Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Internet Security 2010

  • 1.  Internet Security 2010

    Posted Dec 11, 2009 02:57 PM
    New FakeAV program called Internet Security 2010 found on one of our computers. SEP found a few infections that were in quarantine. I deleted the quarantine, but still pops wanting to scan computer etc. What do i need to upload or send to see about getting definations that can remove this threat. Would screenshots possibly help?


  • 2.  RE: Internet Security 2010
    Best Answer



  • 3.  RE: Internet Security 2010

    Posted Dec 11, 2009 03:07 PM
    Do i just copy all of these files to a folder, make it a zip file, transfer it to my computer then submit it? Or do i need to submit each file seperate?


  • 4.  RE: Internet Security 2010

    Posted Dec 11, 2009 03:09 PM
    You can zip it bring it over and submit it. You can submit 10 files at once (zipped) 


  • 5.  RE: Internet Security 2010

    Posted Dec 11, 2009 03:18 PM
    This system is running too slow and user wants PC back immediatly. Just going to re-image this PC and hope infection does not occur again before someone is able to submit it and get definations for it. Thanks for your help though. I probably need to try to enable submissions on my clients to where i can submit infected files directly from the client.


  • 6.  RE: Internet Security 2010

    Posted Dec 11, 2009 03:21 PM
    You can submit directly from client as well by going to 
    https://submit.symantec.com/basic
    If possible just copy and zip the suspicious files.So tht U can submit them later.


  • 7.  RE: Internet Security 2010

    Posted Dec 11, 2009 03:40 PM
    c:\WINDOWS\system32\winhelper86.dll
    does not exist on my computer, but did see winhelper.dll. I copied it over

    Also,

    c:\Program Files\InternetSecurity2010\IS2010.exe
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
    %UserProfile%\Desktop\Internet Security 2010.lnk
    %UserProfile%\Start Menu\Internet Security 2010.lnk

    These files are all the same. I am just going to be submitting one of them. Zipping them now to upload. Thanks for your help


  • 8.  RE: Internet Security 2010

    Posted Dec 22, 2009 02:27 AM
    My Norton-anti virus is not able to detect and fix worm.win32.netsky
    I am having critical warning messages periodically.. Here is the exact list of problems:

    1. My Symantec Live update has stopped working. It says problem with internet connection (although my internet is working perfectly)
    2. I am not able to access task manager (even from run). It says that i do not have admistrator rights - I have never received these messages before.
    3. I downloaded spyware doctor and it detected the following files to be infected:

    c:\WINDOWS\system32\winhelper86.dll
    c:\WINDOWS\system32\winlogon86.exe
    c:\WINDOWS\system32\winupdate86.exe
    c:\WINDOWS\system32\AVR10.exe

    4. I tried using safe mode - but i am having exactly same problem in safe mode.

    Is there no fix for this virus with Symantec?

    Please let me know

    Thanks
    Aditya



  • 9.  RE: Internet Security 2010

    Posted Dec 22, 2009 02:28 AM
    Hi Vikram

    My Norton-anti virus is not able to detect and fix worm.win32.netsky
    I am having critical warning messages periodically.. Here is the exact list of problems:

    1. My Symantec Live update has stopped working. It says problem with internet connection (although my internet is working perfectly)
    2. I am not able to access task manager (even from run). It says that i do not have admistrator rights - I have never received these messages before.
    3. I downloaded spyware doctor and it detected the following files to be infected:

    c:\WINDOWS\system32\winhelper86.dll
    c:\WINDOWS\system32\winlogon86.exe
    c:\WINDOWS\system32\winupdate86.exe
    c:\WINDOWS\system32\AVR10.exe

    4. I tried using safe mode - but i am having exactly same problem in safe mode.

    Is there no fix for this virus with Symantec?

    Please let me know

    Thanks
    Aditya





  • 10.  RE: Internet Security 2010

    Posted Dec 22, 2009 03:04 AM
    Can you open a new thread for this. The thread you are posting is old and it is already having a solution.


  • 11.  RE: Internet Security 2010

    Posted Dec 22, 2009 09:59 AM
    https://www-secure.symantec.com/connect/forums/wormwin32netsky


  • 12.  RE: Internet Security 2010

    Posted Dec 22, 2009 10:00 AM
    https://www-secure.symantec.com/connect/forums/wormwin32netsky

    Please reply


  • 13.  RE: Internet Security 2010

    Posted Jan 06, 2010 08:53 AM
    I can't understand why SEP can't detect this malware (Winupdate86 ), even now with updated definitions.
    And this time Symantec knows this fake AV since weeks.

    I suspect this is not the first time on my network, and I'm asking me how the definition build works inside Symantec.

    Alessandro


  • 14.  RE: Internet Security 2010

    Posted Jan 06, 2010 09:09 AM
     If it is missed by symantec..then its our/Sec Admin's duty to submit the files to symantec security response

    https://submit.symantec.com/basic
    or
    https://submit.symantec.com/essential
    or
    https://submit.symantec.com/BCS

    Depending upon your support contract


  • 15.  RE: Internet Security 2010

    Posted Jan 16, 2010 07:42 AM
    I have symantec on my computer. And, I now also have been infected with this virus, however, I cannot even get on my computer any longer it just has a black screen (I am on my husbands computer right now).  Extremely frusterated that this virus has infected my computer when I have software on it that is supposed to be protecting it!!!


  • 16.  RE: Internet Security 2010

    Posted Jan 16, 2010 11:35 AM
     hope both the computers are on network..

    from the other computer go to start run - regedit - enter

    Go to file - Connect Network Registry -- give the name of your computer

    once registry of your computer is connected...
    go to

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

    Edit the value of userinit and make sure it is only E:\WINDOWS\system32\userinit.exe,
    remove any anything after that.

    Then your computer should boot back up..then you can run a scan or check if it still infected..




  • 17.  RE: Internet Security 2010

    Posted Jan 25, 2010 08:58 PM
    Hello guys,

    I have submitted the sample file. Expect to detect the file by Symantec after 42 hours.


  • 18.  RE: Internet Security 2010

    Posted Jan 31, 2010 12:58 AM

    7 of our company computers where infected in 2009 with malware while being protected by symantec endpoing protection, with latest definitions.  It is very disapointing when our paid software fails and we have to download free products like avast home to clean our computers (which is what we did on all the machines).  In our annual company meeting it was actually a topic of discussion that we need to get rid of symantec for this one issue - I have screen shots of the yellow shield happily staying silent while several windows are showing the system infected with malware.....why does symantec antivirus sit there when a threat that is actually in it's definition files runs rampent on a machine?



  • 19.  RE: Internet Security 2010

    Posted Feb 26, 2010 03:17 AM
    Hello David! Just submit any malicious file not detected by Symantec. Remember that not all endpoint security knows all. We just need to cooperate to fix the problem.