Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

Last post 05-18-2007, 23:16 by Peter Strömblad. 85 replies.
Page 1 of 6 (86 items)   1 2 3 4 5 Next > ... Last »
Sort Posts: Previous Next
  •  05-17-2007, 20:14

    • Cassiopeia is not online. Last active: Nov 20, 2010, 1:25 Cassiopeia
    • Top 150 Contributor
    • Joined on 05-17-2007
    • Muskoka Ontario
    • Member
    • Points 565

    Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Yes, the subject IS NOT A JOKE!

    The newest virus definition update from Norton AntiVirus has just successfully removed the winpm-32.exe file in the PMAIL/Programs directory. Norton deteced it as a so called Trojan.Dropper!!!!

     Anybody else?

  •  05-17-2007, 20:42

    • NetwareRulez is not online. Last active: 10-03-2011, 16:22 NetwareRulez
    • Top 100 Contributor
    • Joined on 05-17-2007
    • Rotterdam - The Netherlands
    • Member
    • Points 695

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Yep!  Same here using Symantec SAVCE. Started since virus defs 17th may 2007 rev 18

    Ron

  •  05-17-2007, 20:43

    • Trader is not online. Last active: 10-25-2011, 5:34 Trader
    • Top 500 Contributor
    • Joined on 05-17-2007
    • Member
    • Points 220

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    The same thing just happened to me a few minutes ago.  This could turn into a major pain :(
  •  05-17-2007, 20:46

    • Cassiopeia is not online. Last active: Nov 20, 2010, 1:25 Cassiopeia
    • Top 150 Contributor
    • Joined on 05-17-2007
    • Muskoka Ontario
    • Member
    • Points 565

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    I am on support chat with Norton right now.
  •  05-17-2007, 20:49

    • Trader is not online. Last active: 10-25-2011, 5:34 Trader
    • Top 500 Contributor
    • Joined on 05-17-2007
    • Member
    • Points 220

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Let us know what they plan to do to correct the false detection.

     

    Thanks

    Dale 

  •  05-17-2007, 21:01

    • Cassiopeia is not online. Last active: Nov 20, 2010, 1:25 Cassiopeia
    • Top 150 Contributor
    • Joined on 05-17-2007
    • Muskoka Ontario
    • Member
    • Points 565

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

     
    Chat ID: 79d3abd8-45e9-4d15-8e2f-0f2fc939e9d0
    Problem : Latest VirusDefinition update detects winpm-32.exe as a Trojan.Dropper. This program file is a valid Pegasus Mail (www.pmail.com) program file.
    Vijayaraja: Hello Cassiopeia. My name is Vijayaraja.
    Vijayaraja: Thank you for contacting Symantec Live Technical Support. Please make a note of Chat Request Id [ 323007] for this interaction.
    Cassiopeia: Hi Vijayaraja
    Vijayaraja: I understand that you are getting trojan horse message. Am I correct.
    Cassiopeia: yes, Norton has REMOVED the program file. NOTE: This is not a Trjoan.Dropper. It a valid program file. See forum link, it appears to happen to every PMAIL user that also uses Norton.
    Cassiopeia: http://community.pmail.com/forums/662/ShowThread.aspx#662
    Vijayaraja: This issue may occurred  due to some virus.
    Vijayaraja: In order to fix the issue we need to  run the online virus scan.
    Cassiopeia: No, I do NOT have a virus. Norton' VirusDefinition has deteced the program file by mistake. It must be an error in the lastest update.
    Vijayaraja: Now, please run the LiveUpdate and let me know the status.
    Cassiopeia: I did and there is no new update because I just did run LiveUpdate after which Norton detected winpm-32.exe as a Trojan.Dropper and REMOVED IT!
    Cassiopeia: I am telling you this is happening to other Pegasus Mail users too, so NO it is not a Virus.
    Vijayaraja: Now, please run the update and let me know whether you will get the same error.
    Cassiopeia: It is an error in the Virus defintion update.
    Cassiopeia: How quickly will Norton resolve this issue for Pegasus Mail users
    Vijayaraja: May I put you on hold for 2-3 minutes while I investigate this issue further?
    Cassiopeia: yes.
    Vijayaraja: Thank you for being on hold. I appreciate your patience.
    Cassiopeia: ok.
    Vijayaraja: Please check whether the system date and time is correct.
    Cassiopeia: yes, it is correct.
    Vijayaraja: Please run the full system scan.
    Cassiopeia: Are you giving me the run around?
    Cassiopeia: I do not appreciate that at all.
    Vijayaraja: No, please note that for virus definition issue we have to run the full system scan.
    Vijayaraja: If the issue still persists we need to run the Intelligent updater (latest virus definition) to fix the issue.
    Vijayaraja: Nora, please run the full system scan and check for the issue.
    Cassiopeia: Of course there will be NO issue because the program file Norton thinks is a Trojan has been REMOVED!!!!
    Vijayaraja: Nora, please note that previously you got trojan and its removed.
    Vijayaraja: Hence the issue is resolved. For further concern please run the intelligent updater to update the Virus definition.
    Vijayaraja: Please click the link to download the Intelligent updater http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
    Cassiopeia: Are you braindead? I said that the program file Norton thought was a Trojan and removed it, is NOT A TROJAN!!!
    Cassiopeia: Are you going to advise every pegasus Mail user of this issue? Right Now?
    Vijayaraja: Alright, could please let me know the exact issue you are facing right now.
    Cassiopeia: As of this moment I do no longer have my email program file winpm-32.exe because Norton thougt it was a trojan and removed it. Ergo, I cannot access my email program, ergo I need re-assurance that the IntelligentUpdater will have fixed that issue and that Norton is taking steps to send out an advisory informing people of the error in the latest LiveUpdate Virusdef.
    Vijayaraja: May I know whether you can access the browser?
    Cassiopeia: ? yes of course.
    Vijayaraja: May I know whether you can access the email?
    Cassiopeia: of course not, not without the program file needed to run it
    Cassiopeia: I am now attempting to re-install the prgram after having downloaded the IntelUpdate
    Cassiopeia: OK. So, Norton is not allowing me to re-install the program because it automatically removes the program file, because the IntelUpdate is the same as the Latest LiveUpdate update.
    Cassiopeia: How quickly can Norton re-issue a Virusdef update!
    Cassiopeia: 20070517-018-i32.exe
     May 17, 2007
     May 17, 2007
     15.49 MB
     
