Tim_Lopez wrote:
Hello Tech0utsider,
I'm not questioning that you would be protected. I'm fully confident in the layered protection in NIS to keep you secure. You could always submit the sample to Symantec to have it analyzed if the file was questionable.
Hi Tim
I have spent the best part of this weekend trying to clean this infection out of my system. Not only was it hijacking my DNS, directing me to rogue sites through my Mozilla browser, as well as totally disabling NIS09, which I have had to reinstall, now I am completely unable to run Live Update as the DNS corruption seems to have hijacked this somehow.
I have just about cleaned out the infection, with the exception of the Live Update problem (NOTE: it has also hijacked my DNS so I can't even get updates to run this Norton Security Scan). It is a test machine with backup available, but I like to get to the bottom of these things before giving up.
Now, to my disappointment and even dismay, I have just received a reply from Symantec Security Response telling me the file is CLEAN (tell me about it), but also a reply from Kaspersky Virus Submission telling me the file is infected and will be added to their next definitions base. Go figure.
Here are the replies I received:
[CLOSING]: Symantec Security Response Automation: Tracking #10006869.Below is a status update on your virus submission:
Date: November 1, 2008
Dear john a,
We have analyzed your submission. The following is a report of our
findings for each file you have submitted:
filename: c3222.zip
machine: Machine
result: See the developer notes
filename: c3222.exe
machine: Machine
result: See the developer notes
Developer notes:
c3222.zip is a container file of type ZIP
c3222.exe Our automation was unable to identify any malicious content in this submission.
The file will be stored for further human analysis This file is contained by c3222.zip.
Our automation was unable to identify any malicious content in this submission.
The file will be stored for further human analysis
Should you have any questions about your submission, please contact
your regional technical support from the Symantec website and give them
the tracking number in the subject of this message.
And this from Kaspersky:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Hello,
c3222.exe_ - Trojan.Win32.Pakes.llj
New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.
Please quote all when answering.
The answer is relevant to the latest bases from update sources.
--
Best regards, ...
Virus analyst, Kaspersky Lab.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
So there it is. I must say I have lost a little faith in Symantec Security Response for the moment, but not NIS09, which is excellent software.
John
Message Edited by johna on 11-02-2008 01:53 PM