and just incase you want to see how sad it was......
NAV case no
269962621
chat id
323654
user Mr._Michael_Collins has entered room.
analyst Kamalaa has entered room.
Kamalaa
Hello Mr._Michael_Collins. My name is Kamalaa.
Kamalaa
Thank you for contacting Symantec Live Technical Support. Please make a note of the Chat Request Id [ 323654 ] for this interaction.
Mr._Michael_Collins
hi there, been sent here by Tabby for help
Mr._Michael_Collins
problem with winpm-32.exe ver 4.41 being treated as a trojan
Kamalaa
Before troubleshooting this issue, I need to gather more information about this problem from you. This will greatly assist me in finding a resolution to your problem. May I proceed?
Mr._Michael_Collins
yep
Kamalaa
See your computer has been infected by a High risk Virus.
Mr._Michael_Collins
appart from the O/S?
Mr._Michael_Collins
until the last update all was fine
Kamalaa
Hence you need to contact the Virus Removal Check.
Mr._Michael_Collins
but winpm-32.exe is not a virus
Kamalaa
But TROJAN is a High Risk Threat level category.
Mr._Michael_Collins
yes but the program is not a trojan, it's an email program
Mr._Michael_Collins
been using it since 9194
Mr._Michael_Collins
1994
Mr._Michael_Collins
http://www.pmail.com/
Mr._Michael_Collins
NAV since the last dat update thinks the winpm-32.exe version 4.41 is a trojan
Kamalaa
May I put you on hold for 2-3 minutes while I investigate this issue further?
Mr._Michael_Collins
yep
Kamalaa
Thank you for being online.
Mr._Michael_Collins
no probs
Mr._Michael_Collins
I had not used Pegasus Email since the last updtae on the 15th
Mr._Michael_Collins
so did not spot an issue until tonight
Kamalaa
The file that you have mentioned may be Virus.
Mr._Michael_Collins
NAV deleted the file from the program folder.
Kamalaa
Hence you need to Run Full System scan.
Mr._Michael_Collins
so went back to my backup which was made 10 days agao and when the restore was run NAV deleted the file on access
Mr._Michael_Collins
so tried a clean install frome the orriginal download fiel I have on cd
Mr._Michael_Collins
again NAV zapped the file as soon as the installer accessd it
Mr._Michael_Collins
so rolled back Pegasus to ver 4.31 which has a few bugs but NAV reconned that was ok
Mr._Michael_Collins
so looks to me like there may be a false trigger with the file
Mr._Michael_Collins
I ran a full system scan from a clean reboot
Kamalaa
If Norton AntiVirus has detected any Virus, it will as for whether to Quarantine or Delete that file.
Mr._Michael_Collins
is as soon as the file is accessed it gets zapped but only with version 4.41
Mr._Michael_Collins
it delets the file
Kamalaa
So there may be a chance that, it might have been prompted, there are chances likely that you have choosen to delete.
Mr._Michael_Collins
has only been happeing since the update in 15/5/07....
Mr._Michael_Collins
Details: Internet Worm Protection Signature File Version: 15/05/2007 Rev. 1.
Internet Worm Protection Engine Version: 3.0.0.60809.
Kamalaa
Norton AntiVirus has Detection Feature in it enabled, hence it will check the system whether your system has been infected or not.
Kamalaa
If Noroton program has detected a virus, then it is a Virus .
Mr._Michael_Collins
uless it is a false positive ID
Kamalaa
See as per your information only I am guiding now..
Kamalaa
You only said that, some of the files has been deleted then it is Virus.
Mr._Michael_Collins
I have just run winzip to atempt to extract the file from the orriginal self extraxting zip file, and as soon as the files is accessed NAV treats it as hostile
Kamalaa
Web URL to contact Virus Removal Link :
http://www.symantec.com/vremoval
Mr._Michael_Collins
this onlu happens with the 4.41 .exe version. the 4.31 .exe files NAV thinks is fine
Mr._Michael_Collins
that page redirects me to...
Mr._Michael_Collins
http://www.symantec.com/home_homeoffice/support/index_virus.jsp
Kamalaa
To resolve this kind of issue you need to contact the Virus Removal link.
Mr._Michael_Collins
which is where I strated from 30 mins ago
Mr._Michael_Collins
was talking to Tabby who sent me to here
Kamalaa
That is what I am saying from the beginning that page is referring to Virus.
Mr._Michael_Collins
?
Mr._Michael_Collins
I ran the sacn and it found nothing
Kamalaa
Best way to resolve your issue is to contact Virus Removal.
Mr._Michael_Collins
http://www.symantec.com/vremoval
sends me to http://www.symantec.com/home_homeoffice/support/index_virus.jsp and the ywere the ones who sent me to here
Kamalaa
Once you have run the Full system Scan, if it detects some thing, then again when you run the Full System scan, the Virus has been removed from your system.
