• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

trojan not detected earlier

Hi,

I was uninstalling a program called smartdns vpn when Norton detected trojan.gen.2 malware and quarantined it.

But I had downloaded that software two weeks ago.

So my question is why the trojan was not detected earlier when I downloaded it?

It did say that something like reputation level unproven and I clicked trust it.

Doesn't it check for malwares and viruses when I download something trusted or not, proven or unproven?

Thanks

Replies

Kudos0

Re: trojan not detected earlier

Perhaps, the uninstall event triggered 'smartdns vpn' built-in uninstaller executable. 

Security software vendors do not install every piece of software and watch every single thing that the software does.


If you believe a file has been mistakenly detected, you may submit a dispute at https://submit.symantec.com/false_positive/.

Please tell us what Norton is telling you regarding this event.

For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

For second opinion choose File &/or Search hash at VirusTotal

Kudos0

Re: trojan not detected earlier

Hello sv624

Please also tell us which Norton product and version # you are using?

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: trojan not detected earlier

Trusting the file would have excluded it from scans.  Norton would not have detected the file until it was accessed during the uninstall process.  Norton should have detected the file when you ran the installer two weeks earlier, but perhaps the threat was new and not able to be detected at the time (which is why reputation scores are important).

Kudos0

Re: trojan not detected earlier

sv624:

Hi,

I was uninstalling a program called smartdns vpn when Norton detected trojan.gen.2 malware and quarantined it.

But I had downloaded that software two weeks ago.

So my question is why the trojan was not detected earlier when I downloaded it?

It did say that something like reputation level unproven and I clicked trust it.

Doesn't it check for malwares and viruses when I download something trusted or not, proven or unproven?

Thanks

So, the download was reputation flagged.  The installed running program was not flagged. 
Maybe, download was setup stub and executing stub created a bunch of additional files....including creating the uninstaller file.    Admitting, I do not know whether trusting a setup stub also trusts the files created by the stub.   That seems wrong. 
I'd want to see the history.   Download Insight reports on the reputation of the downloaded file.   Auto-Protect should react on access.   I'm imaging the uninstall event generates a lot of new activity.   Generic Trojan is a broad classification.    Some programs have a recommended uninstall procedure.  Maybe, you needed to quiet the program before calling the uninstaller.   Maybe, the built-in uninstaller (assuming there is one) is just sloppy and Norton was reacting to strange file behavior.   Maybe, at the moment you called the uninstaller some other activity bumped into the uninstall activity.   And Norton is not perfect.  And security software vendors do not install every piece of software, on every possible setup and watch every single thing that the software does.  Or, maybe.... I'm way off base.  Regards w Respect

This thread is closed from further comment. Please visit the forum to start a new thread.