Today I checked my NIS quarantine out of curiosity, and surprisingly found this item: qq2009sp6kb7_update.exe NIS said “Trojan Horse detected by virus scanner”, because “Programs that infect other programs, files …”. And it wouldn’t tell exactly which Trojan Horse this file contains? Anyone with some software commonsense could tell from this filename that it’s an update file of a software called “QQ”. It’s an updater, it’s designed to change other files. BTW, QQ is the most popular IM in China, with more than 1 billion registerd users and 80135378 users online right now. (http://im2.qq.com/qq/diagram/qq_online.gif) I can’t imagine how many people experienced QQ update failure because of NIS. Most of them would never know the reason. Should NIS has a white list including popular and commonly used programs? Ironically, I restored this file and check for Norton File Insight immediately, it shows “Good”.
As the file is reported GOOD from the Cloud (Insight) perhaps it is no longer detected. Open the Norton’s user interface , click on Quarantine and restore your file from Quaratine. Make sure you use the very latest Norton updates . If the problem is still active , please visit this page https://submit.symantec.com/dispute/false_positive/ and provide Symantec with the necessary information . The issue should be resolved quickly
dallasthunder wrote:
Today I checked my NIS quarantine out of curiosity, and surprisingly found this item: qq2009sp6kb7_update.exe NIS said "Trojan Horse detected by virus scanner", because "Programs that infect other programs, files ...". And it wouldn't tell exactly which Trojan Horse this file contains? Anyone with some software commonsense could tell from this filename that it's an update file of a software called "QQ". It's an updater, it's designed to change other files. BTW, QQ is the most popular IM in China, with more than 1 billion registerd users and 80135378 users online right now. (http://im2.qq.com/qq/diagram/qq_online.gif) I can't imagine how many people experienced QQ update failure because of NIS. Most of them would never know the reason. Should NIS has a white list including popular and commonly used programs? Ironically, I restored this file and check for Norton File Insight immediately, it shows "Good".
Its your lucky day. I am an expert on QQ. Firstly, please advise the current complete title and version of QQ you are using. Clck main menu, help and about QQ. Next please advise your country and the language you are using for QQ.
Symantec has previously reported and resolved issues with QQ and both Tencent and Symantec have been advised that there is a "hole" in the programming of QQ which could be exploited. So it makes no difference if there are 1billion users of not it a question of quality of programming.
BTW most QQ users have multiple accounts so dont read 80 million users as "users".
I suspect you are using QQ in chinese but I dont know your operating system. You know I suppose that in Chinese there is a QQ2010 beta and this is a public release.
No I dont advocate a white list because then it would be too easy for someone to mimick the white list and bypass Norton. Norotn has a vulnerability list and application ratings and this should be of some comfort.
P.S.
Keep an eye on Norton history from the main menu, and dont be surprised when you see "Unauthorised Access logged - Access Process Data" as QQ attempts to open area of memory occupied by part of Nortons.
delphinium wrote:Please submit the file to Symantec so that they can take whatever steps possible to deal with it. I believe this has been brought up before, but it may require changes on both sides to solve it. In the first link there is a place to state that you are not the developer or owner of the software.
https://submit.symantec.com/dispute/false_positive/
http://www.threatexpert.com/submit.aspx
Can I just point out that the page says "The software vendor making the claim must complete the form before Symantec will begin a review.". I always find this puts off users and I have never had any feedback from any submissions. Maybe just a change of wording on the page would help.
Thanks for your reply. It's always good to see an expert in both Norton and QQ.
My QQ version is QQ2009 Official SP6 build 1451, running on Windows 7. I'm in Canada, BTW. As a Chinese, QQ is just a must have software, while Norton is not.
There might be some poor programming in QQ. For example, release before SP6 can not get online under Window 7. But are you sure NIS is having all the decent programming? Poor SONAR performance is bothering a lot users.
I opened NIS history, I do see a lot "Unauthorized access logged". It's like every other program will fall under this category. Most of actors are:
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLE UPDATER\GOOGLEUPDATER.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\ATIESRXX.EXE
C:\PROGRAM FILES\TENCENT\QQ\BIN\QQ.EXE
C:\WINDOWS\SYSTEM32\MRT.EXE
Apparently Tencent should improve some programming skills, as well as Logitech, ATI, Google and Microsoft.
