Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
489 Posts
Discussion Starter · #1 ·
Spysweeper found and quarantined a file called ufp kidwatch in my C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup folder.

I can't find any info about ufp kidwatch and if it's a malicious file.

I've since did a search for Qbackup and *.QBD and *.QBI extensions. The Qbackup folder is supposed to be 17MB - mine is 2+GB. the QBI and QBD extensions come back as quicken related extensions. I don't have that program installed on my system and have never used it before.

All the subfolders in the QBackup folder are dated 2/19/2008.

I'm trying to delete it, but it won't let me. It gives me an "Access Denied" message.

Any idea on how to get rid of it?
 

·
Registered
Joined
·
611 Posts

·
Registered
Joined
·
489 Posts
Discussion Starter · #3 ·
Thanks for the links, but they didn't work for me on this.

The QBackup folder didn't have any locking codes attached to it and I couldn't use the move folder option at reboot.

I thought about trying to delete it with a safe boot with minimal settings and it worked.
Took a while to get 2.4GB off, then emptied the recycle bin.

Norton recreates the folder again, but empty and I guess adds files to it when Live update is run.

i've read on another post that the folder size should only be around 17MB. i don't know why mine got up to 2.4GB

I'll definitely keep an eye on this folder.
 

·
Registered
Joined
·
395 Posts
Spysweeper found and quarantined a file called ufp kidwatch in my C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup folder.

I can't find any info about ufp kidwatch and if it's a malicious file.

I've since did a search for Qbackup and *.QBD and *.QBI extensions. The Qbackup folder is supposed to be 17MB - mine is 2+GB. the QBI and QBD extensions come back as quicken related extensions. I don't have that program installed on my system and have never used it before.

All the subfolders in the QBackup folder are dated 2/19/2008.

I'm trying to delete it, but it won't let me. It gives me an "Access Denied" message.

Any idea on how to get rid of it?
Hi Jerold,

This is Mike from the Norton Authorized Support Team responding to your post. First, what Norton product and version do you have installed?

The symptoms you describe can be either a corrupted LiveUpdate download or it could be an infection on your PC. You will then want to manually run LiveUpdate, possibly more than once, until it says that all updates have been applied. When the updates are complete, close all open applications and do a Full System Scan.

Please let me know if this does the trick, and also what Norton product and version you have installed.

Thank you,
Mike
 

·
Registered
Joined
·
489 Posts
Discussion Starter · #5 ·
Hey there, Michael.

I'm running Norton AV 2007.

In my attempts to run and delete the qbackup folder last night, I tried booting into SAFE Mode with minimal settings and delete the folder from there. Surprisingly it worked. Took a while, but it took it all out. When I rebooted and went back into the shared folder to check the contents, it recreated the qbackup folder but was empty.

I haven't run Liveupdate yet.

What exactly are the files contained in the QBackup folder? I googled the extensions that were in there and they came back as Quicken files which I have never used before.

Also do you know anything about that ufp kidwatch folder that it found in the QBackup folder?
I'm worried that it may have possibly been a remotely sent keylogger or rootkit program that buried itself in that folder. It was caught by spysweeper and not by norton, but it was in a Symantec folder.
I don't normally have it set up to scan for rootkits, but i did this time and it found it. don't know how long it's been in that folder, although all the contents in the qbackup folder is dated 02-19-08

Since all those files and subfolders in the QBackup folder were dated 2-19-08. Maybe I got an alert to run liveupdate on that day??...?? I can't remember. I don't have auto Liveupdate set up to run. It will give me a message in my system tray and I do it then.

Thanks for the help.
 

·
Registered
Joined
·
489 Posts
Discussion Starter · #6 ·
I ran Liveupdate and it said that there were no new updates needed.

I ran a system scan and nothing was found.

I got an APPSVC32.exe popup asking to allow or deny it. I clicked on deny since I'm not sure what it's for exactly. Even though it says it's from Symantec corp.

I googled it and found a post on people complaining that that process is causing havoc to their system and they were given steps on how to setup NAV to "avoid" the process.

"Open Norton Protection Center
Click on Norton AntiVirus tab at top
Expand "Settings" and scroll down to bottom for Additional Options -> Virus and Spyware Protection Options
On the left-hand side of the screen that pops up, click on General Settings under Manual Scanning
Uncheck the second item, which should be "Scan active programs and start-up files"
Again, on the left-hand side, click on General Settings under LiveUpdate
Uncheck the second box there, too. It should be "Run quick scan whenever protection updates have been received"

Is there anything else that I should do?

I'm still worried about the UFP Kidwatch.
It's actually a piece of software being sold online for parents to monitor their kid's PC usage, but can easily be used as spy software.
 

·
Registered
Joined
·
395 Posts
I ran Liveupdate and it said that there were no new updates needed.

I ran a system scan and nothing was found.

I got an APPSVC32.exe popup asking to allow or deny it. I clicked on deny since I'm not sure what it's for exactly. Even though it says it's from Symantec corp.

I googled it and found a post on people complaining that that process is causing havoc to their system and they were given steps on how to setup NAV to "avoid" the process.

"Open Norton Protection Center
Click on Norton AntiVirus tab at top
Expand "Settings" and scroll down to bottom for Additional Options -> Virus and Spyware Protection Options
On the left-hand side of the screen that pops up, click on General Settings under Manual Scanning
Uncheck the second item, which should be "Scan active programs and start-up files"
Again, on the left-hand side, click on General Settings under LiveUpdate
Uncheck the second box there, too. It should be "Run quick scan whenever protection updates have been received"

Is there anything else that I should do?

I'm still worried about the UFP Kidwatch.
It's actually a piece of software being sold online for parents to monitor their kid's PC usage, but can easily be used as spy software.
Hi Jerold,

The instructions you found regarding changing the settings in Norton Internet Security are correct.

In response to your question about "UFP Kidwatch," Norton should detect this infection as long as your definitions are up to date, and you do not have any other antivirus or Internet Security applications installed that may conflict with Norton internet Security

If Norton still does not pick it up, please follow the instructions in the link below for proper removal.

Spyware Employee Watch Removal

The "AppSvc32.exe" process using up resources is an issue that is usually resolved by running a tool from our site. Please click on the link below and follow the instructions.

AppSvc32 Fix

Please try these solutions and let me know if it resolves your problems.

Thank you,
Mike
 

·
Registered
Joined
·
489 Posts
Discussion Starter · #8 ·
Thanks, Mike.

Thing is that I only have NAV 2007 installed on my PC. I don't have Norton internet Security installed.
I guess that fix applies to both. I don't think I'm getting it anymore.

I've got another one for you. I'm now getting ccsvchst.exe errors when I shut down. The message that says it can't read from memory module ....

Is there a fix for this as well?

I just remembered... the UFP kidwatch was found via spysweeper and not NAV. It was just found in an NAV shared folder (qbackup). Is this something that NAV should have found?
I don't know how long it's been there because I had just changed the options on spysweeper to check rootkits and it found it then.
 

·
Registered
Joined
·
395 Posts
Hi Jerold,

The links I had posted in my previous response to you are relevant for Norton AntiVirus and Norton Internet Security.

The "ccsvchst.exe" can be an indication of an infection on your computer.
Please click on the link below to to run the Norton Online Security Scan and the Norton Online Virus Detection. NOTE: You must use Internet Explorer 5.5 or above to run these tests.

Norton Online Security and Virus Scan

Please run both tests and reply back with any information regarding infections, etc, so that I can assist you further.

Thank you,
Mike
 

·
Registered
Joined
·
489 Posts
Discussion Starter · #11 ·
Thanks for your persistence, Mike.

After 14+ years using Norton, I'm starting to move away from the product. I've kept NAV 2007 on the work machine for now, but I'm testing out NOD32 and I've installed AVG Free on both laptops.

I used to have Norton AV 2003 Pro prior to NAV 2007. If they don't work out, I can always go abck to NAV. Right now I feel that Nroton is getting too bloated.
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top