Problems with c:\fauxvirus\carny ride.exe

Posted on 2008-10-08
Last Modified: 2013-11-22
my computer is infected with c:\fauxvirus\carny ride.exe and I don't knoe how to get rid of it.
Question by:TonyRosa
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 15

Accepted Solution

hewittg earned 250 total points
ID: 22674997

Seems this is an issue.  Below is the website to look for malware/spyware

United StatesAsia Pacific - English
Australia & New Zealand
Belgium - Dutch
Canada - English
Canada - French
China - Simplified Chinese
Czech Republic
Hong Kong - English
India - English
Indonesia - English
Latin America
Luxembourg - French
Malaysia - English
Middle East & Africa - English
The Netherlands
Philippines - English
Singapore - English
Switzerland - German
Taiwan - Traditional Chinese
Thailand - English
United Kingdom & Ireland
United States
ShoppingView Cart
 For HomeShop for Norton Products
Special Promotions
Order Status / Download

 For BusinessContact Sales
Buy Online
Renew Online
Find A Reseller
Purchase List
 Norton|Business|Partners|Store|About SymantecWelcomeProducts & Services
View All Products
Compare Our Products
Competitive Info
Premium Services
Product Selector
Article LibraryViruses & Risks
Secure Your Email
Browse the Web Safely
Safeguard Your IM
File Sharing Protection
24x7 Protection With Norton
Threat Explorer
Virus Definitions
Removal Tools for Top ThreatsSupport
Technical Support
Customer Service
Spyware & Virus Removal
Norton Update CenterDownloadsCommunity
Protection Blog
Security Response Blog
Family Resources
Family Safety Blog
Norton TodayStore
10 Second Guide
Shop Norton Products
Special Promotions
Bundle & Save
Order Status
Announcements   Go To....  -- boards --About This Community == Norton Users Discussion Forum  BETA ==-- boards --AnnouncementsNorton Internet Security / Norton AntiVirusNorton 360Other Norton ProductsForum Feedback == Norton Public Beta Forum ==-- boards --Norton Safe Web Public Beta == Norton Protection Blog ==-- boards --Norton Protection Blog == Ask Marian ==-- boards --Ask Marian == Norton Labs ==-- boards --Vista User Access ControlNorton Security Inspector  
Register  ·  Sign In  ·  Help  
Norton Community : Norton Users Discussion Forum  BETA : Announcements : How to troubleshoot a suspected Malware infection  
              User Search  ·  Advanced    

    Thread Options        
  Mark Thread as New  
 Mark Thread as Read  
 Float this Thread to the Top  
 Add this Thread to My Bookmarks  
 Add this Thread to My Subscriptions  
 Subscribe to this Thread's RSS Feed  
 Printer Friendly Page  
          Message Listing    
        Previous Thread    
    Next Thread        
Jump to Page:   1  
  How to troubleshoot a suspected Malware infection   [ Edited ]  Options      
Posts: 2102
Registered: 04-07-2008

Message 1 of 1

Viewed 6,598 times

 Please follow the below steps if you suspect that you may be infected with a threat which your Symantec product isnt detecting:

-    Ensure you have the latest virus definitions by running LiveUpdate.
-    Run a full system scan, removing any malicious files which are detected.

If, after following the above steps, no threat is found, check for any recently created or suspicious files in the following locations:

-  C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-  C:\Documents and Settings\[user name]\Start Menu\Programs\Startup
-  C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-  C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\All Users\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\[user name]\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\Administrator\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\Default User\Start Menu\Programs\Startup
-  C:\Windows\Start Menu\Programs\Startup
-  C:\Windows\All Users\Start Menu\Programs\Startup

Check the common loading points for any suspicious files using the msconfig utility:

For Windows 98/Me
-  Click Start, and click Run. The Run window appears.
-  In the Open box, type msconfig and click OK. The System Configuration Utility appears.
-  Click the Startup tab.
-  Scroll through the list of files.
-  If you see a suspicious file, then note the name.
-  Click the Win.ini tab and then clear the checkbox in front of [windows]. Look for any entries in the Load= or Run= lines. Note any files that you see.
-  Click the System.ini tab and then clear the checkbox in front of [boot]. You should see an entry Shell=Explorer.exe. Check to see if there is another file name to the right of Explorer.exe. If there is, then note the file name.
-  Click Cancel to close the System Configuration Utility.

For Windows XP
-  Click Start, and click Run. The Run window appears.
-  In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
-  Click the General tab.
-  Click Selective Startup.
-  Click the Startup tab.
-  Scroll through the list of files.
-  If you see a suspicious file, then note the name.
-  When you are finished, click Cancel to close the System Configuration Utility.

Check registry load points:

-  Click Start, and click Run. The Run window appears.
-  In the Open box, type regedit and then click OK. The Registry Editor appears.
-  Browse to the following registry keys and note any suspicious file names in the right hand pane.


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

Check for any suspicious processes running in task manager:

-  Press Ctrl+Shift+Esc to open the Task Manager.
-  Click the Process tab.
-  Click "Image Name" twice to sort the processes.
-  Look through the list for possible threats and take a note of the file name.

Submit suspicious files for analysis:

Any suspicious files identified in the above steps should be submitted to Symantec Security Response for analysis:

-  Go to
-  Locate the files identified above and submit for analysis following the instructions provided
-  An email with a tracking number one will sent once the submission has been received.
-  A closing email will be sent once submissions have been processed with the results of the analysis
-  For files which are determined to be malicious, details of the definition versions which provide detection will be included in the email.
Message Edited by Tony_Weiss on 09-05-2008 12:45 PM

Tony Weiss
Norton Forums Administrator
Symantec Corporation
06-27-2008 05:49 PM    

Report Abuse to a Moderator  
  Add this Message to My Bookmarks  
 Add this Message to My Subscriptions  
 Subscribe to this message's RSS Feed  
 Highlight this Message  
 Print This Message  
 E-Mail this Message to a Friend  
 Report Abuse to a Moderator  

Jump to Page:   1  
         Message Listing    
        Previous Thread    
    Next Thread        



©1995 - 2008 Symantec CorporationSite Map |Legal Notices |Privacy Policy |Site Feedback |Norton Support
Business Support
Business Sales
Corporate Information
Contact Us |
Global Sites |License Agreements

LVL 23

Expert Comment

ID: 22676393
This has been looked at before:

After some digging on the net, there appear to be two schools of thought:

1) It is a false positive from Norton:

Are you using Norton 360, or some other Norton product?

2) It is a haxdoor variant:

I usually use Unhackme to get rid of rootkits:

Specific instructions:

What makes you believe you are infected?  What av/symptoms?

LVL 23

Expert Comment

ID: 22696708

Glad to hear your problem is resolved.
Please could you briefly outline what steps you took to resolve this issue, so that others can refer to this solution if they are similarly affected.


Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question