Hello
It looks like just about everyone who posts here was asked by pm, well, let's say a number of people have been asked.
Calls wrote:it show partially removed because I took out the flash drive before completing the fix?
... and bingo was his nameo! 
Just let nortons finish the job it started. update to norton 2010. i think you're causing more harm to yourself then what nortons can protect you from. do you still have the receipt from your compter?
i joke (i think).
yogesh_mohan wrote:Hi Calls,
I think that, some process from the threat or related to the threat started running in the background and because of that NAV 2008 showed that "partially removed". But, NAV 2008 is able to remove the critical viral part in the threat so that it can't spread to your computer and that is why it showed the result as "Resolved". You could have tried to run a scan in the pendrive by booting into Safe Mode. If you have the infected file in your Quarantine, try to Submit it to Symantec for further analysis.
Thank you Yogesh
To everyone who offered help, thanks.
I was merely trying to understand what the wording "risk state- partially removed " meant and if it meant that it could cause reinfection. I appologize that I am not that computer savy and require real basic explanations over and over in an effort to understand. As far as rehashing things, I'm just a simple person trying to understand very complicated problems
A tech friend of mine who also uses Norton (NAV2008 I should add) said that what probably happened is that when I scanned the flash drive, Norton detected the infection on my computer and removed it (thus the Status-Removed and Recommended Action- Resolved, No Action indications). My friend said that I probably removed the the flash drive before Norton could clean the flash drive as well. But that it did clean my computer and that I should have no infection.
I beleive that was the same thing that Yogesh and 3Play were also saying.
Yogesh and 3 play, please let me know if I now have the proper understing as outlined above
I would also like to note that I have run several Norton, Malwarebytes, and SpyBot scans in regular and safe modes since the infection.
ALL COME UP CLEAN. In addition I am receiving my automatic updates from Windows and Norton without problem.
SO I think it is pretty clear that this infection is gone.
Again, I appreciate evryone's help.
As far as PMing, I did so to those that have been great help to me in the past. I promise you all I shall no longer PM without permission first.
and the item was sent automatically to Norton for examination
All Gurus and staff again I appologize. I wil be upgrading soon and will require some help at that time. Please allow me to continue here on the forums. Again Much thanks
thanks all
For anyone else looking for information, this Thread holds all the information you need: http://community.norton.com/t5/Norton-Internet-Security-Norton/W32-Downadup-Information/td-p/58725. Hope this is useful, and happy reading!
Ran malwarebytes scan and it came up clean
Hi Calls,
This malware came out in 2008. Please see the following for details of this malware.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=3
If NIS removed it and MalwareBytes did not detect anything you are fine.
Best wishes.
Allen
To prevent the autorun such worms from removable disks while you are just inserting the storage - set up the windows to prevent autorun from this disks (I can provide fully detailed info only for WinXP users) or just delete from root directory of if the file autorun.inf, create folder and rename it to autorun.inf
This will prevent from creating the file with such name and windows will be not able to auto execute the commands inside of may be malicious autorun.inf file
Yes, this is an old virus. So it raises the question-
Why Did it Not get stopped immediately by NIS2010?
It was on a flash drive, the drive was scanned using NIS 2010. So how didi it get ON the computer if a scan was run?
here are more details
infected file
j:\recycler\s-5-3-42-28199(followed by a bunch more numbers)\jwgkvsq.vmx
so was it detected on the flash drive and removed from the flash drive? Would a flash drive have a registry?
If it was on my computer, then again it begs the question how did it get PASSED NIS2010 to make it on my computer?
As I said the flash drive was scanned prior to opening.
How do I delete it from quarantine, as in get it completely off my computer?
If I clear the entry in quarantine, does it restore the virus or completely remove it?
Why Did it Not get stopped immediately by NIS2010?
Why do you think so? I think it was stopped immediately on your computer (if your Norton was always active, not turned off)
It was on a flash drive, the drive was scanned using NIS 2010. So how didi it get ON the computer if a scan was run?
Why do you think that it is getting on the computer
(may be http://community.norton.com/t5/Norton-Internet-Security-Norton/to-Norton-Team-File-actions-without-executing-the-file/td-p/267875 will clarify the situation)
so was it detected on the flash drive and removed from the flash drive?
see Norton history logs
Would a flash drive have a registry?
no, it has not own registry if it is a usual flash storage and you are not running an operating system from it
If it was on my computer, then again it begs the question how did it get PASSED NIS2010 to make it on my computer?
see Norton logs - in which directory the malware was found
As I said the flash drive was scanned prior to opening.
for now lets leave this strange declaration for some next steps
How do I delete it from quarantine, as in get it completely off my computer?
just enter the security history, than choose Quarantine, search for this malware type and in details or options to find a link to remove from quarantine. To yourself maximum ensure you can run LiveUpdate to update your virus definitions and other components of Norton and start a full system scan.
what do you think about it all?
Hi Calls,
You can click on "More Details" from the Quarantine window to get more information on it.
When you click "Remove from history" it removes the malware from the quarantine area and your computer and removes it from history.
Hope this helps.
Best wishes.
Allen
so if it was stopped right away by Norton, then why did the registry need to be corrected?
What were the registry items?
<< Why Did it Not get stopped immediately by NIS2010? >>
Norton will not see it unless you scan the external drive or try to access the file and you said NIS did detect and quarantine it.
The real question is what protection was there on the computer from which the file was transferred to the thumbdrive .....
There are a series of instructions on how to disable auto run in Vista. This should be done. Nothing should be allowed to run on your machine until you tell it to run. You know about new variants to older malware, I'm sure.
http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/
"The main reason a computer gets infected with recycler virus is by exploiting the autorun feature available in windows. It copies the autorun.inf files on each drive of the computer, be it permanent or a removable media such as DVDs, CD ROMs, USB Devices, or Memory Sticks.The purpose of the autorun.inf file is to activate the actual executable virus present in the drive.In this case it’s recycler.exe."
As soon as the file began to do something malicious, Norton identified it and quarantined it.
Thought this sounded familiar http://community.norton.com/t5/Norton-Internet-Security-Norton/W32-Downandup-B/td-p/218516
Quads
huwyngr wrote:<< Why Did it Not get stopped immediately by NIS2010? >>
Norton will not see it unless you scan the external drive or try to access the file and you said NIS did detect and quarantine it.
The real question is what protection was there on the computer from which the file was transferred to the thumbdrive .....
Wife uses the flash drive at the school she works at. They use trend micro as thier security
When the flash drive was installed in our computer at home, we ran a Norton scan on the drive.
My wife says that she has auto run off, could it be that she is mistaken and that is why this happened?
I have a few questions if you all don't mind
1. So the fact it was quarantined mean that it was removed from my computer?
2. Also removed from the flah drive?
3. Could it have infected other parts of my computer?
A scheduled full system scan ran this morning, with only tracking cookies detected
Safe to say that I'm clean from this virus?
ANYTHING MORE I NEED TO FOLLOW UP ON TO MAKE SURE THIS IS RESOLVED?