Not too long ago, I discovered an oddity pertaining to the infamous quantserve cookie and Norton 360’s detection and removal of it.  The system I was working on was Win 7 (all critical updates).  On June 7, 2013, N360 discovered quantserve and supposedly removed it (see attached screenshot)  (Please note:- if you are noticing the date to be the 13th in the system tray of that screenshot, that is when I happened upon this, but the cookie was still removed June 7 according to the security logs.)  However, in subsequent manual “quick” scans, two cookies would perpetually evidence themselves even when the Internet was not engaged.  When I did further investigation into the Norton security logs, it would explain something to the effect of that Quantserve cookie was “Not detected” and that orphan cookie had been removed.  Now, through past research, I have heard low rumblings about “Quantserve Cookie Virus”.  Whether or not that has been fully substantiated, I am yet to see.  In scope of this, on some level, I wondered if indeed there was something more to this.  I hypothesised that maybe Norton was detecting something but couldn’t fully remove it.  Anouther theory: Maybe because of the troubled nature of quantserve, the programme was providing me with information that the cookie had not re-planted itself (if you will) on subsequent scans.  Then, I had the “brain-thrust” of maybe removing this item from Norton’s logs, that, did not make a difference. 

To air on the side of caution, I performed an examination of various sectors prone to infection.  Nothing “sticking out” (so to speak) in my mind.  To be sure, (since I have not been in the throes of threat remediation recently) I contacted Norton Technical Support at: 1-877-788-4877 and spoke with two consummate professionals.  The first gentleman had thoroughly documented the situation and was not specifically sure what was occurring and therefore I was transferred to a representative who could remotely access the computer.  This representative (who we will reference hereinafter as “Technical Support Agent B”) concluded (as did I) that virus behaviour was not evidenced on the system.  “Representative B” theorised that maybe this was a “fragmented cookie” that may be still partially residing on the system hence Norton’s behaviour of still citing it and indicating “Not detected”.  Unfortunately, “Agent B” could not offer a solution to get the N360 programme to stop doing this.  To make a long story somewhat shorter, I cleared various items under Internet Options (at that time IE 8 before the PowerPlay) i.e. temporary internet files, cookies, etc.  Huzzah, this seemed to win the day.  I re-ran a manual Quick Scan and it no longer explained Quantserve “Not detected”.  If this did not work, I was prepared to do more extensive purging of the cookie index file.