Norton Antivirus thinks TiddlyWiki is W32.Feebs
Doug Cuthbertson
using TiddlyWiki for several months. I opened up my journal only to
have Norton Antivirus delete it saying it contained the W32.Feebs
virus. Has anyone else seen this? Fortunately, I have a backup, but I
have to disable NAV before I can copy and use it <sigh>. I've sent a
false-positive report to Symantec. I hope they fix it soon.
daniel....@gmail.com
happy at all NORTON!!! It's just deleted two important files (one is
recoverable, but the other is gone).
Can I undelete a file that NAV has deleted?
On Feb 28, 2:04 pm, "Doug Cuthbertson" <Doug.Cuthbert...@gmail.com>
wrote:
Daniel Baird
;D
--
Daniel Baird
http://tiddlyspot.com (free, effortless TiddlyWiki hosting)
http://danielbaird.com (TiddlyW;nks! :: Whiteboard Koala :: Blog ::
Things That Suck)
daniel....@gmail.com
Go to Norton Internet Security, Click the "Antivirus" section and then
"Reports". In the "Reports" section, select "View Norton Quarantine
and Restore". Then click on the "Security Threats" in the left hand
pane and from there you can choose to restore your files.
***However, if you do this whilst the auto protection scanner is still
running, it'll just automatically remove your file, so disable the
scanner whilst you do this.
Laurent CHARLES
My TW is still open in FF, but I can not save it.
Can you tell me what to do to force the save?
If I retrieve from backup Symactec AV deletes it within seconds!
What can I do?
Thx
-- Laurent
Doug Cuthbertson
work to someplace safe before renabling NAV. - BETTER: update your
virus-scan (see below).
All - I just got a virus-scan update this morning and it seems to have
fixed the issue. I can copy my lost files from backup. When I launch a
scan of the directory NAV reports all is well and the files are still
there. That was a really fast fix!
Doug Cuthbertson
That's great info. I had thought that Norton only backed up
quarantined files and it had said it deleted the "infected" file. My
backup was a couple of days out of date, but I was able to recover the
latest one.
Thanks,
Doug
Daniel Baird
able to find your TiddlyWIki file somewhere in the quarantined files
area?
Cheers
;Daniel
dmdeboy
I'm using Symantec AntiVirus Corporate edition. I found and restored
my backups by clicking on the View dropdown menu and then selecting
"Backup Items." Then you have to highlight what you want backed up,
this will activate the "Restore" button.
Once I updated my Antivirus I was good to go. But it was one heckuva
way to start the morning. All my research is contained in Tiddlywikis.
On Feb 28, 7:27 am, "Daniel Baird" <danielba...@gmail.com> wrote:
> Just to clarify for the other Norton users -- you're saying you were
> able to find your TiddlyWIki file somewhere in the quarantined files
> area?
>
> Cheers
> ;Daniel
>
> On 28/02/07, Doug Cuthbertson <Doug.Cuthbert...@gmail.com> wrote:
>
>
>
> > Daniel,
> > That's great info. I had thought that Norton only backed up
> > quarantined files and it had said it deleted the "infected" file. My
> > backup was a couple of days out of date, but I was able to recover the
> > latest one.
>
> > Thanks,
> > Doug
>
> --
> Daniel Bairdhttp://tiddlyspot.com(free, effortless TiddlyWiki hosting)http://danielbaird.com(TiddlyW;nks! :: Whiteboard Koala :: Blog ::
> Things That Suck)
Laurent CHARLES
Thx
2007/2/28, Doug Cuthbertson <Doug.Cut...@gmail.com>:
--
-- Laurent
NanetteAndrusiak
tiddlywikis are gone (I have three). Fortunately, all the backups were
still there, but I blamed my PocketPC sync....
I restored my backups, and everything seems to be working after the
latest update from Norton.
phil
I stand to lose a lot of test data and reports for the last 60 days.
I have three .... with hours of notes and data... two are backed up. I
think It will get me going... I will be staying late today back all
file to a CD. dang-it!!
sunnyca
quite a state after the NAV deleted my TW files (both standalone and
ccTiddly based) from my PCs. Plus I noticed that NAV reported the
W32.Feebs for many files in both the TW and ccT source code. So I
worried along and sent an email to coolcold.
Luckily I have everything backed up (multiple locations), and was able
to disable NAV and save a backup. Plus NAV's 2/28/07 update is free
of this false-positive. As mentioned above. What a 24 hours we all
seem to have had.
sunnyca
> > latest update from Norton.- Hide quoted text -
>
> - Show quoted text -
daniel....@gmail.com
On Feb 28, 10:27 pm, "Daniel Baird" <danielba...@gmail.com> wrote:
> Just to clarify for the other Norton users -- you're saying you were
> able to find your TiddlyWIki file somewhere in the quarantined files
> area?
Yes I can.
>
> Cheers
> ;Daniel
>
> On 28/02/07, Doug Cuthbertson <Doug.Cuthbert...@gmail.com> wrote:
>
>
>
> > Daniel,
> > That's great info. I had thought that Norton only backed up
> > quarantined files and it had said it deleted the "infected" file. My
> > backup was a couple of days out of date, but I was able to recover the
> > latest one.
>
> > Thanks,
> > Doug
>
> --
> Daniel Bairdhttp://tiddlyspot.com(free, effortless TiddlyWiki hosting)http://danielbaird.com(TiddlyW;nks! :: Whiteboard Koala :: Blog ::
> Things That Suck)
Daniel Baird
https://submit.symantec.com/false_positive/index.html
I think it's important that Norton/Symantec know how many people have
been affected by their error.
;Daniel
shunt
an empty file first (an attempt to clean out the virus?) AND did the
same to my backups. So Norton has removed a year's work in one go. I'm
pretty pissed. Needless to say, I'm looking at how to prevent this
happening again.
Sarah
Jeremy Ruston
Can you confirm that this means that you can't recover the files by
the steps discussed above:
> I found and restored
> my backups by clicking on the View dropdown menu and then selecting
> "Backup Items." Then you have to highlight what you want backed up,
> this will activate the "Restore" button.
I'd very much appreciate any more detailed information from a Norton
user as to what's going on here so that I can post clear recovery
instructions on tiddlywiki.com.
Cheers
Jeremy
>
> Sarah
>
>
> >
>
--
Jeremy Ruston
mailto:jer...@osmosoft.com
http://www.tiddlywiki.com
sb56637
> I'd very much appreciate any more detailed information from a Norton
> user as to what's going on here so that I can post clear recovery
> instructions on tiddlywiki.com.
Make sure to state very clearly that this was Norton's stupidity, and
that TW has never been "infected" or "contaminated", to avoid scaring
off new users. :-{
Justin Baeder
physically gone from my hard drive, with no option to recover. I have
the w32.feebs message in my Norton logs.
Hopefully Norton will offer some sort of fix or compensation - this
was hundreds of hours of work to compile.
Justin
Justin Baeder
are simply deleted, without warning, without asking, without any
options at all. Just gone. There are no recover options that I could
find for 2007, unlike 2006.
Blogged here:
http://www.geektronica.com/2007-02-28-norton-internet-security-deletes-tiddlywiki
Simon Baird
David Shaw
At the risk of starting a 'my anti-virus is better than yours' flame war
- ditch Norton. In my own experience, it is more trouble than it's
worth (although I am aware of many happy users who have not had the
horrendous experiences I have had with anything Norton - then again, I
know of many users who have had just as bad a time as me, YMMV)
Try AVG (which is free for personal use and seems to get almost
universally good reviews) or Kaspersky; Panda also has a pretty devoted
following, but - even if I still ran Windows on my PC - I, personally,
would never allow anything with the name 'Norton' attached to it in the
same room as my PC, let alone onto its hard drive.
Just my opinion,
David Shaw
ken robertson
Like so many others users, Symantec Anti Virus corporate edition has
wiped two TWs, plus their backups, off my USB stick. SAV kept no
backup, no quarantine copy, and this for a threat rated "Risk Level 2:
Low" and "Threat Containment: Easy". I wasn't game to try any
recovery at work while the corporate (and locked down) Symantec was
still running.
Thank you Jeremy for the "Save Backups" option. Had there not been
too many backups of one frequently used TW, I wouldn't have deleted
the excess backups a couple of days ago, and Symantec would have wiped
the bloody lot! As it is I've only lost one TW completely and two
days worth of entries in the busy one. PC File Inspector recovered
the deleted backups that Symantec hadn't zeroed. (www.pcinspector.de)
Interestingly the TW that's gone was a growing catalogue of errors,
stuff-ups, misinformation, etc by our telco. Maybe someone's trying
to send me a message?
My next job is to determine a more robust backup strategy. I suspect
Tiddlyspot's about to get a few more users!
--
Regards
Ken
David Keltie
which seems to be good (and free and open source).
Cheers
David
Mike
On Mar 1, 9:46 am, "David Keltie" <david.kel...@gmail.com> wrote:
> AVG is great - but not free any longer! I've now switched to ClamWin
> which seems to be good (and free and open source).
Going slightly off-topic, but it's worth pointing out that there is
still a free AVG available here:
It's the newest v7.5 s/ware and seems to be working fine on all my
home machines, unlike Symantec at work...
Mike
Chris Lawley
On 1 Mar 2007, David Shaw wrote:
> - ditch Norton.
I'd agree. Before Peter took his publicity picture literally (folded
his arms), Norton had some good programs, but once Symantic bought
the company, it seemed to me to down hill. M*cf** are, in my
experience, very similar. I used to use their AV program until it
(a) became a resource hogger and (b) stopped allowing me to
configure what files I wanted scanning
Happy Kaspersky user, me. Yes they've had some "own goal" alerts but
they have not deleted anything. I guess a 'so far' is in order - I'm
not running the very latest version and we all know what
'technological progress' generally leads to...
