I was able to move the first one successfully to the virus chest. I was not able to move the second one due to an error.
I did some searching and found the Norton’s Removal Tool. I used that. After running it, I went into Explorer and looked through the files. I found a Symantec folder left over and deleted everything in it plus the folder.
I ran Avast again, and it again found the second virus but not the first.
Any suggestions? If so, can you please explain what I need to do in easy words. When it comes to the above, I’m a novice.
The first, even if it isn’t a virus it shows you have remnants of symantec on your system as the symantec shared folder hasn’t been removed.
The second is that in your HP recovery partition ?
I suspect so and I guess symantec was pre-installed. If so I doubt there is much you can do about that one I would have though it is a protected partition (the probable cause of the error). Other than excluding this file from scanning (see false positive link below) D:\hp\apps\APP04471\src\Setup\Setup.msi until it is resolved, I suspect it is more likely to be a false detection.
I don’t believe the detections are indicating a cast iron trojan hence the [Embedded#Dodgy] suffix, it may just be the way the installation is packed.
Do you have any Symantec applications installed now ?
You could also check the offending/suspect file (to confirm or deny the detection) at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Yes, Norton’s Internet Security 2008 came pre-installed, unfortunately. Can you please tell me how to remove the Symantec shared folder? I don’t have any Symantec products installed. I uninstalled it as soon as I set up my computer.
I have no idea if D:\hp\apps\APP04471\src\Setup\Setup.msi is in my HP recovery partition. I don’t know anything about partitions. It’s not in my chest, so I can‘t do Virus Total. I did run Panda Active Scan, and it didn’t find anything. I tried to run Trend Micro Housecall65, but a file wouldn’t install on my computer.
Before I posted here, I did report the second one using the link at the bottom of the pop up virus warning window.
This … D:\hp\apps\APP04471\src\Setup\Setup.msi … is the setup engine HP used to install your version of Windows and other applications on your computer. Read here for more information …
But, this is the short form of where an apparent problem is located. The full version from your first post is … D:\hp\apps\APP04471\src\Setup\Setup.msi\Binary.SymLCSVC.9E3C0E2F_0873_4AD9_995B_D9DAAF9B9E76\ … and from this I am surmising that this was used by HP to install the former Symantec program.
Have you used the appropriate Symantec removal tool for Norton Internet Security 2008? Symantec/Norton is well known for leaving offending files and registry entries behind when uninstalled only through Add/Remove Programs. If not, I would suggest that should be your next step.
*David, please correct me if you think I am wrong.
I had already used remove Add/Remove program to uninstall Norton’s Internet Security after I set up my computer.
I clicked on the Norton’s Removal Tool link that Tech provided. It is the same one I used yesterday. Does it matter if I right click on the Norton Removal Tool icon, select Properties, click on the Compatibility tab and put a check mark in the box next to Run this program in compatibility mode for and in the pull down menu, there is no listing for Vista. I noticed that today.
I already had Avast installed. How do I repair the installation? I looked in the help file, but I couldn’t find it.
Regarding D:\hp\apps\APP04471\src\Setup\Setup.msi and a disk D: or is it a recover disk (partition), I don’t understand. In Windows Explorer, it says Factory Image D:
Regarding it not being in my Chest, I didn’t delete anything. The recommended action was to move it to the Chest, which I tried to do. I received an error message.
Kaspersky didn’t find anything.
I couldn’t use ESET NOD32 because of Administrator Rights.
I tried to use Trendmicro house call again. Like yesterday, I got an error message saying it couldn’t transfer data.
F-Secure didn’t find anything; however, it skipped 22 files. I have a list of the files if you need them.
I couldn’t run BitDefender because of Administrator Rights.
I clicked on Control Panel/User Accounts. It has my name as Administrator.