amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| reply to BTWUR
Re: NAV/ SAV defintions release for 'weekend bug-fixes'
said by BTWUR  :Hello everyone, Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive. Note that Weather Pulse Version 2.05 is effected by this false positive. If you have WeatherPulse 2.10 Build4 BETA installed it is not effected. Downloads for all WeatherPulse Apps can be found here. I also have posted at Calendar of Updates. » www.dozleng.com/updates/index.ph···ic=16389 Full topic has been posted here »NIS 2008 - Another False Positive- Weather Pulse V2.05 B36
Symantec is aware of the problem and it should be resolved with today's [Thursday] virus definition updates.
-amy-
 |
|
BTWUR
join:2004-04-07
Blue Ridge, VA
| reply to amysheehan
Hello everyone,
Symantec is flagging WeatherPulse as an Trojan.Adclicker. This is a false positive.
Note that Weather Pulse Version 2.05 is effected by this false positive.
If you have WeatherPulse 2.10 Build4 BETA installed it isnot effected.
Downloads for all WeatherPulse Apps can be found here.
I also have posted at Calendar of Updates.
»www.dozleng.com/updates/index.ph···ic=16389 |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
| reply to Longboard
said by Longboard :Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them. Dont really love my own security going on a little private rampage.  Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ? and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation. Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle. How do I lock the settings? Thx. I have never had that problem I have my settings set that way to,and it always prompts me before it downloads anything or removes things.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
Longboard
join:2005-04-13
australia
| reply to amysheehan
Yes Yes we're pleased and grateful that Symantec have fixed their mistake. Real Thanks to Amy for working so hard. Not so thrilled about boo-boo by Symantec and apparent lack of testing or follow-up by them.
Dont really love my own security going on a little private rampage.
Now: possibly a stupid question: but how to go about restoring those hostfile entries that NAV 2008 removed ?
and: a little advice please: I keep setting NAV/NIS not to auto-update and keep setting the removal options to "manual/notify me" to try and stop just this irritation.
Blow me down if all the settings dont seem to secretly revert to "automatic" = current pickle.
How do I lock the settings?
Thx. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to siliconman01
said by siliconman01 : quote:
That info will be passed along
Thanks much Amy. You've always provided superior assistance on these Symantec issues. Thanks to ALL of you who provided detailed info regarding your issues. This makes for related info to be all in one place making the research into and the development of a resolution much more efficient and is much appreciated by those who are responsible for taking the time to see that any issues I've passed along to them are handled by the best.
Once again, I'd like to thank all of those at Symantec who have worked with me and with all of you for their extra care and attention given to the dslr family.
-amy-
--
DSLR Phishtracker |
|
JRosenfeld
join:2005-06-06
UK
1 edit | reply to amysheehan
I can confirm that with the 15 November updates, the HOSTS entries are no longer flagged. I have reenabled the URLredirect detection that I had temporarily excluded. |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | reply to amysheehan
This HOSTS false positive issue appears to be corrected in the 15-Nov-07 LiveUpdates. At least a Quick Scan no longer finds anything wrong in the HOSTS file. |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | reply to amysheehan
quote:
That info will be passed along
Thanks much Amy. You've always provided superior assistance on these Symantec issues. |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
| reply to siliconman01
said by siliconman01 :This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates.
Same here on SAV 10.1 on XP pro with spywareblaster installed. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to siliconman01
said by siliconman01 :This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates. That info will be passed along
--
DSLR Phishtracker |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | reply to amysheehan
This HOSTS false positive issue is still not corrected in the 14-Nov-07 LiveUpdates. |
|
JRosenfeld
join:2005-06-06
UK
3 edits | reply to amysheehan
I am also using mvps HOSTS file (latest update). Quick scan with NAV 2008 (today's updates), claimd to have removed 79 items from HOSTS.
In fact it only removed the following:
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking.Cookie]
127.0.0.1 sdc.ca.com
127.0.0.1 sdc.mcafee.com #[statse.webtrendslive.com]
127.0.0.1 wdcs.trendmicro.com
127.0.0.1 om.symantec.com
127.0.0.1 tc.symantec.com
Clearly it sees the name of some recognised AV supplier and does not check the context in which those names occur (malware is known to add AV app sites to the HOSTS file).
I restored the risk and it put those entries back in. without the comment script (for the ghost ones that it said it had removed, the restore indicated nothing to do).
