• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

好评0

Heur.AdvML.B

My weekly full system scan turned up this.

Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
7/3/2016 08:51:50,High,razoapi8.dll (Heur.AdvML.B) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\john ozuk\appdata\local\temp\razoapi8.dll

Given that it is an oddly named dll in temp I might suspect a false positive from my HP printer software.

Be that as it may, I have some more basic questions.

1) what is this purported to do

2) what is risk level.  Your web site says low, report says high

回复

好评0

Re: Heur.AdvML.B

For second opinion choose File and / or Search hash at VirusTotal and/or submit to Symantec for review analysis > see > How to report false positives

好评0

Re: Heur.AdvML.B

Thanks

So I will need to un-quarantine to send to them?

好评0

Re: Heur.AdvML.B

Quarantine > More Options > Copy to Clipboard may offer Secure Hash Algorithm.
step thru form and see options e.g., https://submit.symantec.com/false_positive/standard/
Heuristic detection as you know is an artificial intelligence guess.

好评0

Re: Heur.AdvML.B

Thanks again, did find a send to Norton option in quarantine, which I did.  This is only hash I could find.  Hope Norton replies at some point.

Filename: razoapi8.dll
Threat name: Heur.AdvML.BFull Path: c:\users\john ozuk\appdata\local\temp\razoapi8.dll

____________________________

____________________________


On computers as of
2/21/2016 at 10:06:07

Last Used
7/3/2016 at 08:51:50

Startup Item
No

Launched
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.


____________________________


razoapi8.dll Threat name: Heur.AdvML.B
Locate


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

New
This file was released 9 days ago.

High
This file risk is high.


____________________________


Source: External Media

Source File:
csc.exe

File Created:
razoapi8.dll

____________________________

File Actions

Infected file: c:\users\john ozuk\appdata\local\temp\ razoapi8.dll Removed
____________________________


File Thumbprint - SHA:
2080408b68634716424417f946b32fff3563be654b1c1d2fd0dfdefc6d6c5372
File Thumbprint - MD5:
Not available

好评0

Re: Heur.AdvML.B

VirusTotal > File not found > The file you are looking for is not in our database.

https://www.virustotal.com/

send to Norton option in quarantine will not reply to you.

How to report false positives ...will reply to you.

Do you have Norton Heuristic Protection at Automatic.  If you turn Heuristic Protection Off and can reproduce event.   Norton may report e.g., WS.Reputation.1

好评0

Re: Heur.AdvML.B

@JohnOzuk: What are the most recent changes you made to your PC? E.G., downloading/installing some software (Free YouTube Downloader, e.g.)?

Try un-quarantining that dll file; share us with an img of the Properties tab. Please do no miss the Digital Signatures part if it is available there.

PS: Heur.AdvML.x: Heuristic Adware v(?) Malware (Down)Loader?

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
好评0

Re: Heur.AdvML.B

Hope submitted,  web page never came back with a success message

好评0

Re: Heur.AdvML.B

Still not a peep out of Norton.  Am I being too anxious?  I am not 100 percent sure it was sent.

好评0

Re: Heur.AdvML.B

Hello JohnOzuk

Please submit again to Norton for false positive. They reply within 24 hours with a file number. If you get the file number from Norton, please post it in here. Also, if you have already emailed it to Norton, please check your Spam Detector. Often emails like this end up in Spam Detectors. If you get a file number from Symantec/Norton, then I can check it out with Norton.

To report a false positive, please use this link

https://submit.symantec.com/false_positive/

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
好评0

Re: Heur.AdvML.B

Thanks.  This time submit sent me to a confirmation page,  On Monday it seemed to do nothing.  Not sure what was going on.  Here is number

The tracking number for your submission is: 3971077, please reference this tracking number in any further correspondence on this issue.

 

好评0

Re: Heur.AdvML.B

JohnOzuk:  The tracking number for your submission is: 3971077, please reference this tracking number in any further correspondence on this issue.

Please see > https://community.norton.com/en/comment/7075321#

好评0

Re: Heur.AdvML.B

Yup, from my resubmit tonight.  A least one other poor soul shares my pain

好评0

Re: Heur.AdvML.B

Hello John

Please post the tracking number to that Symantec Employee in the thread that bjm posted.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
好评0

Re: Heur.AdvML.B

Done, thanks all

Accepted Solution
好评1 Stats

Re: Heur.AdvML.B

Appears Norton agrees mine was a false positive

In relation to submission [3971077].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

Filename: razoapi8.dll
MD5: B480EB15863635BBBAEE4C17DE8B2117
SHA256: 2080408B68634716424417F946B32FFF3563BE654B1C1D2FD0DFDEFC6D6C5372
Result: Whitelisting for above file is taking effect from now on.

 

好评0

Re: Heur.AdvML.B

Norton Security identified & removed two instances of Heur.AdvML.B from our network. In both instances, the infected file was a Norton Antivirus setup file from 2004 that was downloaded directly from norton.com. Is this a false positive or a real virus?

好评0

Re: Heur.AdvML.B

Hello

Please follow the directions in this link to submit a file to see if it's a false positive.

https://submit.symantec.com/false_positive/   or to

www.virustotal.com

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.