Norman false detection

vozzie · August 10, 2009, 08:21:07 PM

Today I got a message of Norman and then a part of it crashed. This happened when i did a file search on the MASM32 samples folder.

The support department got warning mails, these are the files who were recognized.

All the same 'infection' Virus name: 'W32/Obfuscated.AE!genr'

File infected: C:/masm32/examples/exampl10/enumerate/enumdd/enumdd.exe
File infected: C:/masm32/examples/exampl07/dispatch/type2/arrdisp2.exe
File infected: C:/masm32/examples/exampl07/mmfdemo/slave/slave.exe
File infected: C:/masm32/examples/exampl07/dispatch/type1/arrdisp.exe

Looked into the source files and did not see any strange things. Every time i did a rebuild they were deleted again.

I just post this to share this information, not to look for help :), the forum section is clear.

(Unless they are builded with a virus into them, but i doubt because i builded other samples before)

Funny because normally i turn of norman most of the time because it slows down the system too much.

I created 2 bat files to turn norman on and off :),

@echo off
NET STOP eLoggerSvc6
NET STOP "Norman NJeeves"
NET STOP nsesvc
NET STOP nvcoas
NET STOP NVCScheduler
NET STOP "Norman ZANDA"
echo "STOPPED NORMAN"
pause

dedndave · August 10, 2009, 09:00:44 PM

if you look around on the norton website, you will find one of my all-time favorite programs
it is called "The Norton Removal Tool"

hutch-- · August 10, 2009, 11:33:48 PM

vozzie,

Do yourself a favour, get rid of it and if you need AV scanning, use a good quality one that does not mess up your computer. There are some very good AV products in the top end of the market, Kaspersky, NOD32 etc ... but much of the low end freeware is junk that pretends to find things that don't exist but are not smart enough to catch the really dangerous stuff.

MichaelW · August 11, 2009, 01:25:16 AM

Dave,

That's Norman.

dedndave · August 11, 2009, 01:33:13 AM

oh - lol
i thought he was using pseudonym - lol
btw - that link doesn't open for me - but that's ok

MichaelW · August 11, 2009, 05:14:07 AM

Perhaps the Norton AV that you thought you removed is blocking it :toothy

ToutEnMasm · August 11, 2009, 05:37:41 AM

I use this one for free
http://www.free-av.com/

vozzie · August 11, 2009, 02:29:35 PM

Thx again for the replies,

It's the company where i work that's using Norman. Home i use various online scanners and am carefull in my moves on the internet... Anyway, i believe nothing can stop the newest/latest exploits, and "almost" everybody is administrator on his winbox... so being carefull and trying get to know the system is what i do... sometimes it's even fun to remove a (non-destructive) virus, and have a battle against it.

Greetings

dedndave · August 11, 2009, 03:24:28 PM

i went over to a friends house the other day
she had gotten one of these fake trojans trying to sell software (similar to windows antivirus 2009)
she had norton - it did no good
norton slows your system down SO much, then it doesn't stop a simple fake trojan
it's a useless waste of time and money

bruce1948 · August 11, 2009, 05:53:50 PM

Quotenorton slows your system down SO much,

I couldn't agree more. I had norton installed some time back and was trying to install some software, with norton after 5 (five) hours it still hadn't installed (this with norton supposedly disaled). After removing norton it installed in 10 minutes.

Bruce

hutch-- · August 12, 2009, 01:00:14 AM

vozzie,

There is a solution to computer security but its only for "savvy" users who understand what is happening with their computer. Get rid of all of your AV stuff, especially anything that runs of a service all the time and make sure your machine is squeaky clean and configured properly. Use a hardware firewall in your router, use a software firewall running under the OS and turn off any service that you do not use.

Test this against Steve Gibson's security web site, plug up any other holes you may find and if your computer is the only one on your router, absolutely share nothing in terms of printers or disk drives.

When all of this is done and reliable, get an email app like POPTRAY that checks your email on the server, download only what you know is for you and delete the rest at the server. If you must download risky stuff, use an AV product that does not install as a service and that runs when you want it to run to scan anything that you don't trust that you have downloaded.

vozzie · August 12, 2009, 07:12:50 PM

Thx for the reply and for the Steve Gibson hint...

The setup is almost what i have, but i did some scanning on grc.com and port 113 was not stealthed... following his information i'm now "full stealth" on my router... :dance:

Greetings

News:

Norman false detection

bruce1948