In the submission history of Norton 360 I noticed something being submitted called "Suspicious.Vundo". Norton is calling it a sample submission and the file location is c:\windows\ehome\ehtray.exe. This isn't showing up in quarentine or anywhere else and I have never heard of this version of vundo before. Is this a mistake or am I infected with this threat, I have run malwarebytes and nothing was found. Any information would be helpfull.
In the submission history of Norton 360 I noticed something being submitted called "Suspicious.Vundo". Norton is calling it a sample submission and the file location is c:\windows\ehome\ehtray.exe. This isn't showing up in quarentine or anywhere else and I have never heard of this version of vundo before. Is this a mistake or am I infected with this threat, I have run malwarebytes and nothing was found. Any information would be helpfull.
Late last night, I had an HP desktop machine to look at, and the detection arised in that machine to.
In this case the program had been installed on the computer ever since the guy had purchased it, 2 years ago, So I placed it in the "exclusions" lists.
Joey wrote: Hi Quads, do you have any thoughts on as to why Norton is reading this as a .Vundo recently? it seems to scare many users =[.
Hi
There would have been a definition update for Norton products that has the "Suspicious.Vundo" signature included/ or updated, After that Norton via Auto-Protect or Scans detects the program/file.
Just happens that in this case it looks as though it's caused an F.P. (false positive).
I had this happen to me twice last night. Norton had this in my history as “sample submission: suspicious.vundo” and the status was as of last night that it was processing. I don’t know if this is a trojan or not. I was able to talk to three different Norton support service people who didn’t help me at all. I wasn’t able to download the live update until one of the tech support people had me to do this online and to restart my computer. The tech people weren’t able to tell me if I had a trojan or not but wanted to charge me $100 to check my computer for one. After I downloaded the live update, I keep checking the Norton history and I didn’t get that suspicious.vundo message again. If this is indeed a trojan, how come I didn’t get a trojan/virus alert message? If I didn’t check the history, I would have never known about this. Should I be worry that this is a trojan? My computer was working fine before and after the live download. How do I run malwarebytes if I only have Norton installed on my compter. I was on the computer for three hours last night and all olf thetechd keep swirching me from tech to tech with one telling me that they didn’t think that I had a trojan/virus without checking my computer based on the information that I gave them. I hope someone in here can help. Thanks!
There is a possiblility of false positive, not sure. The file "c:\windows\ehome\ehtray.exe" belongs to Windows Media Centre. Refer to the information in the link below:
You could place the file "ehtray.exe" in the exclusions list(Autoprotect & Scan) so that Norton no longer detects this file. Norton suspects that particular File as a Trojan.Vundo due to it's signature and that is why it is marked as "Suspicious.Vundo". Since it is just a suspicion, Norton program will submit a sample of that file to the Symantec Security response automatically for further analysis and react upon the feedback from Symantec Security response accordingly. If the submitted file is found to be a threat during analysis, you will be informed by Symantec Security response on how to proceed further. If the submitted file is found to be clean, then the related entry will be removed from the History automatically.