    Vijayaraja: Please click the link to download the latest Intelligent updater http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
    Cassiopeia: I did, see above
    Vijayaraja: Please click the link and run the online virus scan http://service1.symantec.com/SUPPORT/analyzer.nsf/docid/2002031510570647
    Cassiopeia: what good will that do other than waisting my valuable business time.
    Vijayaraja: Please note that Norton deleted the virus which is in email program.
    Cassiopeia: There was NO virus!!!!
    Cassiopeia: The latest VirusdefUpdate and Intel Update detects and removes a perfectly VALID email program file!
    Vijayaraja: Please note that in order to fix the issue you have to reinstall  the email program or please contact your email program to fix the issue.
    Cassiopeia: I DID THAT! NORTON CONTINUES TO DELETE THE FILE!!! GET ME AN UPDATED VIRUSDEF VERSION THAT WILL NOT DELETE THE PROGRAM FILE IN ERROR NOW!
    Vijayaraja: Alright, please note the link and run the latest Virus definition http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
    Vijayaraja: Please run the virus definition after two days, so that latest version of virus definition will be there.
    Cassiopeia: it is still the same def that is causing the problem in the first place! 20070517-018-i32.exe

    Cassiopeia: 2 DAYS!!!! I cannot wait 2 days!
    Cassiopeia: I'm running a business and have deadlines
    Vijayaraja: Please accept my apologies for the inconvenience.
    Cassiopeia: THAT IS NOT GOOD ENOUGH!
    Cassiopeia: NORTON NEEDS TO FIX THIS NOW!
    Cassiopeia: Is there a way to manually remove something from the VirusDefinition List
    Vijayaraja: Please note that in order to fix the issue, I suggest you to contact the Virus removal queque and they will fix the issue.
    Vijayaraja: Please click the link to contact the virus removal support  http://www.symantec.com/vremoval
    Cassiopeia: NO, YOU WILL DO THAT RIGHT NOW....I DONT HAVE TIME TO START THIS WHOLE DISCUSSSION ALL OVER AGAIN
    Cassiopeia: I ALREADY WASTED 3 HOURS ON THIS BS
    Vijayaraja: Please note that this issue occurred due to virus removal. So, in order to fix the issue you need to contact the Virus removal queue.
    Vijayaraja: I am sure, they will fix the issue with virus definition.
    Vijayaraja: Is there anything else I can help you with?
    Cassiopeia: THIS ISSUE OCCURED DUE TO AN ERROR OF NORTON. THIS ISSUE HAS COST ME 3 HOURS OF MY BUSINESS TIME AND POTENTIAL CLIENTS. THIS ISSUE WILL NOT GO AWAY.
    Cassiopeia: YOU COULD HAVE TOLD ME 2 HOURS AGO THAT I SHOULD TALK TO VIRUS REMOVAL. INSTEAD YOU HAVE WASTED MY TIME.
    Vijayaraja: Please contact Virus removal support to fix the issue
    Vijayaraja: Thank you for contacting Symantec Live Technical Support. It was a pleasure assisting you.
    Vijayaraja: Analyst has closed chat and left the room