To me it looks like NIS making "access process data" a very big deal. Isn't that a normal action for some programs and even OS itself?
cgoldman wrote:Its your lucky day. I am an expert on QQ. Firstly, please advise the current complete title and version of QQ you are using. Clck main menu, help and about QQ. Next please advise your country and the language you are using for QQ.
Symantec has previously reported and resolved issues with QQ and both Tencent and Symantec have been advised that there is a "hole" in the programming of QQ which could be exploited. So it makes no difference if there are 1billion users of not it a question of quality of programming.
BTW most QQ users have multiple accounts so dont read 80 million users as "users".
I suspect you are using QQ in chinese but I dont know your operating system. You know I suppose that in Chinese there is a QQ2010 beta and this is a public release.
No I dont advocate a white list because then it would be too easy for someone to mimick the white list and bypass Norton. Norotn has a vulnerability list and application ratings and this should be of some comfort.
P.S.
Keep an eye on Norton history from the main menu, and dont be surprised when you see "Unauthorised Access logged - Access Process Data" as QQ attempts to open area of memory occupied by part of Nortons.
What you are seeing is Norton Tamper Protection. Most antivirus software has this protection in an attempt to prevent malware from disabling it. Many processes access Norton files, which is allowed (logged) to a certain degree. When Norton blocks it, it means that the accessing software has attempted to access too far into Norton's systems or has tried to change something.
As long as it is just logging it, there is no problem. Norton is doing what it is supposed to do.
response in red
dallasthunder wrote:Thanks for your reply. It's always good to see an expert in both Norton and QQ.
My QQ version is QQ2009 Official SP6 build 1451, running on Windows 7. I'm in Canada, BTW. As a Chinese, QQ is just a must have software, while Norton is not.
I am of course aware of QQ2009 SP6 but I guess you must have used liveupdate rather than downloading the full sp6 from tencent. So you are using Chinese language which is what I wanted to check.
There might be some poor programming in QQ. For example, release before SP6 can not get online under Window 7. But are you sure NIS is having all the decent programming? Poor SONAR performance is bothering a lot users.
Its not a competition between Norton and QQ. If there is poor programming in Norton - and I think there is - then I make equal comments to Norton as I do to Tencent. But whether Norton has some issues or not, QQ appears to and that is not Norton's fault.
Poor sonar performance is often the fact that users misunderstand Sonar and the Sonar options.
I opened NIS history, I do see a lot "Unauthorized access logged". It's like every other program will fall under this category.
well it shouldnt
Most of actors are:
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLE UPDATER\GOOGLEUPDATER.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\ATIESRXX.EXE
C:\PROGRAM FILES\TENCENT\QQ\BIN\QQ.EXE
C:\WINDOWS\SYSTEM32\MRT.EXE
Apparently Tencent should improve some programming skills, as well as Logitech, ATI, Google and Microsoft.
Maybe that is so. I have not looked or asked Norton to look into the "actors" you list other than QQ. QQ is trying to open not just read an area of memory. I dont propose to give you all the details here because I think, with respect, that would be counter-productive in trying to ensure that in a public forum we do not give virus writers any opportunity.
What Norton is doing is sensible and proper and is protecting you albeit that the "actors" are not having their way and this may or may not affect their behaviour.
To me it looks like NIS making "access process data" a very big deal. Isn't that a normal action for some programs and even OS itself?
No. Programs should not need to interfere with Norton programs.
Today I checked my NIS quarantine out of curiosity, and surprisingly found this item: qq2009sp6kb7_update.exe NIS said “Trojan Horse detected by virus scanner”, because “Programs that infect other programs, files …”. And it wouldn’t tell exactly which Trojan Horse this file contains? Anyone with some software commonsense could tell from this filename that it’s an update file of a software called “QQ”. It’s an updater, it’s designed to change other files. BTW, QQ is the most popular IM in China, with more than 1 billion registerd users and 80135378 users online right now. (http://im2.qq.com/qq/diagram/qq_online.gif) I can’t imagine how many people experienced QQ update failure because of NIS. Most of them would never know the reason. Should NIS has a white list including popular and commonly used programs? Ironically, I restored this file and check for Norton File Insight immediately, it shows “Good”.