Pegasus Mail & Mercury

Yes, the subject IS NOT A JOKE!

The newest virus definition update from Norton AntiVirus has just successfully removed the winpm-32.exe file in the PMAIL/Programs directory. Norton deteced it as a so called Trojan.Dropper!!!!

 Anybody else?

Yep!  Same here using Symantec SAVCE. Started since virus defs 17th may 2007 rev 18

Ron

The same thing just happened to me a few minutes ago.  This could turn into a major pain :(

I am on support chat with Norton right now.

Let us know what they plan to do to correct the false detection.

 

Thanks

Dale 

 
Chat ID: 79d3abd8-45e9-4d15-8e2f-0f2fc939e9d0
Problem : Latest VirusDefinition update detects winpm-32.exe as a Trojan.Dropper. This program file is a valid Pegasus Mail (www.pmail.com) program file.
Vijayaraja: Hello Cassiopeia. My name is Vijayaraja.
Vijayaraja: Thank you for contacting Symantec Live Technical Support. Please make a note of Chat Request Id [ 323007] for this interaction.
Cassiopeia: Hi Vijayaraja
Vijayaraja: I understand that you are getting trojan horse message. Am I correct.
Cassiopeia: yes, Norton has REMOVED the program file. NOTE: This is not a Trjoan.Dropper. It a valid program file. See forum link, it appears to happen to every PMAIL user that also uses Norton.
Cassiopeia: http://community.pmail.com/forums/662/ShowThread.aspx#662
Vijayaraja: This issue may occurred  due to some virus.
Vijayaraja: In order to fix the issue we need to  run the online virus scan.
Cassiopeia: No, I do NOT have a virus. Norton' VirusDefinition has deteced the program file by mistake. It must be an error in the lastest update.
Vijayaraja: Now, please run the LiveUpdate and let me know the status.
Cassiopeia: I did and there is no new update because I just did run LiveUpdate after which Norton detected winpm-32.exe as a Trojan.Dropper and REMOVED IT!
Cassiopeia: I am telling you this is happening to other Pegasus Mail users too, so NO it is not a Virus.
Vijayaraja: Now, please run the update and let me know whether you will get the same error.
Cassiopeia: It is an error in the Virus defintion update.
Cassiopeia: How quickly will Norton resolve this issue for Pegasus Mail users
Vijayaraja: May I put you on hold for 2-3 minutes while I investigate this issue further?
Cassiopeia: yes.
Vijayaraja: Thank you for being on hold. I appreciate your patience.
Cassiopeia: ok.
Vijayaraja: Please check whether the system date and time is correct.
Cassiopeia: yes, it is correct.
Vijayaraja: Please run the full system scan.
Cassiopeia: Are you giving me the run around?
Cassiopeia: I do not appreciate that at all.
Vijayaraja: No, please note that for virus definition issue we have to run the full system scan.
Vijayaraja: If the issue still persists we need to run the Intelligent updater (latest virus definition) to fix the issue.
Vijayaraja: Nora, please run the full system scan and check for the issue.
Cassiopeia: Of course there will be NO issue because the program file Norton thinks is a Trojan has been REMOVED!!!!
Vijayaraja: Nora, please note that previously you got trojan and its removed.
Vijayaraja: Hence the issue is resolved. For further concern please run the intelligent updater to update the Virus definition.
Vijayaraja: Please click the link to download the Intelligent updater http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
Cassiopeia: Are you braindead? I said that the program file Norton thought was a Trojan and removed it, is NOT A TROJAN!!!
Cassiopeia: Are you going to advise every pegasus Mail user of this issue? Right Now?
Vijayaraja: Alright, could please let me know the exact issue you are facing right now.
Cassiopeia: As of this moment I do no longer have my email program file winpm-32.exe because Norton thougt it was a trojan and removed it. Ergo, I cannot access my email program, ergo I need re-assurance that the IntelligentUpdater will have fixed that issue and that Norton is taking steps to send out an advisory informing people of the error in the latest LiveUpdate Virusdef.
Vijayaraja: May I know whether you can access the browser?
Cassiopeia: ? yes of course.
Vijayaraja: May I know whether you can access the email?
Cassiopeia: of course not, not without the program file needed to run it
Cassiopeia: I am now attempting to re-install the prgram after having downloaded the IntelUpdate
Cassiopeia: OK. So, Norton is not allowing me to re-install the program because it automatically removes the program file, because the IntelUpdate is the same as the Latest LiveUpdate update.
Cassiopeia: How quickly can Norton re-issue a Virusdef update!
Cassiopeia: 20070517-018-i32.exe
 May 17, 2007
 May 17, 2007
 15.49 MB
 