  •  05-17-2007, 21:08

    • tummez is not online. Last active: 05-17-2007, 21:38 tummez
    • Not Ranked
    • Joined on 05-17-2007
    • Member
    • Points 5

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Same here. Hope this will be solved soon.
  •  05-17-2007, 21:57

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    NetwareRulez:

    Yep!  Same here using Symantec SAVCE. Started since virus defs 17th may 2007 rev 18

    Ron

     
    Running the same setup, with rev 18 as well and nothing is found at my computer... 


    Han van den Bogaerde - support@vandenbogaerde.net
    Member of Pegasus Mail Support Group.
    My own Pegasus Mail related web information:
    http://www.vandenbogaerde.net/pegasusmail/
  •  05-17-2007, 22:03

    • Cassiopeia is not online. Last active: Nov 20, 2010, 1:25 Cassiopeia
    • Top 150 Contributor
    • Joined on 05-17-2007
    • Muskoka Ontario
    • Member
    • Points 565

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    So far no luck as you can see from my edited post above. UNBELIEVABLE!
  •  05-17-2007, 22:08

    • pbm is not online. Last active: 12-07-2013, 21:47 pbm
    • Top 150 Contributor
    • Joined on 05-17-2007
    • Member
    • Points 615

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Could someone suggest a workaround?  I'm lost without email

     

     

  •  05-17-2007, 22:11

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Me too. I'll let you know if I find a work around.
  •  05-17-2007, 22:11

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Same thing happened to me.  The workaround: restore the file from quarantine.  Go to "history" in Norton Antivirus and select "restore" for the most recent item (hopefully WINPM-32.EXE.  Since I did that, NAV (2007, in my case) didn't try to remove it again.

    I've had several false positives over the last several months and the last time, I spent an hour trying to figure out how to report the false positive before I finally gave up.  I asked around at work, and folks seem to like TREND MICRO's antivirus better than NAV these days -- it is less resource-intensive.  I've had enough (especially after reading that completely useless chat above) and I'm switching.

  •  05-17-2007, 22:12

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    pbm:

    Could someone suggest a workaround?  I'm lost without email

     

     

    Depending on the scanning software engine used, you can use the exclusion list in "file system auto protect" advanced button. Menu option might or might not be available, depending on the setup. Other virus scanners do probably have the same possibility?

     

     

     


    Han van den Bogaerde - support@vandenbogaerde.net
    Member of Pegasus Mail Support Group.
    My own Pegasus Mail related web information:
    http://www.vandenbogaerde.net/pegasusmail/
  •  05-17-2007, 22:21

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    Han had the key. Go into Symantec AntiVirus>Configure>File System Auto-Protect and take the check out of the check box. Now reinstall Pegasus. Everything should 
    be fine until the next time Norton's does it's next scan. I'm hoping that tomorrow when the new definitions come out this will all be fixed. I also went into scan>full scan 
    and told it not to search the pmail folder. Hopefully when I come in tomorrow I'll still have email.
  •  05-17-2007, 22:24

    • scoek is not online. Last active: 05-18-2007, 5:51 scoek
    • Not Ranked
    • Joined on 05-17-2007
    • Member
    • Points 50

    Re: Norton AntiVirus detecting winpm-32.exe as Trjan.Dropper!!!!

    I had the same thing happen. It suddenly occurred at ~ 1:50 EDT minutes after the new virus definitions were downloaded.

    I've been able to work around the issue by adding winpm-32.exe to the AV exclusions list. I had to first turn off real-time scanning so that I could restore the winpm-32.exe file which allowed me to select if from a list in AV user interface. I'm using Symantec Antivirus v10.1 so it might have a different GUI than what you have. In my version the setting is in Configure/File System Auto-Protect/Exclusions/Files&Folders.

Page 1 of 6 (86 items)   1 2 3 4 5 Next > ... Last »
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page