Trojan or Misidentification of Norton System Works?

bibblebobble

Hi.

After a lot of frustration with Symantec antivirus and firewall products on our 3 systems, plus effectively useless support {i.e. I do everything and they just repeat what I've already tried from the knowledge base culminating in hey - just reinstal ) } I've made the changed to what is regarded as the current best-in-class product.

Everything has gone fine so far on two of the 3 machines. The third is awaiting change. But I have found that BD10 evaluation is identifying a trojan on each of the two machines. And I can't seem to get rid of it.

On one machine it is identified as Trojan.Clicker.CM. It constantly reappears {despite manual deletion or removal to quarantine} as a nnnnnnnn.HTM file in Symantec's C:Recycler\nprotect folder, where nnnnetc is just some numeric digit sequence.

On the other machine it is identified as Trojan.Click.337. Again it constantly reappears despite removal and deletion, as a 00000000.dll file in Symantec's C:Recycler\nprotect folder.

Is this a real trojan or some form of missidentification. If its real how dangerous is it and how do I remove it? Is my security compromised? How did it get on my systems? They've all been pretty well protected? What have I missed?i.e. how do I avoid the same mistake?

Regards,

Steve

Unknown

So the scan hasn't the malware from your computer after a scan with BitDefender? Or BitDefender just detects and blocks the malware in real time protection status?

operabilus

BitDefender might not be able to delete the files found in Norton Protected Recycle bin. The files located in those folders are some deleted files, hidden from normal view.

They don't represent any risk, but if you want to get rid of them, try to disable Norton Protected Recyle bin, and run a full scan again with BitDefender. If it still does not work, it might be possible to see those files and delete them if you start the computer in Safe mode.

Please tell us whether one of these methods worked!

Niels

See this instructions for how to disable norton protocted recycle bin : http://service1.symantec.com/support/nsw.n...5256e24004e250f

After you done that then are able to remove it or let BitDefender remove it.

alexcrist

See this instructions for how to disable norton protocted recycle bin : http://service1.symantec.com/support/nsw.n...5256e24004e250f

After you done that then are able to remove it or let BitDefender remove it.

Norton Protected Recycle Bin is the best thing ever, if you don't want to get rid of viruses, because it prevents the user and the antivirus to fully delete application files (including infected applications). Personally, I suggest to disable Norton Protected Recycle Bin and uninstall it.

bibblebobble

Thank you to all of you for your responses and apologies for not using the appropriate discussion channel.

Bitdefender is doing evrything right. It detects the trojan, trys to disinfect or delete and when it can't it finally quarantines it. I subsequently checked the laptop and also found Clicker.CM on there as well. Neither McAfee on the laptop or Symantec on the other three had detected the viruses.

Our memory sticks appear to be clean so I don't know how they spread (if at all). Also, there's very little I can find on the web about these two trojans, so I don't know what they do.

I have successfully followed the suggestion of turnning off Norton Protection and managed to remove the Click.337. Bitdefender sorted the laptop without assistance because there was no Norton Protection. But the other machine still has Clicker.CM.

I read on one google link that it has a memory resident monitoring component that just keeps copying itself if deleted. I've carried out the BD memory clean but that doesn't seem to help. There may be some kind of scheduler involved. So I'm going to remove the disk and fit it to a USB drive caddy and get BD to clean it that way.

I'll keep reporting back with the results till I've resolved the problem, just so the thread is complete and so that in the future others can save themselves some time.

Regards,

Steve

Niels

Hi

Try scanning with superantispyware : http://downloads2.superantispyware.com/dow...AntiSpyware.exe

This is a good free solution to remove difficult malware. The best thing is first update it and then perform a complete scan in safe mode.

Regards

Niels

bibblebobble

OK I checked and got rid of the final one by moving the drive to a USB interface adapter and doing a remote scan.

Problems resolved.

Regards,

Steve

Unknown

Glad we could help you.