Symantec Antivirus Corporate Edition here at work has identifed W32.Frethem.Gen@mm attached to my Crazy Browser. I uninstalled and during reinstall that I downloaded a fresh copy of from the website I got the same virus as being found. Anyone else have this problem or willing to test it? I've been using Crazy Browser for some time and hope that there is no actual virus in it.

Links:

www.crazybrowser.com

http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem.gen@mm.html

I have that virus too right now. It's not Crazy Browser's fault, you've probably got over a hundred files that are infected and it gets infected almost immediatley upon reinstall. Sucks, but not a big deal, I'm just going to throw my videos and music on DVD+RWs and reformat. I needed to do it anyways.

Crap. This machine is not for me to reformat. They usually just bring out a new hard drive and stick it in (front loading removable hard drives). Crazy Browser was the only file it found and quarentined. This happened on four separate computers and only the Crazy Browser EXE file was found to the infected on each one. Seeing as how we are not supposed to be installing anything not approved by work on work computers I really don't want IS to have to bring another hard drive out. A scan by Trend Micro's online virus scanner found nothing.

If you have already been to the Symantic Security Response site, then im sure I dont have to tell you, you're in deeep shit.

I can only hope that you have a person who is in charge of your networks, etc, that knows what they are doing.

Get the removal tool here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.frethem.removal.tool.html

PRINT THAT PAGE OUT.


Download the exe to each machine in question.

Then, unplug the network cables.

Run the FixFreth.exe on each machine, more than once, in fact, reboot them, run it again. Do not send emails, and consider every password compromised. After you are sure that your systems are freed, employ a new password scheme.

Also do not rejoin the network with these machines untill you are satisfied they are cleaned.

After you think they are cleaned, and rejoin the network, scan them again, and use the links in my sig as a 2nd and 3rd set of scans.

cheers

Thanks Krell for joining in, I was hoping you would because I believe in your powers.

Ok, I found my answer. Apparently it was a false positive. My friend at work here found out more about it today at: http://www.dslreports.com/forum/remark,6461759~root=security,1~mode=flat

I was relieved to say the least. Thanks guys for helping.

i was going to reply to this earlier, but it was better to be safe by checking it out. What I was thinking was that at times heuristics as used by norton, does at times give false positives.

bobhss, I certainly hope thats your case.

What would be worse than having the virus, is to think that you really DONT have the virus, then still have the virus . . . .


ok I need more caffiene now