I did a on-demand scan (NIS2012) on a usb drive, found 1 virus, but there're 163 files being processed.

Question 1:

It has been 1.5 hours since the scan, but currenty only 7 files are processed.  If it's just a multi-duplicate of a virus, then WHY is it taking so long?  According to current speed, it'll take another 34+ hours to process everything.

Question 2:

This scan is making my laptop very unresponsive, as if it is taking up a lot of resources.  The NIS performance graph indicates just a very low cpu usage.  My laptop is already on high performance power option.  What's happening?

Question 3:

Meanwhile, I looked into the usb drive, and found some .exe files still not picked up by NIS.  These files disappear after a few seconds, I assume NIS took care of them.  However, there were 2 .exe files not disappearing.  I used the dos way of deleting them (*.exe /s) since explorer is responding at uber-snail pace.  Were these files already accounted for in the 163 file count?

Question 4:

I'm writing this on another pc, and used my phone to take a screenshot of the process. Seems like my laptop is unusable for another 34 hours.  Any one able to tell me I can unplug the usb drive, and reboot my laptop without worrying the threat will not be taken care of?

Thanks anyone...

Update:

After 30mins since my previous post, it reached 10 files processed.  I tried to check the history to see if there is any name for the 'virus'.

Baam!  NIS Window disappeared!  On-demand scan disappeared!  Tray icon disappeared!

Nothing like "Symantec Service xxxx not working..." warning or whatsoever...

In task manager, one ccsvchst.exe instance survived, along with another navw32.exe.

No idea what happened...  Just another chapter for my unpublished book "My Adventures with NIS".

Good timing, I can shut down my laptop since it is near end of office hour.

edit:  the harddisk is still working on something...  cpu usage meter on task manager: 1%-15%, physical memory 34% (of 4GB)...  seems laptop still unresponsive.  Perhaps removal still working in background?  Will reboot and post if there's a name for the 'virus'.

W32.SillyFDC

Threat actions performed: 464

After reboot, auto protect alerts me that it is processing threats.  Gosh...

edit:  after another reboot, another same silly with different exe name, with further 237 threats (of different exe names).

Hence, one question answered, not all exes were accounted for in the 163 file count.

Don't know why after what seemed a crash and two reboots, NIS could suddenly process the threats at lightning speed???

I have a feeling I won't get a satisfactory answer from any one again.  So, thanks anyone...

The saga continues unfortunately...

I found my harddisk to be 9GB poorer... with some {numbers} file like: {6D54713B-5A59-4ADD-B526-6F5957D77E8E} in root C:\

Guess there's always really a "first time" for everything with NIS?

Please hang on for some help -- there are people here who can ....

USB drives are slow over the connection unfortunately -- is is USB2 or USB3? And if it got rid of 9GB of mallware you must have some problems! If WIndows itself were damaged that would slow things down. Windows has a self-repair function that might be worth trying AFTER seeing what help you can be given but since you have already run a scan and done a manual delete it may be too late for some kinds of help.

Has anything given you a name of the virus that Norton says it has detected?

It will help others help you if you can fill in some background -- here's my boilerplate:

What version of Windows are you using including Service Packs and whether 32 bit or 64 bit as well as the Name and Version ID of the Norton product that you are using -- Help or Support / About is where that is, in the format of nn.nn.nn.nnn where n is a number.

If you get any error messages please give the exact wording of them as well as any other background that could be helpful. 

Please also say what internet browser you are using -- name and version number ...

Hugh,

This sounds like a Quads project

Hope the user will wait for him and follow his directions exactly.

---

dickevans wrote:

Hugh,

This sounds like a Quads project

Hope the user will wait for him and follow his directions exactly.

---

I agree but my reference to "too late" was due to action already taken eg Q3 in the first message.

But miracles do happen ....

Thanks guys for your concern.

In my third post I wrote that it's the W32 Silly FDC.

The usb drive is 4GB, usb 2.0.  So it's hard to imaging a swelling up to 9GB.

Problem is NIS somehow allowed the multi-duplicates to function, they got into c:\windows\setup, \temp, user appdata etc...

Each duplicate is quarantined, each one costing 52MB+, added to around 8GB (.tmp files).

Another 1GB lies in windows\temp, also 52MB+ .tmp files.

Got rid of these excess baggages (deleted them manually and erased quarantine history).  Computer & usb drive are fine now.

Thanks.  Just stumped on the behaviors of NIS...