amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
4 edits |  NAV/ SAV defintions release for 'weekend bug-fixes'
If you are experiences the issues reported in these topics posted over the weekend or were one of those reporting those issues in the following threads -
»CCleaner now installs with adware?
»Norton and SpywareBlaster updates causing FP (likely)
or
»SAV 10 just started flagging hosts entires
Rapid release definitions released today are available.
How to fix today:
Full info:
The first set of definitions containing the fixed script is –
Rapid Release Sequence – 75350
Version – 12th November 2007 (rev. 020)
NOTE: Please make sure to select the appropriate release for your version and Operating System.
These updates will be available using the certified definitions from the 13th onwards.
Many thanks to my friends at Symantec who worked this issue today [ a holiday ] and got back to me with the official word before 5PM Pacific !!!!
Link to rapid release definitions:
»www.symantec.com/avcenter/rapidr···oad.html
NOTE: Please choose the download for your OS and product.
32 bit products-
SAV10 versions: symrapidreleasedefsx86.exe
Norton [ all versions except 2008 symrapidreleasedefsi32.exe
Norton 2008 symrapidreleasedefsv5i32.exe
64bit
2008 ONLY: [Norton] symrapidreleasedefsv5i64.exe
Prior versions: [Symantec10 & 2007 and earlier] symrapidreleasedefsi64.exe
Please feel free to post any dowload or other issues related to the download and installation problems if encountered in this topic for further follow up.
Thanks all !!!
-amy-
 |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
| Thanks to you Amy and the people at Symantec that corrected this today.
Everything is back to normal on my system again,Spybot settings are now fine along with the items that where unchecked in SWB.
And no flags of any sort with NIS 2007.
Thanks again for your help!!!
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02 | reply to amysheehan
Thanks Amy! |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
2 edits | reply to amysheehan
How to obtain definitions via FTP download
What's new info via FTP for all definitions and releases by dates includes name changes and modifications are available here:
»ftp://ftp.symantec.com/public/english_···snew.txt
BY FTP The most recent defintions are available here:
»ftp://ftp.symantec.com/public/english_···release/
Note Current release RR's are 38, 39, and 40. Any RR set above Rev 20 include this fix as well.
Full certified included and modifications made info is also available here: »www.symantec.com/avcenter/whats_new_RR/
Protection modification info will be updated soon for Adware.SystemProcess at the bottom of his page.
»www.symantec.com/security_respon···&tabid=1
-amy-
--
DSLR Phishtracker |
|
Owlbet
Night Owl of the Arctic
Premium,MVM
join:2002-09-24
Palmer, AK
clubs: | reply to amysheehan
Re: NAV/ SAV defintions release for 'weekend bug-fixes'
Amy, you rock!
All updated and not an issue to report. |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| said by Owlbet  :Amy, you rock! All updated and not an issue to report. My goal is to get this info available especially to those who have not yet been affected due to once a week updating and scanning before they have the problem.
Tuesday's certified daily updates will include the remediation and the Live Update weekly won't include them until Wednesday.
So this info and fix could help many many folks.
The info included by all those posters with their different situations and combinations of products really speeded this resoltion along as that was used to locate the common linkings in several setups and products that needed some 'tweaking' on an older release set to make it work with changes in other programs that innocently caused flagging of items that resembled each other in name and action to set off 'alarms'.
Again, please report any issues and lack of problems after your updates to your product so they may all be in one place for follow up by the Symantec writers and engineers.
Thank you all for your input.
-amy-
--
DSLR Phishtracker |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
| reply to amysheehan
This False Positive is not yet fixed. I ran the rapid response update prior to running the NIS 2008 Quick Scan on my Vista Business system.
Interestingly, it says it deleted 79 entries from the HOSTS file; however, my HostsMan only shows 8 entries were deleted. Using MVPS hosts entries only.
This has been going on since 10-Nov-07. I would hope that the Symantec group gets it resolved soon. |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
1 edit | Re: NAV/ SAV defintions release for 'weekend bug-fixes'
Let me set the record straight. I am not a Symantec/Norton employee. Just a home user of those products since 1994 who has volunteered numerous hours of research to see that problems get attention when posted topics are asking for sincere help and include details to resolve an issue.
Just blowing off a problem never solved one - they just multiple and remain longer due to the effort to get the facts to aid in resolution to in this case a complicated sense of issues.
In this situation, some tweaking and sharing of issues made for communications between many independents become the basis for good researched work.
Sure there may be more not yet reported.
I am only trying to make the process work in everyone's favor and that includes their contributions to the specific issues and a better understanding of how to resolve and prevent future miscommunication from affecting several entities.
I am not a fan-boy, just a consumer who wishes to see issues discussed and handled in an effective manner for everyone's benefit.
Sincerely,
Amy Sheehan
--
DSLR Phishtracker |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
1 edit | reply to amysheehan
said by amysheehan :32 bit products- SAV10 versions: symrapidreleasedefsx86.exe Norton [ all versions except 2008 symrapidreleasedefsi32.exe Thanks, Amy! I'm confused as to the proper version, since on the webpage you link to, it states for BOTH of those files, under relevant software:
Symantec AntiVirus 9.0 Corporate Edition Client
Symantec AntiVirus 10.0 Corporate Edition Client
For those versions, how do we know which to install?
