Threats detected

I ran a Norton Internet Security scan on an external hard drive. It came up with two threats.

 

When I clicked on the threat Adware.Adpopup name in order to get more details, it show several dozen files in folders that were on the internal hard drive, including Windows, AppData, Program Files, etc. But I had earlier today run a scan on the internal C: drive and it came up clean.

 

So I closed Norton without removing the threats, ran a scan on the C drive, and it came up clean.

 

Then I ran the scan on the external drive again, again it showed threats on the C: drive.

 

And if I navigate to the locations that Norton says the infected files are located, I do not see the files, sometimes the folder it indicates does not even exist. And I am set to show hidden files and folders.

 

And why is a scan on an external drive showing threats on the internal C: drive?

 

 Any idea what is going on here?

 

Thanks

Hi, Vincenzo. It seems odd that you're scanning an external drive which then shows the threats on drive C. I would think it would be drive F.

 

As these seem to be pups and not necessarily malicious, Norton has not reported them.

 

I'd suggest running a scan on that drive {drive F ? } with either Malwarebytes/and or Superantispyware, to see what they find.

 

If anything IS found they will quarantine these, and they can safely be left in quarantine.

It is not odd when it is known how Norton can work

 

Don't worry about what Norton lists except what may be on the external drive as a file(s) to remove if so wish.

 

Adware.Adpop is a Symantec detection name, so Norton has detected a file, so how Norton has detected an item(s) but "Norton has not reported them." is a contradiction as Norton has alerted / Reported to the user Adware.Adpop on a External HDD

 

"I ran a Norton Internet Security scan on an external hard drive. It came up with two threats"

 

As I have said before Norton does detect PUP's but as PUA's a lot of the time or the likes of Yontoo has it's own name  of Yontoo. (A,B,C)

 

As I said don't worry about the rest other then what is on the External Drive item(s)

 

Quads

OP wrote later in post

 

So I closed Norton without removing the threats, ran a scan on the C drive, and it came up clean.

 

That was what I was referring to.

I know whay it is happening, so nothing is strange about C:\ instead of say F:\, and this can also be ignored "As these seem to be pups and not necessarily malicious, Norton has not reported them." as it has nothing to do with what the user reported either.

 

The user just does not have to bother about the listings, just the 2 on the external drive.  Then fixed without anything strange or otherwise.

 

The other info about not being by Norton or it being strange etc.  has nothing to do with it.

 

User just has to go about life after the external Drive has the 2 files removed if the user so wishes.

 

Quads

I forgot to check the box for "Email when someone replies", I didn't know I had all these replies.

 

I went ahead and had Norton remove the threats and then I took a look in quarantine. There are only the two files in there, from the external drive. But when I click on one of the files and then More Details, it lists all the files I referred to above on the C drive, and says "No action required". At the bottom of the list it shows the file from the external drive, and says "Removed" next to it.

 

So what is Norton doing? Why does it list files that do not seem to exist as far as I can tell, then say "No action required" on them?

Hi Vincenzo,

 

Hope this explains things to some extend.

But when I click on one of the files and then More Details, it lists all the files I referred to above on the C drive, and says "No action required". At the bottom of the list it shows the file from the external drive, and says "Removed" next to it.

So what is Norton doing? Why does it list files that do not seem to exist as far as I can tell, then say "No action required" on them?

 

At first, let me tell that this is quite normal after a successful threat removal. Thats how it is designed to work.

 

If you clicked the drop box which shows ''File Actions' you can select and view the other actions like regarding the registry or network.

 

And why is a scan on an external drive showing threats on the internal C: drive?

May be this is my personel view:

There is noting to worry about the files listed by NIS, because NIS scanned the threat as if it was already on system, which means it (threat) created some files for its (threat's) proper execution (which was not correct in your case) and NIS tried to remove that non-existant files (may be existing too, I cannot tell it). That was not your case, so dont worry, again.

 

Let me make it clear:

The threat (adware in your case) will need some files and registry entries to exist in a system. These essential files must be removed to clear the threat completely. So Norton has searched your C: (which is the favorite location of most threats as well as legitimate programs) for that particular files (which were not really there ) and tried to clean it.

 

So I closed Norton without removing the threats, ran a scan on the C drive, and it came up clean. Thats why your C: came up clean.

 

I'm not too much expert in malware analysis, but I can tell you, may be (its a possiblity only) some of those files was in your system if your system was infected instead of that external drive. The reporting of non-existing files in C: is confusing.

 

 And if I navigate to the locations that Norton says the infected files are located, I do not see the files, sometimes the folder it indicates does not even exist. And I am set to show hidden files and folders.

I hope this will explain you :

 

I had and have a problem currently with my NIS, which is that, the hidden files and system files become visible after NIS removes certain threats (those were residing in my USB flash, not in my system).

It recomes after a lot of reinstallations of both NIS, OS everything, thus I went to the URL provided on the threat name and manually searched for the threat & its side effects and found that the registry keys related to hidden files and system files visiblity was modified by that threat to conceal its presence on system (But my system was not infected and I had manually set the hidden files and system files to be invisible) along with some other registry entries and files too.

Hence Norton tried to revert that setting in registry back to 'view all hidden and system files', assuming that' hide all hidden and system files' was set by that threat. As a result, after successful removal of that threat, my hidden files and system files were visible.

Also some files which it said, it removed was never in my system, especially some shortcuts on desktops.

 

So in your case NIS assumed some files and registry entries of the popup (aka residue of threat) were in your system and removed it. 

You may say it as a drawback or glitch of Norton, but since that files were non existant, nothing to concern about.

 

Hope it eases you.....

 

Message edited for readablity.......

 

OK thanks. At least I know that the behavior is not unusual.

I ran a Norton Internet Security scan on an external hard drive. It came up with two threats.

 

When I clicked on the threat Adware.Adpopup name in order to get more details, it show several dozen files in folders that were on the internal hard drive, including Windows, AppData, Program Files, etc. But I had earlier today run a scan on the internal C: drive and it came up clean.

 

So I closed Norton without removing the threats, ran a scan on the C drive, and it came up clean.

 

Then I ran the scan on the external drive again, again it showed threats on the C: drive.

 

And if I navigate to the locations that Norton says the infected files are located, I do not see the files, sometimes the folder it indicates does not even exist. And I am set to show hidden files and folders.

 

And why is a scan on an external drive showing threats on the internal C: drive?

 

 Any idea what is going on here?

 

Thanks