Jump to content


Photo

Removal by Norton 360

nortonremoveantivirus360removaldeleteproblem

    3 replies to this topic

    #1 winterlight

    winterlight

      Newbie

    • Members
    • Pip
    • 8 posts

      Posted 31 January 2014 - 07:26 AM

      Norton 360 keeps deleting Windower 4.

       

      This happened today.  I havent used Windower since Dec 4 2013.

       

      I think I was using WIndower 4.2 (I downloaded the exe after installing 4.1 the conventional way)

       

      I've pasted the Norton message below.  Any ideas?

       

      ============================================================================================

       

      Filename: windower.exe
      Threat name: SONAR.SuspBeh!gen3
      Full Path: Not Available
       
      ____________________________
       
      Details
      Few Users,  New,  Risk High
       
      Origin
      Downloaded from Unknown
       
      Activity
      Actions performed: 11
       
      ____________________________
       
       
      On computers as of 1/30/2014 at 10:54:00 PM
      Last Used 1/30/2014 at 10:54:00 PM
      Startup Item No
      Launched Yes
       
      ____________________________
       
       
      Few Users
      Fewer than 50 users in the Norton Community have used this file.
       
      New
      This file was released more than 7 days 29 days ago.
       
      High
      This file risk is high.
       
      SONAR Protection monitors for suspicious program activity on your computer.
       
       
       
      ____________________________
       
       
       
      Source: External Media
      Source File:
      windower.exe
       
      ____________________________
       
      File Actions
       
      File: c:\ffxi-windower 4-1\hook.dllRemoved
      File: c:\ffxi-windower 4-1\plugins\autoexec.dllRemoved
      File: c:\ffxi-windower 4-1\plugins\timers.dllRemoved
      Infected file: c:\ffxi-windower 4-1\windower.exeRemoved
      ____________________________
       
      Registry Actions
       
      Registry change: HKEY_USERS\S-1-5-21-3826235039-2417536098-1047799240-1000_CLASSES\Local Settings\MuiCache\4C\52C64B7E->LanguageList:..., Registry Hive: 64 bitRepaired
      Registry change: HKEY_USERS\S-1-5-21-3826235039-2417536098-1047799240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\cc-35-40-66-59-40->WpadDetectedUrl, Registry Hive: 64 bitRepaired
      ____________________________
       
      Network Actions
       
      Event: Network activity (Performed by c:\ffxi-windower 4-1\windower.exe, PID:348)No action taken
      ____________________________
       
      System Settings Actions
       
      Event: Process start (Performed by c:\ffxi-windower 4-1\windower.exe, PID:348)No action taken
      Event: PE file creation: c:\ffxi-windower 4-1\updates\temp\bb0282e9-3534-447d-8269-c69aa9a3eb4e (Performed by c:\ffxi-windower 4-1\windower.exe, PID:348)No action taken
      Event: Process start: c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe, PID:6512 (Performed by c:\ffxi-windower 4-1\windower.exe, PID:348)No action taken
      ____________________________
       
      Suspicious Actions
       
      Event: Attempt to start a remote thread in a process address space (Performed by c:\ffxi-windower 4-1\windower.exe, PID:348)No action taken
      ____________________________
       
       
      File Thumbprint - SHA:
      0bc59cf1e347e09caddd7243a7f8dcfce34930f5259faf03c2ad694fa36a90cd
      File Thumbprint - MD5:
      Not available
       


      #2 Arcon

      Arcon

        Advanced Member

      • Windower Staff
      • 1189 posts
      • LocationMunich, Germany

      Posted 31 January 2014 - 09:59 AM

      There's not much we can do about that. I'm not sure if Norton allows you to bypass the detection for certain files, if so, you should set it up to skip Windower. You can try filing an exception to Symantec as well, although I've tried that in the past and I've yet to hear from them about anything.



      #3 Byrth

      Byrth

        Advanced Member

      • Members
      • PipPipPip
      • 85 posts

        Posted 31 January 2014 - 11:24 PM

        Norton flags things based on how often its scanners see it. Because FFXI is getting less popular and the windower team is pushing out updates pretty frequently, this can be an issue.

         

        In order to fix it, open up Norton and go to "Change Settings..." -> Configure Exception settings -> Add -> Sonar Exception -> Folder

        Navigate to your windower folder and select it, then hit okay. You may also need to restore whatever has been deleted.



        #4 winterlight

        winterlight

          Newbie

        • Members
        • Pip
        • 8 posts

          Posted 03 February 2014 - 07:12 AM

          I found the exception list in Norton 360 and excluded windower.

           

          There are actually two places to perform the exclude:

           

          Norton 360 >> Settings >> Antivirus >> Scans and Risks [tab] >> Items to Exclude form Scans

          Norton 360 >> Settings >> Antivirus >> Scans and Risks [tab] >> Items to Exclude form Auto-Protect, SONAR and Download Intelligence Detection

           

           

          The files that got killed from my installation were:

          c:\ffxi-windower 4-1\hook.dll
          c:\ffxi-windower 4-1\plugins\autoexec.dll
          c:\ffxi-windower 4-1\plugins\timers.dll
          c:\ffxi-windower 4-1\windower.exe
           
          Hope that helps ppl.
           
          Winterlight





          1 user(s) are reading this topic

          0 members, 1 guests, 0 anonymous users