually dated May 29 2011. I am using Norton Internet Security 5 (12.1 54) for Mac.
Anyone have any idea what this file is or what keeps spawing this file?
Thanks,
Brian
Hi All,
Norton is reporting a Trojan.Gen in the "/Library/Application Support/Symantec/AntiVirus/" directory. The file is called "QTFiles" and Norton keeps adding it to the quarantine ever 5 minutes, but the file keeps just reappearing. Mac is reporting that this is a Windows 32 bit Mono/.Net file and it is actually dated May 29 2011. I am using Norton Internet Security 5 (12.1 54) for Mac.
Anyone have any idea what this file is or what keeps spawing this file?
Thanks,
Brian
Full system scan with Norton Internet Security for Mac ver 12.1 (54) with latest updates found nothing.
Any ideas anybody?
Feels like a false alarm but ........ how can we tell?
I will contact you both via private message to try to obtain a sample.
Some other info lsof produces no output, so no running process created the file. I did have to shutdown Norton to have the file showup. fuser -u produces similar results.
Emailed zipped (Norton found zip and email as infected), deleted both zip and email ,left the file where is.
File shows in my directory as QTfiles
date created and date modified 15/04/2011 7:04PM
72,192 bytes
Unix Executable File
SHOULD I DELETE IT FROM DIRECTORY?
Yes, you can delete it, unless you want to try encrypting it before sending it (but that's a little involved, so I don't think it's necessary). I believe I know how this file is being created (as part of a migration proces from old to new quarantine formats) . I don't understand yet why it is being repeatedly recreated, but I wil continue to research this.
It stopped doing it every five minutes ...... not sure why ...... I did not delete it.
If I understand the problem correctly, it should only regenerate the file a certain number of times (if working correctly, only once).
It may start again after restart, if so (and for anyone else encountering this issue):
1. Run the Terminal application (from /Applications/Utilities/Terminal)
2. Enter this command:
sudo rm /usr/bin/MigrateQTF
(you will be prompted for your admin password, enter it and hit return)
You can also remove any extra copies from Quarantine (in fact, for the Trojan.gen case, all copies can be removed, because they will contain no user data).
The removal of MigrateQT seems to have worked. I am not seeing the QTFiles being spawned anymore.
I had to do it too as it started again. For now it is all quiet. Thx all
Here also a thread which is discussed about similar incident. I really dont know that dou you mean by QTfiles here and i havent seen anything like that in my system. It looks very strange to me.