NIS ran a scan last night and found these.   greader.class (Trojan Horse), gmerrews.class (Trojan Horse) and gmailer.class (Trojan Horse). It said "The Virus has been removed. No further action needed" on all three. I ran a scans with MBAM, SUPERAnitSpyware and full system with NIS all three came back clean. I would like some opinions here, do you think I'm pretty much clean?  Thanks for any help.

---

NervousWreck wrote:

NIS ran a scan last night and found these.   greader.class (Trojan Horse), gmerrews.class (Trojan Horse) and gmailer.class (Trojan Horse). It said "The Virus has been removed. No further action needed" on all three. I ran a scans with MBAM, SUPERAnitspware and full system with NIS all three came back clean. I would like some opinions here, do you think I'm pretty much clean?  Thanks for any help.

---

Hi NervousWreck

If all 3 AV programmes are coming up clean then that's a very positive sign.

They must be new trojan's. I can't find any info about them.

Hello NervousWreck

If they are still in your quarantine folder, you can have them further analyzed by using these links.

Please use this link if you think that a file is a false positive:
https://submit.symantec.com/dispute/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:


https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

You can send them to ThreatExpert and see what they say.

Threat Expert didn't tell me a whole lot or I don't know how to read it.

• Submission details:
  • Submission received: 15 May 2010, 09:04:21
  • Processing time: 6 min 14 sec
  • Submitted sample:
    • File MD5: 0x98B35D74EFB424637EB1DB48478DBE7C
    • File SHA-1: 0x3FAF85E4501F06CD1D89FC1A5688EB241B57D11B
    • Filesize: 259 bytes

Technical Details:

File System Modifications

• The following files were created in the system:

• Note:
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

• The following directory was created:
  • %Temp%\META-INF

Brand new (1 week old) nasty little trojans that can be aquired by playing a game on a "popular social network".   I had to manually remove them after Norton Internet Security identified them and quarantined them.  I used the security history to remove them.  The Norton team seems to be on top of all the latest ones.  I have forbidden the wife to play any more Internet games with her laptop on the aforementioned "popular social network". 

Chances are that you are in fact clean from these infections. MBam and SAS have been known to find infections that  a lot of anti-virus/anti-malware/internet-security programs miss. So I would believe with all 3 saying you are clean, then you should be good to go.

---

NervousWreck wrote:

Threat Expert didn't tell me a whole lot or I don't know how to read it.

 

 

• Submission details:
  • Submission received: 15 May 2010, 09:04:21
  • Processing time: 6 min 14 sec
  • Submitted sample:
    • File MD5: 0x98B35D74EFB424637EB1DB48478DBE7C
    • File SHA-1: 0x3FAF85E4501F06CD1D89FC1A5688EB241B57D11B
    • Filesize: 259 bytes

 

Technical Details:

 

File System Modifications

• The following files were created in the system:

• Note:
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

• The following directory was created:
  • %Temp%\META-INF

---

These are only the first results. They are probably being tested a little more by the companies involved, including Symantec

---

boowhip wrote:

Brand new (1 week old) nasty little trojans that can be aquired by playing a game on a "popular social network".   I had to manually remove them after Norton Internet Security identified them and quarantined them.  I used the security history to remove them.  The Norton team seems to be on top of all the latest ones.  I have forbidden the wife to play any more Internet games with her laptop on the aforementioned "popular social network". 

---

Hmm, I don't game but could have been my son. Will do some checking, Thanks.

boowhip would you mind pm'ing the site?

Any update on this?  I got the same exact alleged viruses.  The only game I played was Family Feud on Facebook.

Are these viruses for real or is it just a false alarm?

If they're real, why didn't NAV catch them when they were being downloaded/copied to the HD?

I won't name the site, but there are games like Bejeweled and Family Feud that can be played.

Yes, the trojan's are for real and free games on the Internet are never free.  The guys at Norton have to work just as fast as the guys that create the trojan's just to keep up.  Spy and counter-spy.  Good reason to keep your NAV up-to-date and be careful where you (or your family members surf).  I bought a hard copy (and trojan free) of Bejeweled for the wife to play on her laptop.

Hello

A good way that can help to help prevent others from getting infected by new malware is if you have the suspected files in your quarantine folder is to send them to Symantec. That can help create definitions so that you won't become infected again by the same malware. Of course the malware is still always changing so it may still get past your Norton product. You can send the suspected files to Symantec.

Please use this link if you think that a file is a false positive:
https://submit.symantec.com/dispute/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:


https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

You can try using the 2nd link in the above listing to send any suspected malware files to Symantec.

This same thing happened to me, last night, NIS found the virus

so since then i I have run NIS and Malwarebytes Anti-malware and comes up clean, but I found out that right after NIS found this virus for the first time, my yahoo account got hacked.

---

floplot wrote:

Hello

 

A good way that can help to help prevent others from getting infected by new malware is if you have the suspected files in your quarantine folder is to send them to Symantec. That can help create definitions so that you won't become infected again by the same malware. Of course the malware is still always changing so it may still get past your Norton product. You can send the suspected files to Symantec.

 

Please use this link if you think that a file is a false positive:
https://submit.symantec.com/dispute/

If there is a possibility that the file might be infected, please submit it to Symantec using this link:


https://submit.symantec.com/websubmit/retail.cgi



Another alternative which is fast you can use Threat Expert:

http://www.threatexpert.com/submit.aspx

(Thanks to Yaso for providing the links)

 

You can try using the 2nd link in the above listing to send any suspected malware files to Symantec.

---

Yes I sent all three to Symantec.

Very similar experience:

may 21--idle time scan caught three trojan horses [gmailer.class] [greader.class] [gmerrews] - all were in Sun/Java/deployment cache (Java updated May 20)

I sent reports to Norton ; Plus, have had repeated blocks of google update.exe by firewall, continuing today (Saturday)

Seems Norton has been on top of the threats 

Several  'access blocked/ intrusion attempt blocked ' logs  since May 21, 10pm

Not sure if it might be connected...Haven't played online games, but did take an online poll Thursday (thru a facebook ad) shortly before fb access went nuts.

Keep up the great work, Norton! Thanks!