Norman Virus Removal

  • Thread starter Thread starter John
  • Start date Start date
J

John

I emailed a few friends last night with the Norman website. One called me
tonight to say they had found the 'Microsoft' email, followed the advice in
my email and deleted it from their inbox and recycle bin. They decided to
download the fix from Norman just to be on the safe side, and since then
they cannot access the Internet. It seems to have wiped out an exe file.
Any ideas?

Ref:
http://www.norman.com/virus_info/w32_swen_a_mm.shtml#swenfix

--


Regards

John
 
John,
Why would you use a website nobody ever heard of rather than Symantec or
Trend MacAfee or AVG?
Just a single Google hit too.
I don't know that it's true in this case, but I would bet that there are
sites out there that look 'official' but would unload a script on you as
soon as look at you.
I'd suggest your friend tries a restore point back a day or two, then gets a
Trend online scan.
http://housecall.trendmicro.com/
Hope this helps,
Chek
 
The "Norman" site offered a fix to remove the virus - trend gave very
complex manual instructions.

--


Regards

John

(e-mail address removed)
 
Chek,

Just because you never heard of Norman doesn't mean much. They are one of
the most respected AV companies out there. . .Symantec and McAfee are not in
their league.

Check out this review from PC World regarding Norman:

Catch Viruses at Play
Norman Virus Control 5.6 addresses another shortcoming of antivirus
software: the challenge of blocking a brand-new virus that isn't yet
analyzed and described in a "virus signature" by antivirus experts.

Norman's solution is to run any suspect file in a simulated or virtual
computer that emulates the system environment without letting the file
affect the actual operating system, applications, or data. Files that take
malicious actions in this environment are flagged as dangerous and handled
as if they were confirmed viruses.

This feature builds on a technology called "sandboxing," in which a program
observes a file as it "plays" in a quarantined environment, according to
Carrie Collins, a Norman representative. However, Norman Virus Control 5.6
goes a step further, Collins says. A traditional sandbox only roughly
approximates the real PC and doesn't let the suspect file execute fully.

"Norman's new technology completely emulates the environment that a
potential virus was written for," Collins says. "This virtual, simulated
computer is complete with BIOS; file shares and other network connections;
pretend files; e-mail. The virus is given every reason to think this
environment is real--but it is completely simulated."

Collins says Norman has been gradually introducing this feature in its
antivirus product over the past year. Version 5.6 represents the first full
implementation, and the first time the feature has been visible to users.

The program is aimed primarily at businesses. A two-year license for small
businesses with five workstations costs $28 per seat. A one-year single-user
license costs $60. Licenses are also available for corporate networks.

(end of article)


Just because a company has a huge budget for marketing doesn't mean they
provide a great product. Name recognition doesn't really equate to good
products.
 
They certainly DESERVE name recognition.


Sir_George said:
Chek,

Just because you never heard of Norman doesn't mean much. They are one of
the most respected AV companies out there. . .Symantec and McAfee are not in
their league.

Check out this review from PC World regarding Norman:

Catch Viruses at Play
Norman Virus Control 5.6 addresses another shortcoming of antivirus
software: the challenge of blocking a brand-new virus that isn't yet
analyzed and described in a "virus signature" by antivirus experts.

Norman's solution is to run any suspect file in a simulated or virtual
computer that emulates the system environment without letting the file
affect the actual operating system, applications, or data. Files that take
malicious actions in this environment are flagged as dangerous and handled
as if they were confirmed viruses.

This feature builds on a technology called "sandboxing," in which a program
observes a file as it "plays" in a quarantined environment, according to
Carrie Collins, a Norman representative. However, Norman Virus Control 5.6
goes a step further, Collins says. A traditional sandbox only roughly
approximates the real PC and doesn't let the suspect file execute fully.

"Norman's new technology completely emulates the environment that a
potential virus was written for," Collins says. "This virtual, simulated
computer is complete with BIOS; file shares and other network connections;
pretend files; e-mail. The virus is given every reason to think this
environment is real--but it is completely simulated."

Collins says Norman has been gradually introducing this feature in its
antivirus product over the past year. Version 5.6 represents the first full
implementation, and the first time the feature has been visible to users.

The program is aimed primarily at businesses. A two-year license for small
Click to expand...
 
Sir_George
What you say is very true, and I did not mean to imply anything negative per
se.
Nevertheless the reality is that out on the internet, name recognition is
one of the few discriminators we users can employ.
I wish Norman well with their system (though it does sound (to me) similar
to heuristic techniques).
But one mention on Google?
I'd advise them to increase their public profile a lot.
Thanks for the info, I appreciate the response.
Meanwhile, I wonder what the cause of John's problem is?
Chek
 
John,
After reading the article posted by Sir_George, I can see the merit in the
virtual environment approach that Norman are using.
My feeling is that it would take a good script to reverse the changes that
viruses and trojans make. But hey - if there's an easier option I'm all for
it.
As it does not seem to have been completely successful though, I would print
out the Trend removal instructions.
They probably seem a lot more daunting to read, but should become clearer as
you follow the steps on the PC itself.
Hope this helps,
Chek
 
Chek,

I'm not sure what may have caused the problem, but I just suggested to John
that System Restore may provide a possible solution.

In response to your reply regarding Norman, they probably should increase
their marketing endeavors.

P.S. A good web site to visit regarding AV programs, if you want to see how
they are doing, is Virus Bulletin at
http://www.virusbtn.com/vb100/archives/products.xml?table
which rates companies AV products. You'll probably find a couple of
companies you haven't heard of before and may find a better AV program than
the one you are using. Then again you may find the one you have is getting
good marks.
 
I will be making the suggestion today. Thanks for your help..

I would appreciate any further views on the "Norman" fix - it certainly
seemed more attractive than the 5 pages of instructions on the Trend site -
or the 12 pages on the Symantec site.

I put the infected file into my recycle bin and found that my programmes
wouldn't open and that is when I realised I needed a better fix.


--


Regards

John
 
John,

What you describe appears to be fixed by following these steps;

1.. Download SwenFix.exe from http://www.norman.com/public/swenfix.exe to
the root of your c:\ drive. Even though you will have problems running most
programs, your Internet Explorer should start, thus enabling you to download
the fix.
2.. Try to start a program, for example Start | Programs | Norman Virus
Control | Utilities. (This will fail to start)
3.. A message box with the following properties will now pop up
Title: Program not found
Text: Windows cannot find %name of deleted infected file%. This file is
needed for opening files of type ‘MS-DOS Application’
Location of %name of deleted infectedfile%

Write down the name of the file this dialog asks for.

d.. Rename SwenFix.exe to the name you wrote down in the step above:
a.. Open My Computer, browse to the SwenFix program you downloaded in
step 1, right-click it and select Rename.
Be particularly observant whether the name is displayed with or without
extension.
SwenFix.exe (with extension)
SwenFix (without extension)

b.. Type the name of the file that you wrote down previously. If SwenFix
is displayed without extension, type the name of the file without extension
and vice versa.
e.. Double-click your renamed fix. You will now be able to run it to
complete the removal.
HTH
 
Back
Top