Symantec Security Response Automation (Tracking #15579967)
Submitted sample to Symantec. They say it's not infected. But...it is! Any suggestions on how to get Symantec to change their mind? Currently, the malware uses alerts through Windows Security Center via an application named "FileHelper" to inform the user than the system needs scanned. There is also an associated program called Registry Wells that was installed at the same time. Basically, the user received an attachment from a "friend" and received a message that the file could not be opened unless they downloaded and installed "Registry Wells." Upon doing so, the user started receiving FakeAV "like" alerts from Windows Security Center saying that certain DLL's needed repaired and to run a scan. VirusTotal detection is spotting, but FileHelper is picked up as Adware/Trojan/FakeRegistry cleaner. Registry Wells is not detected at all.
Comments
You have to call and make a
You have to call and make a case, they then can open a case with security response to take a second look
Symantec Technical Specialist
Please don't forget to mark which thread solved your issue!
The submitted file was
The submitted file was inspected by a tech. I'm inclined to believe what they found (they are very, very good at what they do).
I'd be willing to bet there are other files that are involved if it truly is a threat. But if this is something that was installed, why can't you uninstall it?
Remember, just because a program does something that looks like something actual threats do, doesn't mean it's a threat. It's all smoke and mirrors.
Here is the threat expert
Here is the threat expert report for the file: http://www.threatexpert.com/files/RegistryWell.exe.html although it may be a nuisance and not detected it possibly could added to definitions if you open a case with symantec.
Symantec Technical Specialist
Please don't forget to mark which thread solved your issue!
Would you like to reply?
Login or Register to post your comment.