Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SWR_Wizard.exe infected with Trojan Horse


  • Please log in to reply
3 replies to this topic

#1 elayne

elayne

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pittsburgh
  • Local time:05:06 PM

Posted 01 April 2009 - 10:22 PM

A few weeks ago I did a full system recovery on my computer. Right after that I ran Norton Antivirus and it said that My SWR_Wizard.exe was infected with a Trojan Horse and that norton was unable to repair it. I quarantined the file and just hoped that I wouldn't need to do any software repairs before norton or I figured out a way to fix it.

Anyway, I noticed that a lot of my software is no longer working since doing the system recovery and when I try to reinstall it from the CDs the InstallShield Wizard crashes before it's done. I'm able to download software from the internet and install it without a problem, just not from my CDs (they are manufacturer CDs and not bootleg, btw). I thought this issue might have something to do with the software repair wizard being quarantined by Norton.

Anyway, When I try to upload the quarantined file to Symantec it fails. So I was wondering if it would be safe to copy the SWR_Wizard.exe file from another computer with the same operating system, or is there a way that I can open the SWR_Wizard.exe with notebook and manually remove the trojan horse coding from it? Also if you think the SWR_Wizard.exe being quarantined has nothing to do with me not being able to install software from a CD let me know that as well.

All advice is appreciated.

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:06 PM

Posted 01 April 2009 - 10:37 PM

Since I am not really sure what that file does I cannot say if it being quarantined is the reason for you not being able to install things from your CDs. If it is, it seems odd that you can install things you download and not things from CDs, unless the things you have downloaded do not use the Install Shield Wizard.

Do you, or did you, have any signs of being infected before this was flagged?

That file seems to be getting flagged by quite a few anti virus programs (AVG, Kapersky, Norton) and some are saying it is a false positive. I would try an online virus scan of that file and see what happens. Someone else said that after Norton flagged it on their system they scanned that file with the online scan from Bit Defenders and it did not find anything.

If you are running an HP system and this file was in the HP recovery section, then it is probbaly legit.

Before copying that file from another computer to yours, I would scan that file on the other computer with Norton and see if it is also flagged as infected. If it is, it probably is a false positive and you could just restore yours from the quarantine folder.

You might want to check out this from the Norton forum...

http://community.norton.com/norton/board/m...essage.id=36014

Edited by Stang777, 01 April 2009 - 10:58 PM.


#3 elayne

elayne
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Pittsburgh
  • Local time:05:06 PM

Posted 01 April 2009 - 11:02 PM

Thanks Stang

When I tried to submit it again to Symantec it said it was rejecting it because the file did not appear to be infected.

I was having major problems before I did the system recovery. The computer would freeze up after about twenty minutes and I tried to do a system restore several time and that didn't work. I ran Norton right after the system recovery and that was the only thing that came up. I never did like Norton and I only ran it because when I did the system recovery it gave me a free trial all over again.

Everything is working fine now without freezing except for not being able to install software from a CD. I'm going to try restoring it without repair and see if that makes a difference.

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:06 PM

Posted 01 April 2009 - 11:08 PM

You are very welcome.

If Symantecs reason for rejecting it is it is not infected, then I would believe them and consider it a false positive and restore it and put it on the exclusion list for Norton. If you have trouble restoring it, I think that link gives directions on how to do it to keep it from being redetected before you put it in the exclusion list.

Let me know if that fixed your installing problem or causes any problems

Edited by Stang777, 01 April 2009 - 11:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users