Author Topic: Norton key scan as hidden file  (Read 1967 times)

Offline squilibry636

  • Newbie
  • *
  • Posts: 4
Norton key scan as hidden file
« on: September 29, 2015, 12:56:48 PM »
Hi guys,

today i'm scanning my pc with CCE when for the first time it indicates me this key

hkey_local_machine\software\wow6432node\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\ding\update

like an hidden key with high risk.

I have to say that:
1) Pc is formatted from two days and scans of Norton, MalwareBytes e TDSS killer are clean
2) Also the previous scans of CCE were clean...
3) if i erase the key norton update doesn't work

I think it's a false positive but i'm not sure...

What do you think?

Thank you in advance

Luca


Offline squilibry636

  • Newbie
  • *
  • Posts: 4
Re: Norton key scan as hidden file
« Reply #1 on: September 30, 2015, 05:44:55 AM »
More info

- the heuristic scan is set on high (on medimu the scan doesn't find this key as dangerous)
- there are another sure false positive (i have scan the file on virustotal and only comodo indicates a threat) on foxitupdater

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25148
Re: Norton key scan as hidden file
« Reply #2 on: September 30, 2015, 10:27:10 PM »
If erasing the key makes Norton Update not work then that proves to me it belongs to Norton and is legit. It is a false positive.

If only Comodo shows foxitupdater as malicious you can safely assume it is a false positive. If you can positively identify foxitupdater as belonging to Foxit Reader you can safely assume it is a false positive. In case the file is digitally signed by the publisher of Foxit you can check its signature. If the signature is OK then it is untouched.

Offline squilibry636

  • Newbie
  • *
  • Posts: 4
Re: Norton key scan as hidden file
« Reply #3 on: October 04, 2015, 02:12:45 PM »
i'm sure that they are false positive..i have reported them to comodo...

I have done a try...i have done some recoveries of the whole system (with an image i have done with acronis true image of the clean system) and:

- sometimes when comodo scans the system find this key as dangerous
- sometimes comodo doesn't find the key dangerous (2 times)

strange thing

However they are false positive surely

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25148
Re: Norton key scan as hidden file
« Reply #4 on: October 04, 2015, 05:44:36 PM »
If you have something of Norton running in the background that could explain the discrepancies. If a rootkit scanner scans by comparing a raw look up and regular look up using the Windows API it may see a discrepancy when that key was accessed, created or deleted in between the two look ups.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek