SAFE fails to delete Trojan downloader

Aspirant

SAFE fails to delete Trojan downloader

Hi, F-Secure SAFE fails to delete something apparently called W97M.Downloader. It does however delete malignant files, ALMOST all of them, that's about 150-200, 2-4 per minute. Once that is done I get about an hour of working freely with the computer before the process, which takes a couple of hours, starts all over. I've run all the tools available to me and routinely get the "all clear" message - which is obviously incorrrect. Most annoying of all is maybe that F-secure shoots a window saying "malignant file found" and "you have new notices" fore EVERY one of the deleted files found.

 

For the files not deleted, 1-3 out 150-200, I'm told that I'm not authorized to remove them or that they are protected.

 

What can I do to get rid of this crap?

 

Any help appreciated!

 

Michael

 

FSEC1.JPGFSEC2.JPG

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Superuser

Re: SAFE fails to delete Trojan downloader

Hello,

 

I'm also just F-Secure user. So, it will be just my suggestions only.

And I recommend to contact direct F-Secure Support channels:  https://www.f-secure.com/en/web/home_global/support/contact-chat  (chat as example); With such step - they will be able to check your system directly.

 

But - if it will be with delay (or not an option) - I can to add next words:

 

As it noted with page (from your screenshot) - https://www.f-secure.com/v-descs/w97m_downloader.shtml

 

It should be something for Word (and there "downloader" such malicious word/macros  file, which will be as result also trying to download other malicious software);

 

But my brief search for such detection (from your another screenshot) - most of malicious (?!) files, which F-Secure marked as "W97M.Downloader.EYJ" about "Excel"?

And usually have name as "Certificate_*numbers*.xls" . Do you have recently experience about downloading or get by mail-letter something with such name and opening it?!

 

As example - information under virustotal:

https://virustotal.com/en/file/29f0a38f3004810a5b2ac95f0b5c01eaa1b430de27774a013a1b380307bda1c8/anal...

 

https://virustotal.com/en/file/c61b10a8fd62a9db27d3ee5115b1f801c80ea0c5139bc4ff6c017582cee6743b/anal...

 

==================

 

Under your screenshot there "tmp"-filename - so looks like that it downloading at real-time (maybe during browsing time or when you open certain software?!); With such situation - you maybe have to re-check that there missing any addong/plugins/extension under the browsers (or under system with Control Panel) which not expected for you there.

Or which just recently installed.

 

"""Most annoying of all is maybe that F-secure shoots a window saying "malignant file found" and "you have new notices" fore EVERY one of the deleted files found."""

 

Usually this happened, when F-Secure detected (as real-time scanning) multiple files per small time.

?! So - if there another malicious files, which downloading or unpacked such certain malicious known file... it prevented and detected by F-Secure each time.. when it happened.

If it happened so often - good to know - when certainly (if it happened during certain steps or using something); But anyway - most likely good to get Support help from F-Secure directly. They able to get diag-logs and check more.

 

Also - if you already tried "Full Scan" by F-Secure (Main UI -> Tools -> Scan Option -> Full System Scan); and nothing found... so I can to ask about one point:

 

Under your screenshot destination/location of this detected file under "Norman"-file.

Does it Norman AS software? As there quarantine - does it security solution (which I thought already not available for Home users mostly.. and they replaced by AVG) or spam-protection?

 

Does it possible - that you run both software F-Secure SAFE and Norman Security solution? If yes - maybe there is false-positive detection for Norman's signatures (but because there is quarantine folder - most likely not.. just if Norman detect F-Secure's signatures ... and than F-Secure detect it?! - which not likely) or if Norman detect some malicious files and quarantined (as false-positive?! or not); or certain spam-mail-letters.

As result - there both software trying to remove/delete/block such files.. and maybe it will trigger this hard steps.

 

Sorry for my long reply. I think that most helpful step will be contact F-Secure Support directly (as chat maybe) or you able to answer also there... and maybe other Community users able to add some of good suggestions. Or if there is known situation.