I Also checked the box to omit in future scans, but it is not clear whether that will just omit those particiular entries or whether it will simply not scan the entirs HOSTS file. If the latter, I can always restore the risk once Symantec have fixed the FP. |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV | reply to amysheehan
The 13-Nov-07 LiveUpdate still deletes HOSTS file entries as per my post above.  |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| reply to amysheehan
said by amysheehan :Look for the update for your Symantec Corp Client Edition for 32 bit systems. That's just it, Amy; as I read the descriptions for TWO of the files, BOTH symrapidreleasedefsx86.exe AND
symrapidreleasedefsi32.exe say they are 32 bit and for versions 9 and 10 of SAV client, among others. Probably a moot point, as I'll just run a manual update late on the 13th, but for the life of me, I can't see where I'm reading that page wrong.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick |
|
planet
join:2001-11-05
Olmsted Falls, OH
·Cox HSI
| reply to might join
When I saw the cleaning that had been done (on my pc, it was those same 2 files and 97 registry entries) I assumed that Symantec was informing me what could have been infected had I actually been infected by adware.systemprocess.
My hunch is SWB kill bit entries in the registry were the only things actually removed from my computer.
|
|
might join
@btcentralplus.com
| reply to might join
Ooops! I made a mistake about the Adware.SystemProcess prob not showing up a second time. I just checked my NIS history and it DID do the "removing" and the "fix" twice, but like siliconman01 says, I don't think these things were ever there to start with.
I'm using NIS 2007 on XP, BTW.
Surely, it can only be that updating the SpywareBlaster caused the hosts file "error", no?
I'll wait till the 14th before I get my updates from Symantec, then see what happens. |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
| reply to Doctor Olds
quote:
--------------------------------------------------------------------------------
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log
--------------------------------------------------------------------------------
I honestly think that NIS 2008 is false reporting what it says it is doing on this False Positive.
I did a scan of my C drive yesterday just before my daily NIS full scan. P.dat and Ibhog.log were nowhere on the C drive (and yes I have all my files and folders visible).
When NIS reported removing this False Positive, it showed removing the 2 files again...3 days straight.
This same thing is occurring with the 79 entries it says it is removing from the HOSTS file. It falsely removed 8 valid entries from the MVPS. Where the other 71 entries reported came from, I have no idea. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to amysheehan
Any news on the two files that are getting deleted that do appear to be a part of a true infection (maybe leftovers from a prior cleaning or from the AV stopping the full payload from dropping?)
quote:
C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
might join
@btcentralplus.com
 from:
antdude
amysheehan
| reply to amysheehan
Hi guys
(Originally posted here »CCleaner now installs with adware? but copied by request)
I have just found this thread after I experienced the same Adware.SystemProcess problem after a Norton update a couple of hours ago (It is Tues 13th in my time Zone but I guess the fix isn't "out-there" yet, lol).
Anyway FYI...
my CCleaner is 2.0.0.500
my Spyware Blaster had 6 IE threats unprotected (but I don't use IE!)
So I thought I'd do a little experiment... I re-enabled all of SpywareBlaster's protection, updated it, and enabled everything again. I ran a quick Norton scan again, wondering if it would find the same problem a second time.
No, it didn't. But it did disable 6 SBlaster things again (without saying anything!)
AND ...
It "fixed" a security risk "SecurityRisk.URLRedir", this translates to 79 hosts file entries....or it would have done, except that I blocked Norton's change with WinPatrol (free version) I haven't checked all of the supposed bad entries, but the few that I did check were NEVER there!!! - things like Kaspersky, McAffee, F-secure etc.
Now that is two lies. That they were there, AND that they had been fixed.
...and why didn't it find this "problem" when it found the Adware.SystemProcess problem? Nothing had changed in the meantime except the SpywareBlaster update.
My Spybot S&D immunisation, however, hadn't been tampered with at all. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to altermatt
The daily release schedule for Nov 13 th will allow the direct download up the Daily Updates which will include the fixes included in any Rapid Release definitions after revision 20 on Nov 12th.
If you're not affected - just wait for the daily updates released Tuesday the 13th for your product.
-amy-
Look for the update for your Symantec Corp Client Edition for 32 bit systems.
-amy-
--
DSLR Phishtracker |
|
