Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Apology to Symantec

  
   Security Forums (Home) -> Symantec/Norton RSS
Next:  Running Norton - Try a clean boot  
Author Message
"Clarence

External


Since: Mar 25, 2006
Posts: 21



(Msg. 1) Posted: Mon Mar 27, 2006 2:47 pm
Post subject: Apology to Symantec
Archived from groups: alt>comp>anti-virus (more info?)
Hello all participants

A number of days ago I posted accusations that the software within the
Norton software suite, distributed by Symantec, was preventing me from
having access to data on a computer. I wish to inform everyone here that
this is not the case. I humbly appologise to Symantec for my error.

The situation is that, it is now myself that is denying the owner from
having access to the data. I have been in possession of the data and the
cabinet files for two days now. It is appropriate that I set the machine to
a working condition and return it to the owner.

Last night, I was asked by a participant in another newsgroup to provide a
chronology of what I had done while researching the problem. I had performed
so many actions that I had to go to my notes (okay, so I'm getting older and
sometimes can't remember what I went to the kitchen for, so I scribble down
what I do in a jotter). When typing out the chronology I found something
that I didn't notice as being significant at the time.

The following is fact: ------------------------

There is malicious software on the computer.

The malicious software is not a virus, it is a trojan.

The trojan entered the computer via a voluntary download by the user.

The trojan is specifically targeted at Norton products and tries to the
deceive the user into believing that the problem is being created by Norton
software (it certainly deceived me for a very long time).

The trojan progressively causes the system to behave incorrectly at ever
decreasing intervals.

The trojan then intereferes with the user's attempt to run the Norton
Uninstall procedure. When checking my notes, the first two stages of this
worked fine. Norton itself then found that there was a problem and,
correctly, refused to run the final Uninstall of the Utilities.

The code that produces the "Error, Nprotect.VxD not present .... Please run
SEVINST.EXE ..." is not Norton code. It does not even reside in any of the
Norton folders. This message box is produced by trojan code and is
counterfeiting a valid Norton error message.

The author of this software is an expert programmer who has taken great
care, and spent a considerable amount of time writing it.
-----------------------------------------
The following are reasonable assumptions: -----------

The author of the trojan is mature (over 30 years of age)

The mechanisms used would have greatest effect in Win98SE and WinME
environments.
-----------------------------------------
I was surprised to find that participants in the windowsme newsgroup were
all (not one person was in favour of using Norton) of the opinion that
Norton was "malware". Their references to the frequency of Uninstall
problems were just two many to be a coincidence. I'm of the opinion that
this trojan must have been causing problems throughout the world. The
effects of this are that Norton products are being perceived as being a lot
worse than what they are.

I can only speculate what the motives of the author are. The author has gone
to great lengths to do this.

Finally, I do not apologise for any ranting and raving that I have done
regarding Symantec's lack of support for their own customers. This is truly
appalling. If they want to maintain market share then this will have to be
improved.

Greg Miskelly

Clarence (Lancy) Howard
nutz777 RemoveThis @ntlworld.com (remove one of the 7s)

 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
Frankster

External


Since: Feb 17, 2006
Posts: 57



(Msg. 2) Posted: Mon Mar 27, 2006 2:47 pm
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> The following is fact: ------------------------
>
> There is malicious software on the computer.
>
> The malicious software is not a virus, it is a trojan.

Why didn't you proivde a name?

-Frank

 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
"Clarence

External


Since: Mar 25, 2006
Posts: 21



(Msg. 3) Posted: Mon Mar 27, 2006 3:59 pm
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Noel

Please forgive me for not forwarding that wordpad doc (I will finish it and
send send it as soon as I get the sick box up and running again). It was
actually your suggestion do write out a chronology that allowed me to make
sense of all of this. I had got two thirds of the way through and realised
from my own notes that Norton was not the problem.

> Please DO NOT apologise to Symantec (and especially to Norton). They are
> wholly responsible for their own ineptitude where Win ME is concerned.

If I accuse somebody in the wrong then I apologise. It is simply good
manners. In my opinion, ME and 98SE are more vulnerable to this trojan than
XP because of the amount of DOS based stuff there is in the startup process.

> I still doubt (but I may be wrong - wouldn't be the first time!) that your
> problem was caused by a Trojan .......

It is caused by a trojan

> ......... - and certainly many people's problems in the
> ME group CANNOT be ascribed to such a Trojan (have you
> managed to find ANY references to it? - links please!!).