And are these updates not available with a manual "check for updates"?
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
amysheehan
Lakers Win
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| The daily release schedule for Nov 13 th will allow the direct download up the Daily Updates which will include the fixes included in any Rapid Release definitions after revision 20 on Nov 12th.
If you're not affected - just wait for the daily updates released Tuesday the 13th for your product.
-amy-
Look for the update for your Symantec Corp Client Edition for 32 bit systems.
-amy-
--
DSLR Phishtracker |
|
might join
@btcentralplus.com
 from:
antdude
amysheehan
| reply to amysheehan
Hi guys
(Originally posted here »CCleaner now installs with adware? but copied by request)
I have just found this thread after I experienced the same Adware.SystemProcess problem after a Norton update a couple of hours ago (It is Tues 13th in my time Zone but I guess the fix isn't "out-there" yet, lol).
Anyway FYI...
my CCleaner is 2.0.0.500
my Spyware Blaster had 6 IE threats unprotected (but I don't use IE!)
So I thought I'd do a little experiment... I re-enabled all of SpywareBlaster's protection, updated it, and enabled everything again. I ran a quick Norton scan again, wondering if it would find the same problem a second time.
No, it didn't. But it did disable 6 SBlaster things again (without saying anything!)
AND ...
It "fixed" a security risk "SecurityRisk.URLRedir", this translates to 79 hosts file entries....or it would have done, except that I blocked Norton's change with WinPatrol (free version) I haven't checked all of the supposed bad entries, but the few that I did check were NEVER there!!! - things like Kaspersky, McAffee, F-secure etc.
Now that is two lies. That they were there, AND that they had been fixed.
...and why didn't it find this "problem" when it found the Adware.SystemProcess problem? Nothing had changed in the meantime except the SpywareBlaster update.
My Spybot S&D immunisation, however, hadn't been tampered with at all. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to amysheehan
Any news on the two files that are getting deleted that do appear to be a part of a true infection (maybe leftovers from a prior cleaning or from the AV stopping the full payload from dropping?)
quote:
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
| quote:
--------------------------------------------------------------------------------
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log
--------------------------------------------------------------------------------
I honestly think that NIS 2008 is false reporting what it says it is doing on this False Positive.
I did a scan of my C drive yesterday just before my daily NIS full scan. P.dat and Ibhog.log were nowhere on the C drive (and yes I have all my files and folders visible).
When NIS reported removing this False Positive, it showed removing the 2 files again...3 days straight.
This same thing is occurring with the 79 entries it says it is removing from the HOSTS file. It falsely removed 8 valid entries from the MVPS. Where the other 71 entries reported came from, I have no idea. |
|
might join
@btcentralplus.com
| reply to might join
Ooops! I made a mistake about the Adware.SystemProcess prob not showing up a second time. I just checked my NIS history and it DID do the "removing" and the "fix" twice, but like siliconman01 says, I don't think these things were ever there to start with.
I'm using NIS 2007 on XP, BTW.
Surely, it can only be that updating the SpywareBlaster caused the hosts file "error", no?
I'll wait till the 14th before I get my updates from Symantec, then see what happens. |
|
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
| When I saw the cleaning that had been done (on my pc, it was those same 2 files and 97 registry entries) I assumed that Symantec was informing me what could have been infected had I actually been infected by adware.systemprocess.
My hunch is SWB kill bit entries in the registry were the only things actually removed from my computer.
|
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| reply to amysheehan
said by amysheehan :Look for the update for your Symantec Corp Client Edition for 32 bit systems. That's just it, Amy; as I read the descriptions for TWO of the files, BOTH symrapidreleasedefsx86.exe AND
symrapidreleasedefsi32.exe say they are 32 bit and for versions 9 and 10 of SAV client, among others. Probably a moot point, as I'll just run a manual update late on the 13th, but for the life of me, I can't see where I'm reading that page wrong.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | reply to amysheehan
The 13-Nov-07 LiveUpdate still deletes HOSTS file entries as per my post above.  |
|
JRosenfeld
join:2005-06-06
UK
3 edits | reply to amysheehan
I am also using mvps HOSTS file (latest update). Quick scan with NAV 2008 (today's updates), claimd to have removed 79 items from HOSTS.
In fact it only removed the following:
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking.Cookie]
127.0.0.1 sdc.ca.com
127.0.0.1 sdc.mcafee.com #[statse.webtrendslive.com]
127.0.0.1 wdcs.trendmicro.com
127.0.0.1 om.symantec.com
127.0.0.1 tc.symantec.com
Clearly it sees the name of some recognised AV supplier and does not check the context in which those names occur (malware is known to add AV app sites to the HOSTS file).
I restored the risk and it put those entries back in. without the comment script (for the ghost ones that it said it had removed, the restore indicated nothing to do).
I Also checked the box to omit in future scans, but it is not clear whether that will just omit those particiular entries or whether it will simply not scan the entirs HOSTS file. If the latter, I can always restore the risk once Symantec have fixed the FP. |
|
