Hi

Should Norton be removing another infection detected with the ending of !inf??

I tested in real world the installer(s) for "W32.Ramnit" for people who are finding after running allsorts of tools that one registry entry won't move (delete) and "deskoplayer" keeps re appearing,  And noticed that the last stage, Norton detected "W32.Ramnit!inf" which Norton set about dealing with.

After I could not run a couple of programs at and one was Thunderbird, it would crash out on loading.

I restored all the files from Norton's Quarantine, and disabled Auto-Protect.  I could then start programs including Thunderbird after restoring the files.

Then I noticed the !inf part of the detection and wondered if Norton should be trying to deal with this detection, reminds me of the fun with other !inf detections like "Backdoor.Tidserv!inf" and "Zeloaces!inf"

And yes I did manage to break it and go about removing Ramnit + addon(s) with 4 programs, a script and doing things in a very specific order, like when the removal process is started do not open or run any browser, so download any programs for logs or removal before hand.

Quads