Hi guys, I am still trying to figure out whether I have a little nasty on my computer. Funny little things keep happening. Maybe it is nothing .. but maybe it is something. I'm doing all kinds of scans but I have a question concerning PG and Systems work. At startup, a program called symlcsv1.exe is requesting permission to execute from \document and settings\user name\local\temp\symlcsv1.exe. If I don't give permission, it goes into a loop that I cannot get out of. If I give permission, which I do on a one-time basis, a program called symlcsv.exe asks for permission to execute. Does this sound legit? It seems a bit odd to me. Thanks for any advice. Rich
Hi, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe " is related to Norton, but "symlcsv1.exe" seems a mimic, possibly a spyware. If you deny it to launch "always", does your norton products still works ? regards, gkweb.
Hi gkweb, No. PG goes into a loop until I give it one-time permission. I noticed that symlcsvs.exe (the core engine) was recently modified which seemed stranged since it was not modified recently on my other machine. I have completely uninstalled NAV as well as cleaning up any residual folders in Program Files\Symantec and Program Files\Common\Symantec. I have now re-installed and the request for the symlcsv1 seems to have disappeared for now. I will see what happens. If you have any other idea, I would very much appreciate it. Rich
sounds like a trojan. do you still have "symlcsv1.exe"? if you do, you should email a copy of it to DCS for further anaysis. Do you have TDS-3? have you scanned?
Richf, Yes this is worrying, I think it would also be prudent to post a HiJackThis log. You can find the download here: http://www.thespykiller.co.uk/ Please run HJT from it's own folder and paste a copy of the log in your next post. We will then ask the experts to take a look. Pilli
Sorry. While I was going through my process, I did not think to save it somewhere. In fact, all I was thinking about was getting rid of it. However, since it just happened, I may be able to recover it from my disk. If you have a procedure, I can try to recover it. Regards, Rich
richf, Look in your deleted items folder as it may be in there, whilst in the deleted items folder, right click it and send to compressed file, this will create a .zp file which you should then email to support@diamondcs.com.au You could also do a search using desktop explorer by entering the file name and searching "My computer" for any other copies. Don't forget to do an HJT log. Thanks. Pilli
Did anyone ever figure this one out? I have that same file appearing from time-to-time now, and Regrun shutdown monitoring always finds a delayed delete request during shutdown (for the file in the temp folder).
Hi TallCowboy, We no longer analyse HJT logs here except under special circumstances: Please go here: https://www.wilderssecurity.com/showthread.php?t=42148 for further information. Thanks. Pilli