Norton IS 2006 Trojan message – nonsense?

  StephShadow 11:33 20 Dec 2005

Good morning. I just read this thread click here
and wish I’d read it before I bought NIS 2006... But - I have it now and wonder why I’ve been getting this message over the past few days see pic click here . All virus definitions are up to date, live update is running on auto, a complete scan of everything shows no viruses or anything else.

Anyone else getting this? Does anyone know what the file _p9hEPQkbj.exe is? And what the heck does Action taken - ‘Access to the file was denied’ mean in English? It’s not a great help is it? Being told you’ve got a Trojan and then not knowing who tried to access the file and that access was denied by some unknown third party….sorry…’s the use of the passive voice. Does it mean Norton denied access? Or that the virus denied access to Norton? I have no idea. It drives me potty and I don’t trust my PC enough to access my bank account!

I ran the Symantec Automated Support Assistant from their site and it told me I have an older version of Live Update running. That’s all. Hoorah. If so, why haven’t they sent me the new version down the wire? I don’t trust this message from Symantec and I don’t trust Norton right now. Which is why I’m asking you guys and gals. Any help much appreciated.

  stalion 11:43 20 Dec 2005

do a scan with a2 click here

  SG Atlantis® 11:43 20 Dec 2005

Try online scan with housecall and ewido

click here

click here

  StephShadow 14:03 20 Dec 2005

Thank you stalion and SG Atlantis. I ran the ewido scan and it came up with a load of cookies plus these two:

Name: Trojan.Java.Femad
Path: C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
Risk: High

Name: Downloader.Agent.zd
Path: C:\WINDOWS\hda.exe
Risk: High

...rather than fix them immediately, I scanned these in Explorer with Norton and it said (ta-dah) no threats come? The dates on these files are June 2004 for the Trojan and 17 Dec 05 (Sat) for the hda.exe

I remember on saturday a Norton dialogue box came up and said hda.exe was trying to access the internet - allow this connection (recommended) - so I did. It was immediately after this that the Trojan warning appeared. So Norton is to blame? The hda gizmo tried to activate the trojan from last year? Is that what happens?

So....I wonder...given the nonsense in the Norton trojan message (that weird file name that doesn't exist) Norton actually working right now?

I have no idea. It's a disgrace. I would love Symantec to know about this. But I have no intention of spending £18 for the privilege of talking to their tech support. And I've been using IS constantly for over 2 years now.

What to do now....I noticed yesterday that in the Norton Protection Centre the ticked boxes weren't all on the defaults and that the full scan didn't have 'scan compressed files' ticked (not that I had changed the defaults!) maybe Norton is up the....

Q: what happens when I click 'remove infections' on ewido? Does it just delete the files?

  VoG II 17:33 20 Dec 2005

Re the reported problem in the Java folder click here

  ade.h 18:03 20 Dec 2005

I wouldn't trust Norton to find its proverbial backside with both hands. You'll need to get rid of the Trojan and the downloader ASAP. If the programs that you used to find them don't have removal capability, search the net (from another PC!) for removal tools.

  StephShadow 14:20 21 Dec 2005

Thank you for the advice and help. I’ve run ewido 3 times now: it found and deleted the Trojan plus loads of spyware cookies. I tried Trend too but I’m still using dial-up (does that elicit a laugh? Want to advise me on bb?) and after 26 mb and 2 hours, I lost the lot, shame. Thanks for the java info too.

I guess I won’t say okay when Norton recommends me to allow any more connections via a hda.exe ? and I thought Norton was for the uninformed, like me! I should spend time sat on my own proverbial looking at the alternatives.

Thanks again.

  SG Atlantis® 15:30 21 Dec 2005

If you don't know what's asking for internet access deny it. If it effects the internet then go into the firewall and allow it again.

Who's your dial up with?

  ade.h 15:46 21 Dec 2005

With Norton products - especially the firewall - initial appearances tend to suggest user-friendly ease of use.

As soon as you have start really using it, that's when you realise that it is in fact a pain in the backside!

SG's suggestion is a good one, but with Norton Firewall, it can be difficult to undo certain rules after they have been created. Someone else found that recently.

  Sharpamatt 17:32 21 Dec 2005

dont forget this could still be hidden in system restore

  ade.h 19:32 21 Dec 2005

Good point: System Restore must be switched off and then switched back on AFTER a Windows re-boot to remove restore point saves whenever you remove a virus, trojan or other high-risk malware.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

8 brilliant character artists speaking at Pictoplasma 2018

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?