 

Thanks!

View solution in original post

3 REPLIES 3
Highlighted
Superuser

Re: SAFE fails to delete Trojan downloader

Hello,

 

I'm also just F-Secure user. So, it will be just my suggestions only.

And I recommend to contact direct F-Secure Support channels:  https://www.f-secure.com/en/web/home_global/support/contact-chat  (chat as example); With such step - they will be able to check your system directly.

 

But - if it will be with delay (or not an option) - I can to add next words:

 

As it noted with page (from your screenshot) - https://www.f-secure.com/v-descs/w97m_downloader.shtml

 

It should be something for Word (and there "downloader" such malicious word/macros  file, which will be as result also trying to download other malicious software);

 

But my brief search for such detection (from your another screenshot) - most of malicious (?!) files, which F-Secure marked as "W97M.Downloader.EYJ" about "Excel"?

And usually have name as "Certificate_*numbers*.xls" . Do you have recently experience about downloading or get by mail-letter something with such name and opening it?!

 

As example - information under virustotal:

https://virustotal.com/en/file/29f0a38f3004810a5b2ac95f0b5c01eaa1b430de27774a013a1b380307bda1c8/anal...

 

https://virustotal.com/en/file/c61b10a8fd62a9db27d3ee5115b1f801c80ea0c5139bc4ff6c017582cee6743b/anal...

 

==================

 

Under your screenshot there "tmp"-filename - so looks like that it downloading at real-time (maybe during browsing time or when you open certain software?!); With such situation - you maybe have to re-check that there missing any addong/plugins/extension under the browsers (or under system with Control Panel) which not expected for you there.

Or which just recently installed.

 

"""Most annoying of all is maybe that F-secure shoots a window saying "malignant file found" and "you have new notices" fore EVERY one of the deleted files found."""

 

Usually this happened, when F-Secure detected (as real-time scanning) multiple files per small time.

?! So - if there another malicious files, which downloading or unpacked such certain malicious known file... it prevented and detected by F-Secure each time.. when it happened.

If it happened so often - good to know - when certainly (if it happened during certain steps or using something); But anyway - most likely good to get Support help from F-Secure directly. They able to get diag-logs and check more.

 

Also - if you already tried "Full Scan" by F-Secure (Main UI -> Tools -> Scan Option -> Full System Scan); and nothing found... so I can to ask about one point:

 

Under your screenshot destination/location of this detected file under "Norman"-file.

Does it Norman AS software? As there quarantine - does it security solution (which I thought already not available for Home users mostly.. and they replaced by AVG) or spam-protection?

 

Does it possible - that you run both software F-Secure SAFE and Norman Security solution? If yes - maybe there is false-positive detection for Norman's signatures (but because there is quarantine folder - most likely not.. just if Norman detect F-Secure's signatures ... and than F-Secure detect it?! - which not likely) or if Norman detect some malicious files and quarantined (as false-positive?! or not); or certain spam-mail-letters.

As result - there both software trying to remove/delete/block such files.. and maybe it will trigger this hard steps.

 

Sorry for my long reply. I think that most helpful step will be contact F-Secure Support directly (as chat maybe) or you able to answer also there... and maybe other Community users able to add some of good suggestions. Or if there is known situation.

 

Thanks!

View solution in original post

Aspirant

Re: SAFE fails to delete Trojan downloader

Many thanks for taking the time to reply. Yes, I think there's an old Norman software somehwere, which I haven't used actively for a long time. I'll make sure I delete it. And I will contact F-secure through the chat, good suggestion.

 

Thanks again!

 

Michael

Aspirant

Re: SAFE fails to delete Trojan downloader

Yep, that was it. I managed to delete the old Norman completely, and then ran the F-Secure tools. That did the trick! Everything works fine now. A less on learned: never use two anti-virus programs at the same time!

Thanks for your help!

 

Michael