Vijayaraja: Please click the link to download the latest Intelligent updater http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
Cassiopeia: I did, see above
Vijayaraja: Please click the link and run the online virus scan http://service1.symantec.com/SUPPORT/analyzer.nsf/docid/2002031510570647
Cassiopeia: what good will that do other than waisting my valuable business time.
Vijayaraja: Please note that Norton deleted the virus which is in email program.
Cassiopeia: There was NO virus!!!!
Cassiopeia: The latest VirusdefUpdate and Intel Update detects and removes a perfectly VALID email program file!
Vijayaraja: Please note that in order to fix the issue you have to reinstall  the email program or please contact your email program to fix the issue.
Cassiopeia: I DID THAT! NORTON CONTINUES TO DELETE THE FILE!!! GET ME AN UPDATED VIRUSDEF VERSION THAT WILL NOT DELETE THE PROGRAM FILE IN ERROR NOW!
Vijayaraja: Alright, please note the link and run the latest Virus definition http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005103109480139
Vijayaraja: Please run the virus definition after two days, so that latest version of virus definition will be there.
Cassiopeia: it is still the same def that is causing the problem in the first place! 20070517-018-i32.exe

Cassiopeia: 2 DAYS!!!! I cannot wait 2 days!
Cassiopeia: I'm running a business and have deadlines
Vijayaraja: Please accept my apologies for the inconvenience.
Cassiopeia: THAT IS NOT GOOD ENOUGH!
Cassiopeia: NORTON NEEDS TO FIX THIS NOW!
Cassiopeia: Is there a way to manually remove something from the VirusDefinition List
Vijayaraja: Please note that in order to fix the issue, I suggest you to contact the Virus removal queque and they will fix the issue.
Vijayaraja: Please click the link to contact the virus removal support  http://www.symantec.com/vremoval
Cassiopeia: NO, YOU WILL DO THAT RIGHT NOW....I DONT HAVE TIME TO START THIS WHOLE DISCUSSSION ALL OVER AGAIN
Cassiopeia: I ALREADY WASTED 3 HOURS ON THIS BS
Vijayaraja: Please note that this issue occurred due to virus removal. So, in order to fix the issue you need to contact the Virus removal queue.
Vijayaraja: I am sure, they will fix the issue with virus definition.
Vijayaraja: Is there anything else I can help you with?
Cassiopeia: THIS ISSUE OCCURED DUE TO AN ERROR OF NORTON. THIS ISSUE HAS COST ME 3 HOURS OF MY BUSINESS TIME AND POTENTIAL CLIENTS. THIS ISSUE WILL NOT GO AWAY.
Cassiopeia: YOU COULD HAVE TOLD ME 2 HOURS AGO THAT I SHOULD TALK TO VIRUS REMOVAL. INSTEAD YOU HAVE WASTED MY TIME.
Vijayaraja: Please contact Virus removal support to fix the issue
Vijayaraja: Thank you for contacting Symantec Live Technical Support. It was a pleasure assisting you.
Vijayaraja: Analyst has closed chat and left the room

Same here. Hope this will be solved soon.

NetwareRulez:

Yep!  Same here using Symantec SAVCE. Started since virus defs 17th may 2007 rev 18

Ron

 
Running the same setup, with rev 18 as well and nothing is found at my computer... 

---

Han van den Bogaerde - support@vandenbogaerde.net
Member of Pegasus Mail Support Group.
My own Pegasus Mail related web information:
http://www.vandenbogaerde.net/pegasusmail/

So far no luck as you can see from my edited post above. UNBELIEVABLE!

Could someone suggest a workaround?  I'm lost without email

 

 

Me too. I'll let you know if I find a work around.

Same thing happened to me.  The workaround: restore the file from quarantine.  Go to "history" in Norton Antivirus and select "restore" for the most recent item (hopefully WINPM-32.EXE.  Since I did that, NAV (2007, in my case) didn't try to remove it again.

I've had several false positives over the last several months and the last time, I spent an hour trying to figure out how to report the false positive before I finally gave up.  I asked around at work, and folks seem to like TREND MICRO's antivirus better than NAV these days -- it is less resource-intensive.  I've had enough (especially after reading that completely useless chat above) and I'm switching.

pbm:

Could someone suggest a workaround?  I'm lost without email

 

 

Depending on the scanning software engine used, you can use the exclusion list in "file system auto protect" advanced button. Menu option might or might not be available, depending on the setup. Other virus scanners do probably have the same possibility?

 

 

 

---

Han van den Bogaerde - support@vandenbogaerde.net
Member of Pegasus Mail Support Group.
My own Pegasus Mail related web information:
http://www.vandenbogaerde.net/pegasusmail/

Han had the key. Go into Symantec AntiVirus>Configure>File System Auto-Protect and take the check out of the check box. Now reinstall Pegasus. Everything should 
be fine until the next time Norton's does it's next scan. I'm hoping that tomorrow when the new definitions come out this will all be fixed. I also went into scan>full scan 
and told it not to search the pmail folder. Hopefully when I come in tomorrow I'll still have email.

I had the same thing happen. It suddenly occurred at ~ 1:50 EDT minutes after the new virus definitions were downloaded.

I've been able to work around the issue by adding winpm-32.exe to the AV exclusions list. I had to first turn off real-time scanning so that I could restore the winpm-32.exe file which allowed me to select if from a list in AV user interface. I'm using Symantec Antivirus v10.1 so it might have a different GUI than what you have. In my version the setting is in Configure/File System Auto-Protect/Exclusions/Files&Folders.