Kamalaa
Now your system is Free from Virus.
Mr._Michael_Collins
but is also removes a valid program Pegasus Email
Mr._Michael_Collins
winpm-32.exe is the .exe that forms the main componet of Pegasus
Kamalaa
If that file is an Infected file, then Norton will remove it.
Mr._Michael_Collins
and this only happens with version 4.41 of the .exe file
Mr._Michael_Collins
and has only happens since the 15th dat updates
Mr._Michael_Collins
it recons its a trojan
Mr._Michael_Collins
so ar you saying that version 4.41 of Pegasus Email is now a Trojan?
Kamalaa
If that is the root cause of the file then you need to remove that particular Pegasus.
Mr._Michael_Collins
as I think the Publisher would be very interested to hear it
Kamalaa
If it is detected as Trojan, then it is a Virus.
Mr._Michael_Collins
I have just download a second copy direct from pmail and get the same problem with the .exe file
Kamalaa
Then the problem is withe Pegasus, and Not with Norton.
Mr._Michael_Collins
so it is definately not a false positive action due to the latest NAV data files then?
Mr._Michael_Collins
and Norton is now saying that Pegasus Email version 4.41 is a Trojan?
Kamalaa
Yes, please contact Virus Removal link for further assistance.
Kamalaa
They will guide you through the other process.
Mr._Michael_Collins
but the removal url you gave me rediects back to the gereral support page which is where I strated all this from, and they were the ones who sent me here
Kamalaa
Please note that currently you are talking with Symantec Technical Support Deparment, for assistance with the issue you are facing you need to contact the Virus Removal Support to fix it.
Kamalaa
Virus Removal Support is a separate department.
Mr._Michael_Collins
ok will start again
Mr._Michael_Collins
Thanks Kamalaa
Kamalaa
Thank you.
user Mr._Michael_Collins has entered room.
analyst Abhilash has entered room.
Abhilash
Hello Mr._Michael_Collins. My name is Abhilash.
Mr._Michael_Collins
he there
Abhilash
Welcome to Symantec Virus & Spyware Solutions.
Is this the first time you are contacting us or do you have a Case Number?
Mr._Michael_Collins
I have been sent back to vremoval from tech support
Mr._Michael_Collins
* Coburg poinst to topic
Mr._Michael_Collins
NAV case no 269962621 chat id 323654
Mr._Michael_Collins
Abhilash
The Consultation fee would be £69.95.
Mr._Michael_Collins
can't afford that
Abhilash
Also you will have 15 days during which you can contact us anytime if the issue persists.
Abhilash
After cleaning we'll also provide you free educative links for you to refer and stay safe .So you need not worry at all in future about such nasty issues .
Abhilash
Once there is infection on your computer, they would normally try to spread to other files on your hard drive and to other computers/devices connected to your system. Most of the times, they create/manipulate entries and keys in your windows registry. In these cases we need to manually remove these registry entries and also remove the infected files. Manipulating the registry is sometimes very risky and is to be done with extreme care, since a wrong manipulation could mean that the computer’s functioning could be unchangeably altered. Hence this would require a trained technician to do this for you.
Mr._Michael_Collins
I think I will come back to this as I am con convinced that this is a real trojen as it only affects a single .exe file on the whole system and is verions specific
Mr._Michael_Collins
and has only happned since the 15/05/2007 worm update files
Mr._Michael_Collins
if this did prove to be a fals positive would I get my money back?
Abhilash
Michael, this section is only for the threat removal.
Mr._Michael_Collins
well what would you do in my posistion?....
Abhilash
Michael, I do understand your concern.When you purchase the product, the cost of the product is for the software, updates to the software and for the virus definitions. Apart from this, there is an additional charge for value added services.
Mr._Michael_Collins
I have the system here locked down, I am the only user, have a hardware firewall on the internet connection, Zone alarm one the front end, and NAV running in paranoiya mode, ...
Mr._Michael_Collins
and whe nI get an issue it is with just one single .exe file and then only when I have used to program after the last data update?
Mr._Michael_Collins
you can see why I am sceptic about this?
Abhilash
Yes Michael, but since this is a paid consultation service, we have only this option.
Mr._Michael_Collins
I am not seeing a degradation ion system performance, no other alearts wit hother .exe files......
Mr._Michael_Collins
I think I'll raise this on the Pegaus Forms first before parting with money
Abhilash
Michael,so please do note the case number provided.
Mr._Michael_Collins
have noted no for futire ref
Abhilash
You can get back to us with this case number.
Mr._Michael_Collins
will do and thanks
Abhilash
If you need to contact "Symantec Virus & Spyware Solutions" again please use the link below:
http://www.symantec.com/techsupp/home_homeoffice/index_virus.html
It has been pleasure assisting you. Thank you for using Symantec. Have a great day ahead!!
Mr._Michael_Collins
and you Abhilash