Virus: JS.Fortnight

I Need some guidance. I get a message from Norton Antivirus that my PC is infected with virus JS.Fortnight. I ran several times the NAV scan and it found no virus. But I keep getting the message from NAV and everytime it refers to a different file:
for instance: wbk7FB.tmp; wbk2F0.tmp; wbk2DA.tmp. It also says access to the file was denied.

I checked the location the NAV gives me fro these files and they are not there. But when I check within NAV for quarrantined files none are shown.

Pls reply ASAP

 

please read the tech document on this virus. at the bottom is the removal instruction..

http://securityresponse.symantec.com/avcenter/venc/data/js.fortnight.html

Welcome to Major Geeks

 

Virus: JS. Fortnight

Hi Kodo:
Thanks yr rply.
I followed all the instructions given by Symantec, but as I mentioned initially when I ran the NAV scan it does not detect any virus in my PC. Additionally, when when I ran regedit, as recommended by Symantec, the keys they refer to are not there. In other words none of the actions they recommended can be executed.

 

can you try to pinpoint the actions that you are performing when NAV says the virus exists?

 

Hi Kodo:
I followed all instructions as given by Symantec: 1- I did a full scan and did not find the file that the Virus alert referred to. 2- I ran Regedit and did not find the keys that Norton Antivirus referred to. I repeat I followed all the instructions but I could not execute any of the actions required because the files/keys are not there. One last thing is that in addition I searched for the files that the alert gave me but my PC can't find any of them and I still get the virus alert.
The Norton alert says the following:
"Norton AntiVirus Virus Alert:
NAV has detected a virus on your computer.
Object Name: Documents and settings\.............Local settings\wbkEAE.tmp
Virus Name: JS.Fornight
Action Taken: Unable to repair file."

So when I searched for wbkEAE.tmp it can't be found anywhere and it's not quarrantined in Norton neither
pLS ADVISE AS i JUST GOT SEVERAL MORE ALERTS WITH FILES SUCH AS wbkEC2@.tmp; wbkEDC.tmp; wbkEC4.tmp
Thanks

 

I understand that you tried to follow NAV's instructions, however I more referring to what YOU are doing at the very instance that NAV pops up saying that the virus is found. Do you have your browser open, are you in a word processor, what exactly are you doing at the very moment it prompts you. I'm trying to figure out how to help you but it's difficult if I don't have a picture what you're doing when it happens.
The .TMP file are temporary files. Now the virus could have infected them or they could be the virus itself disguised as temp files. I don't know. If it's in your local settings it's typically related to INTERNET CACHE.

 

NAV pops up when I click on email messages from a single individual. He works for our company and is located in Shanghai, China. I asked him this morning to scan his PC and he reported that his PC is clean and found no viruses. I used Outlook Express for email. Also very peculiar is the fact that it happens only on my PC at home. This morning I cliked on the same messages at the office and no NAV alert popped up.
I have no other programs open. Again I repeat I searched for the files the NAV alert gave me and none were found.

 

AELSNER, In your search menu, do you have it set to include HIDDEN files and folders, in the advanced settings? Seems if you got the exact file names Norton is reporting, you should be able to search them out with the search option.

 

I searched once again for the file names (including all hidden files given by the Norton AV alert ) and none were found.
The problem still persists at my home PC. However at my office PC no signs of any problems even thuogh I click on the same email messages (within Outlook express).

My Home PC has Windows XP and my office PC has Windows XP Professional
Pls advise Thanks a lot!

 

Aelsner.......This is so weird. Let's go over this, and make sure all the info is straight here. We're talking about a message(s) in your Outlook inbox, from a certain individual. At work.....you can open and read them, with no problem. At home......Norton is detecting the same mail(s), as containing the virus. All that correct?
Next question: Do you get an alert that your computer is infected at any other time......or ONLY when you try to open those particular mails?
And did you try to simply delete those mails from your inbox? Or are you unable to, or have you already done so?
Brian

 

AELSNER...........I further looked into this, and if anyone else on this board agrees, or disagrees with me, please post. This worm contains a JavaScript. When you open an infected mail, it's supposed to direct you to a porn site. I believe that Norton Auto-Protect is detecting the mail as being infected, and thereby preventing you from opening it in the first place. Seems like if Auto-Protect isn't allowing you to open the mail, the worm is not really infecting your computer, but is still infact contained within the email itself. This is a little confusing to some people sometimes, because Norton's reports "your computer" is infected, when in fact, the worm or virus is really still contained in an email, and not really "unleashed". Usually simply deleting the email from the inbox, will get rid of the whole mess.
Anyone else care to comment on this??? KODO.......Where are you?

 

Hi Guys! Thanks for your attention.
In ref. to Brian C's questions which I am repeating here in quotation marks:
"At work.....you can open and read them, with no problem. At home......Norton is detecting the same mail(s), as containing the virus. All that correct?" ......... YES this is correct

"Do you get an alert that your computer is infected at any other time......or ONLY when you try to open those particular mails?"
Only when I open those particular emails

"And did you try to simply delete those mails from your inbox? Or are you unable to, or have you already done so." ..........Since in my office I do not get the alert I moved these emails to my local folder (Within Outlook Express)

But the problem persists at home - All emails that I click on from this individual, Jack, who happens to be our employee, I get the alert at home but not in my office. In my office we have Norton's AV server edition. Jack reported two days ago his PC is clean after running a scan.

Please advise

 

Thankx for some more input Halo. I agree it could be being held in the restore files as well. But I'm really thinking Nortons isn't allowing it to open. I really think the emails need to be deleted completly, for the alert to go away. I'm guessing, and this is only a guess mind you, that for security reasons, the computer at the office has some sort of restriction on what type of scripting it can recieve. And therefore, the infected part of the mail is not even going thru. I DO however believe that JACKS computer is indeed carrying the worm.
And somebody else help me out here........ If Al moved these mails to his "local folder", aren't the still technicaly in his home computers Outlook program??
I really really think, if Nortons is giving an alert when you try to open the mail, it's indeed doing its job, and not letting the mail open and the worm unleash. From what I understand, the virus sets itself in Outlooks signature file, and sends itself with every email you send out. Also, it hijacks the IE home page, and changes it to some porn site address. So see if your IE home page has been changed, and also try sending YOURSELF an email, and scan the mail you send yourself for viruses. I really think you're all set Al. I'm thinkin it's Jack that got the problem.

 

I agree with Brian and the others,

At work, our mail servers have their own AV and filter out any 'unsafe' attachments etc. on e-mails, sometimes without even telling us. At home, it's up to my AV (AVG) to do the job, and it'll give me an alert as you are describing.

This could lead to the symptoms you're having.

Is it just one e-mail from 'Jack' that gives you this problem or all of them? Have you got old messages from him that you can open?

I'd also suggest that you delete the offending e-mail(s) and you should have no problems, as stated before, it looks as if your AV is working correctly.

 

Thanks a lot guys!
Last night I installed the AVG software that Brain recomended previously in my home PC and it reported no viruses.

Re Lesrae's comments: Not all emails from Jack give me the alert !

 

Lesrae said he used AVG, but I don't think he suggested installing it. If you DID, I would reccomend you uninstall either the AVG or the Nortons. Never a good idea to run two Ani-Virus programs at the same time. I know the Norton products "don't take kindly to strangers" (sort of speak), and you could end up with conflicts between the two programs. Personally, I'd stick with the Nortons. I think it's already proved itself to you.
Brian......or Brain as Al would type it.
Now Alfred, let's go over this dixlexia problem you have. LMAO