symELAM.sys

Norton Security | Norton Internet Security
1

Hi

 

I have a query:

 

I have just upgraded to the latest version of Norton 360.  I also use Hitman Pro as a back up scanner.  Hitman has identified the file symELAM.sys as posible malware - presumably, this must be incorrect if the file has just been installed by Norton?

 

Thanks

 

Richard

2
Richard2323 wrote:

Hi

 

I have a query:

 

I have just upgraded to the latest version of Norton 360.  I also use Hitman Pro as a back up scanner.  Hitman has identified the file symELAM.sys as posible malware - presumably, this must be incorrect if the file has just been installed by Norton?

 

Thanks

 

Richard

Richard,

Sounds like a false positive.

You might check with hitman to be sure their scanner has been updated.

Keep us posted

3

Ok,will do,thanks very much for replying.

4
Richard2323 wrote:

Ok,will do,thanks very much for replying.

Hi,

If they are current then

https://submit.symantec.com/false_positive/

submit it here and alert the team that they may have a problem

Keep us posted

5

This is what Hitman came up with:

Name SymELAM.sys

Location C:\Windows\system32\drivers\N360\1501000.012

Size 21.0 KB

Time 0.2 days ago (2013-11-13 09:21:00)

Authenticode Invalid

Entropy 6.5

Product SymELAM

Publisher Symantec Corporation

Description Symantec ELAM

Version 1.0.0.111

Copyright Copyright (c) 2012 Symantec Corporation

RSA Key Size 2048

SHA-256 365C945ECB485455E113A4CD6B429311C29AC2D94393CEB78940C401F93D54F8

Scoring (22.0)

Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.

Time indicates that the file appeared recently on this computer.

 

 

Is it worth uninstalling and reinstalling Norton360,do you think?  The upgrade to the latest version was actually done by a Norton technician, so I would have thought it would be ok. 

Richard

6

Hi,

 

HitManPro also indentified the C:\Windows\System32\drivers\NIS\1501000.012\SymELAM.sys file on my computer as suspicious and I also updated NIS recently.

 

I used HitManPro because NIS stopped working (NIS.exe 50% CPU and after reboot a gap in the performance graph) to scan for malware. I checked the file and thr file has a invalid certificate:

SysELAM_sys_certificate_invalid.png

 

I uploaded the file to virustotal and no malware was detected. See also https://www.virustotal.com/en/file/365c945ecb485455e113a4cd6b429311c29ac2d94393ceb78940c401f93d54f8/analysis/1387559598/

 

I also submitted the file to symantec by using https://submit.symantec.com/false_positive/

 

Did anyone else notice this or has someone received a response from Symantec? Will Symantec update this driver?

 

Regards,

Frunsel

NIS 21.1.0.18

 

7

I wonder if this thread and this one http://community.norton.com/t5/Norton-360/When-Norton-360-uninstalled-ELAM-system-driver-missing/m-p/1065407/highlight/true#M98368  has a common problem.

 

I don't have a Win 8 system to test what I am thinking about to see if some of it is common.

 

symELAM.sys   and if it is missing but Windows still wants it. etc.

 

Quads

 

 

8

I did not uninstall NIS and I don't use Windows 8(.1) either. The certificate on the file is expired.as you can see below.

SysELAM_sys_certificate_invalid_expired.png

 

I found also a shadow copy of the previous NIS version (in 'C:\Windows\System32\drivers\NIS\1404000.028') but this file is older and the certificate is also expired.

 

If the driver is only used in Window 8(.1) during secure boot why is it installed on older Operating Systems?

 

Regards,

Frunsel

NIS 21.1.0.18