I'm not stating categorically that the problems faced by Norton users
running ME are the result of trojan code. What I am saying is that this
machine was affected by it. I have found no references to such a trojan
anywhere.

> Even assuming that the problem is as you describe - they should have had
> some means to remove the infection (is there a dedicated cleaner
> available? - link??) and should have publicised it widely.

Why should Norton already know about it?

> Have you had the 'Trojan' you found analysed by the AV companies? - could
> you send me a link to it - or the original infector??

I have not been able to capture the trojan (what do you think I've been
trying to do for the last three days?). I obviously do not have the
technical expertese to find it. I have tried, and tried to find it, but I
can't. What I can do though, is by process of illimination, work out what is
happening. Indeed, it was your suggestion for me to produce a chronology
that allowed me to do this. Take the counterfeit error message as an
example. When I look at it now, it's so obvious. The logo is fuzzy (a copy),
the font is wrong, the text just wraps (it is not nicely spaced out). It's a
fake. It's like seeing a pair of Nike trainers at a very low price on a
market stall. If you really look at them closely you realise that they are
not the real McCoy.

I am of the opinion that the user inadvertently downloaded a malwarez
version of a valid IT Security product, rather than the real thing. It is an
opinion, I cannot prove it.

Greg

Clarence (Lancy) Howard
nutz7777.TakeThisOut@ntlworld.com (remove one of the 7s)
 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
"Clarence

External


Since: Mar 25, 2006
Posts: 21



(Msg. 4) Posted: Mon Mar 27, 2006 4:47 pm
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hello Frank

> Why didn't you proivde a name?

Having struggled with this for coming on nine days it is obvious that I do
not have the technical expertese to capture or identify this trojan.

Greg

Clarence (Lancy) Howard
nutz7777 RemoveThis @ntlworld.com (remove one of the 7s)
 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
woody

External


Since: Mar 28, 2006
Posts: 1



(Msg. 5) Posted: Tue Mar 28, 2006 4:09 am
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> Having struggled with this for coming on nine days it is obvious that I do
> not have the technical expertese to capture or identify this trojan.

bollocks greg.

are you trying to tell me that you havn't got a dump of

1) the contents of the cmos
2) the contents of the dos ram area and high memory area
3) the contents of the absolute zero sector
4) the contents of the mbr
5) the contents of both the fats
6) other relevant information

i know you too long for that

-woody-
 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
James Egan

External


Since: Jan 19, 2006
Posts: 282



(Msg. 6) Posted: Tue Mar 28, 2006 1:15 pm
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Tue, 28 Mar 2006 12:09:29 +0100, "Noel Paton"
<NoelDPspamless.TakeThisOut@crashfixpc.com> wrote:

>No problem, Lancy - whenever you're ready
>

Remember what happened with that full house last time, Kid.


Smile
 >> Stay informed about: Apology to Symantec 
Back to top
Login to vote
Pete

External


Since: Apr 06, 2006
Posts: 34



(Msg. 7) Posted: Wed Mar 29, 2006 9:39 pm
Post subject: Re: Apology to Symantec [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Using original client IP w/ Symantec Web Security 3.0 - Does anyone know how to setup Symantec Web Security 3.0 for W2K to use the original IP address of clients gettied proxied through it? I just implemented Web Security, and now on my firewall I can only view web transactions coming from the proxy server IP...

When exiting Outlook Symantec scans sent messages when no .. - I noticed recently when I exit Outlook a Symantec window pops up near the task bar indicating that a 'sent' message is being scanned. The problem is I did not send any outbound email. The last time I saw this Symantec window I pulled the network cable ou...

Strange username found in Symantec System Console - Hi, our compagny uses Symantec Corporate Edition 8.1. In the System Console the username ~E~V in ~F is found, but the username is unknown to me. Does anyone recognize the username or knows which service is causes this? Thanks. Michael

Symantec Integrator NAV2003 - Hi, I've got three instances of "Symantec Integrator" trying to phone home. What is this utility and what is its purpose? TIA -- siljaline

Norton Symantec 8 - Hi, When I do liveupdate, it comes out a error msg "LU1844: The update list for this product is corrupted." How do I go about solving it... Thanks... The information transmitted through this email and its attachments contain confidential ...
   Security Forums (Home) -> Symantec/Norton All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]