Resolved Security Risks

Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
1/24/2010 7:25 AM,High,Auto-Protect has detected Trojan.Pidief.G,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.01.23.023,,,Virus,,,"c:\users\rao\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\vgj43vg0\ohf75fba9fv0100f070006rf129df8a108tbc0386b7201l0409ka58c9c41317[1].pdf"

---

Emailed Norton Tech Support for detail information  and got the following message

 

 

Hello Prabhakara,

 
Welcome back to Norton Support.
 It seems that your computer is infected with Virus.
 

Here are some of the most common ways this can happen:

  • Clicking on an intriguing pop-up ad which contains a Trojan.
  • Opening a malicious email attachment.
  • Downloading a virus from a file-sharing program such as LimeWire.
  • Your Norton software was not updated with the latest virus definitions.
  • Your system was infected with malware before Norton was installed.

--

My HP pc is new and came with Norton Internet Security installed  and later upgraded to Norton 360. All updated are up to date. Does that mean my pc was infected before I bought it from BEST BUY.
Should I contact HP or Best Buy about it?
 
Please update
 
Thank You
 
rao


[edit: Removed personal details.] 

Hi,

Resolved Security Risks information was from Norton 360 Security History.

With the information from Norton Tech support uninstalled NIS and installled Norton 360

File Attached: Resolved Security Risks.txt  for review.

 

Requested Details:

System Information:

OS Name:  Microsoft® Windows Vista™ Home Premium     

Version  :    6.0.6002 Service Pack 2 Build 6002            

OS Manufacturer :  Microsoft Corporation  

System Manufacturer:    HP-Pavilion        

System Type: x64-based PC    

 

Norton Details:

Product Name: Norton 360 Premier Edition

Version: 3.8.0.41

 

 

Please update.

Thank You

Rao

 

Category: Resolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State,File Name
1/24/2010 7:25 AM,High,Auto-Protect has detected Trojan.Pidief.G,"Blocked, Blocked",Resolved - No Action,Auto-Protect,2010.01.23.023,,,Virus,,,"c:\users\rao\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\vgj43vg0\ohf75fba9fv0100f070006rf129df8a108tbc0386b7201l0409ka58c9c41317[1].pdf"

---

Emailed Norton Tech Support for detail information  and got the following message

 

 

Hello Prabhakara,

 
Welcome back to Norton Support.
 It seems that your computer is infected with Virus.
 

Here are some of the most common ways this can happen:

  • Clicking on an intriguing pop-up ad which contains a Trojan.
  • Opening a malicious email attachment.
  • Downloading a virus from a file-sharing program such as LimeWire.
  • Your Norton software was not updated with the latest virus definitions.
  • Your system was infected with malware before Norton was installed.

--

My HP pc is new and came with Norton Internet Security installed  and later upgraded to Norton 360. All updated are up to date. Does that mean my pc was infected before I bought it from BEST BUY.
Should I contact HP or Best Buy about it?
 
Please update
 
Thank You
 
rao


[edit: Removed personal details.] 

rao,

 

Thanks for the additional information which will help resolve any questions you may have.

 

But I'm still not quite sure what your question is since the entry in Resolved Security Risks shows that Norton 360 successfully dealt with the infection. Are you asking why Norton Internet Security did not stop it?

 

If so that could depend on the version and the uptodateness of your NIS and its definitions which we can't know.

 

The hahrd fact is that much malware gets past security software because in effect the user invites it in by unwittingly clicking on a link that is not what it seems to be -- especially those popups saying your computer is infected and to click here to download an application that will remove it, which is a complete scam.

 

Or are you asking why the words "No Action" are there? If that it is I beleive because Norton did block the attempted attack (and I imagine quarantined the attacking tool) and that you, the user, need take no further action.

 

Please clarify just what your problem is and someone better informed than I am will surely help.

 

And with an uptodate subscription for Norton 360 you are entitled to update from V3 that you have to the latest which is now V4 -- but let's leave that until your question is sorted out.

 

 

Ref; Resolved Security Risks

 

Technical Support [Incident:XXXXXXXXXXX]

Tuesday, February 23, 2010 11:54 PM

Email From: "Norton Email Support" <abc@XYZ.com>

Symantec Case Manager:

Since you got the prompt that an intrusion attempt has been made, there is a chance of computer may be infected.

 

That is my concern.  How can I make sure my pc is not infected by virus?

Please update

Thank You

Rao

 

<<edit: removing support case id and the email address as per the participation guidelines and terms of service>>

You do not have to worry about the meesage that you get. Norton product has blocked the intrusion attempt, and you are fully protected.

 

To make sure that you are fully protected, run a scan using Norton Bootable recovery Tool.

 

Vineeth

rao,

 

You can do as Vineeth suggests but probably simpler overall would be to run the free version of Malwarebytes and see what it says in its report which you can paste into a message here. Do not get the purchased version since it runs in the background all the time and can interfere with Norton.

 

This link will take you to the download page:  Malwarebyte



I'm assuming of course that you can effectively and safely access the internet if necessary on a different computer.

Download and install the free version since they do all you need by running on command, not in the background.

 

Then update it to the latest definitions before you run it -- set it to do a full system scan.

 

If by any chance it refuses to install or won't run after installing because malware is preventing this you can sometimes defeat the malware by changing the name of the exe file to anything except its real title and tehn run it!

 

But I would not expect you to find something just because of that precautionary message you received.

 

Please let us know how you get on.

per your request scanned the systme with Malwarebytes. Deatials as follows:

Malwarebytes' Anti-Malware 1.44
Database version: 3790
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/25/2010 9:12:05 AM
mbam-log-2010-02-25 (09-12-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 301029
Time elapsed: 1 hour(s), 10 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Please update

 

Thank You

Rao

rao,

 

Unless someone else thinks otherwise what more can I say than Malwarebytes shows no infections found ....

 

I'd relax and make sure I keep Norton 360 uptodate and practice safe computing .... remember:

 

"The greatest dannger to your computer lises between the left ear and the right ear of the user"  

 

That's when we do something we should not have done! <s>

Thank you for all your help.

 

Rao

rao -- you know where to find us if you need an explanation or other help but I wish you smooth sailing ....