FWIW this seems to be a reasonable 'how to' for removing Norton AV.
http://www.askdavetaylor.com/how_can_i_fully_remove_norton_antivirus
_from_my_system.html3
It doesn't sound easy tho'
chris :-)
David Shaw
> FWIW this seems to be a reasonable 'how to' for removing Norton AV.
>
> http://www.askdavetaylor.com/how_can_i_fully_remove_norton_antivirus
> _from_my_system.html3
>
> It doesn't sound easy tho'
>
> chris :-)
It's a fairly clear set of instructions and not that difficult to do -
just time consuming...
...BUT - doing the *wrong* things to the registry can cause serious harm
to your software, up to and including making the PC unbootable. You
*must* backup your registry before starting and follow the instructions
*precisely*. If you do not find any Symantec entries where the
instructions say *do not go hunting for them*.
If at all unsure, get a qualified PC engineer to do the job for you -
yes, it'll cost, but it's probably worth it.
David Shaw
shunt
> Can you confirm that this means that you can't recover the files by
> the steps discussed above:
my angels in IT were able to show me how to find backups of my
backups.
> I'd very much appreciate any more detailed information from a Norton
> user as to what's going on here so that I can post clear recovery
> instructions on tiddlywiki.com.
I can't offer recovery, only prevention: if your employer, like mine,
insists on Norton, here's how to adjust the settings to avoid this in
future.
Open up Norton, click on Configure. In File System Realtime Protection
and any other realtime protection options, under the headings for each
type of virus change the first Action from Clear Virus from File to
Quarantine and the second action from Delete to Leave Alone.
There is also a section for Exclude Selected Files and Folders where
you could add your Tiddlywiki files.
Eric Shulman
> and any other realtime protection options, under the headings for each
> type of virus change the first Action from Clear Virus from File to
> Quarantine and the second action from Delete to Leave Alone.
>
> There is also a section for Exclude Selected Files and Folders where
> you could add your Tiddlywiki files.
Another approach (or an *additional* approach) is to disable the
"Bloodhound" heuristic virus detector. This is what Symantec says
about Bloodhound:
-----
Bloodhound isolates and locates the various logical regions of a file,
and then analyzes the program logic for virus-like behavior.
Bloodhound detects a very high percentage of unknown viruses. In
addition, Symantec AntiVirus detects unknown viruses by monitoring
activity on your computer for behaviors that viruses typically
perform. When a suspicious activity is detected, Symantec AntiVirus
prevents the action from continuing
-----
Even if the NAV action is set to Quarantine/LeaveAlone, Bloodhound
still seems to add quite a bit of overhead when loading a large HTML
page such as TiddlyTools, which has about 1.3Mb of mostly javascript
code. The net effect is that scanning for W32.Feebs was increasing
the load time from around 10 seconds to around 2-3 minutes!! On
slower processors, this brings your browser to a virtual standstill :-
( With smaller documents, this delay is less dramatic, but is still
noticeable.
Fortunately, there is a way to SHUT OFF THE HEURISTIC VIRUS SCAN,
while still keeping the regular "virus definition"-based scans active
(so that you are still protected against KNOWN viruses). In the
Configure>File System Auto-Protect section of NAV, press the
"Advanced" button. Then press the "Heuristics" button and clear the
checkbox that says "enable Bloodhound..."
After "calling off the hounds", TiddlyTools (and other TW documents)
once again load in a reasonable amount of time.
HTH,
-e
Eric Shulman
TiddlyTools / ELS Design Studios
Daniel Baird
the instructions on exactly how to extract the file from quarantine,
only arrived in my mailbox just now.
So I needn't have asked for the "clarification".
;D
--
Daniel Baird
http://tiddlyspot.com (free, effortless TiddlyWiki hosting)
http://danielbaird.com (TiddlyW;nks! :: Whiteboard Koala :: Blog ::
Things That Suck)
jwd
to me because I'd turned the bulk of the JavaScript in my TiddlyWiki
into an external, TiddlyWikiCore.js file referenced from my
TiddlyWiki.html (<script src="TiddlyWikiCore.js" type=... >) It was
the former, .js file that Symantec AV deleted on me but that left all
my entries intact, just stranded but at least potentially recoverable.
I did that split in part so it was a bit easier to merge changes to my
TiddlyWiki.html file that I'd made in other copies that I keep in a
Subversion repository. But it also means I could have one, core
JavaScript file shared amongst several TiddlyWikis.
I'm not familiar enough with how that two file approach would affect
more advanced users of TiddlyWiki and update strategies. But it might
be a architecture to adopt to avoid recurrences of disastrous loss of
TiddlyWiki entries . I predict this will happen again.
dave2002
why CD-Rs and DVDs, though not perfect, may still be a better way to
backup than USB and other memory devices.
Boring, but could keep CD manufacturers in business for a while. We
shouldn't all get too complacent about possibly volatile data storage.