Problems with c:\fauxvirus\carny ride.exe

Posted on 2008-10-08
Last Modified: 2013-11-22
my computer is infected with c:\fauxvirus\carny ride.exe and I don't knoe how to get rid of it.
Question by:TonyRosa
  • 2
LVL 15

Accepted Solution

hewittg earned 250 total points
ID: 22674997

Seems this is an issue.  Below is the website to look for malware/spyware

United StatesAsia Pacific - English
Australia & New Zealand
Belgium - Dutch
Canada - English
Canada - French
China - Simplified Chinese
Czech Republic
Hong Kong - English
India - English
Indonesia - English
Latin America
Luxembourg - French
Malaysia - English
Middle East & Africa - English
The Netherlands
Philippines - English
Singapore - English
Switzerland - German
Taiwan - Traditional Chinese
Thailand - English
United Kingdom & Ireland
United States
ShoppingView Cart
 For HomeShop for Norton Products
Special Promotions
Order Status / Download

 For BusinessContact Sales
Buy Online
Renew Online
Find A Reseller
Purchase List
 Norton|Business|Partners|Store|About SymantecWelcomeProducts & Services
View All Products
Compare Our Products
Competitive Info
Premium Services
Product Selector
Article LibraryViruses & Risks
Secure Your Email
Browse the Web Safely
Safeguard Your IM
File Sharing Protection
24x7 Protection With Norton
Threat Explorer
Virus Definitions
Removal Tools for Top ThreatsSupport
Technical Support
Customer Service
Spyware & Virus Removal
Norton Update CenterDownloadsCommunity
Protection Blog
Security Response Blog
Family Resources
Family Safety Blog
Norton TodayStore
10 Second Guide
Shop Norton Products
Special Promotions
Bundle & Save
Order Status
Announcements   Go To....  -- boards --About This Community == Norton Users Discussion Forum  BETA ==-- boards --AnnouncementsNorton Internet Security / Norton AntiVirusNorton 360Other Norton ProductsForum Feedback == Norton Public Beta Forum ==-- boards --Norton Safe Web Public Beta == Norton Protection Blog ==-- boards --Norton Protection Blog == Ask Marian ==-- boards --Ask Marian == Norton Labs ==-- boards --Vista User Access ControlNorton Security Inspector  
Register  ·  Sign In  ·  Help  
Norton Community : Norton Users Discussion Forum  BETA : Announcements : How to troubleshoot a suspected Malware infection  
              User Search  ·  Advanced    

    Thread Options        
  Mark Thread as New  
 Mark Thread as Read  
 Float this Thread to the Top  
 Add this Thread to My Bookmarks  
 Add this Thread to My Subscriptions  
 Subscribe to this Thread's RSS Feed  
 Printer Friendly Page  
          Message Listing    
        Previous Thread    
    Next Thread        
Jump to Page:   1  
  How to troubleshoot a suspected Malware infection   [ Edited ]  Options      
Posts: 2102
Registered: 04-07-2008

Message 1 of 1

Viewed 6,598 times

 Please follow the below steps if you suspect that you may be infected with a threat which your Symantec product isnt detecting:

-    Ensure you have the latest virus definitions by running LiveUpdate.
-    Run a full system scan, removing any malicious files which are detected.

If, after following the above steps, no threat is found, check for any recently created or suspicious files in the following locations:

-  C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-  C:\Documents and Settings\[user name]\Start Menu\Programs\Startup
-  C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
-  C:\Documents and Settings\Default User\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\All Users\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\[user name]\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\Administrator\Start Menu\Programs\Startup
-  C:\WinNT\Profiles\Default User\Start Menu\Programs\Startup
-  C:\Windows\Start Menu\Programs\Startup
-  C:\Windows\All Users\Start Menu\Programs\Startup

Check the common loading points for any suspicious files using the msconfig utility:

For Windows 98/Me
-  Click Start, and click Run. The Run window appears.
-  In the Open box, type msconfig and click OK. The System Configuration Utility appears.
-  Click the Startup tab.
-  Scroll through the list of files.
-  If you see a suspicious file, then note the name.
-  Click the Win.ini tab and then clear the checkbox in front of [windows]. Look for any entries in the Load= or Run= lines. Note any files that you see.
-  Click the System.ini tab and then clear the checkbox in front of [boot]. You should see an entry Shell=Explorer.exe. Check to see if there is another file name to the right of Explorer.exe. If there is, then note the file name.
-  Click Cancel to close the System Configuration Utility.

For Windows XP
-  Click Start, and click Run. The Run window appears.
-  In the Open box, type msconfig and then click OK. The System Configuration Utility appears.
-  Click the General tab.
-  Click Selective Startup.
-  Click the Startup tab.
-  Scroll through the list of files.
-  If you see a suspicious file, then note the name.
-  When you are finished, click Cancel to close the System Configuration Utility.

Check registry load points:

-  Click Start, and click Run. The Run window appears.
-  In the Open box, type regedit and then click OK. The Registry Editor appears.
-  Browse to the following registry keys and note any suspicious file names in the right hand pane.


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

Check for any suspicious processes running in task manager:

-  Press Ctrl+Shift+Esc to open the Task Manager.
-  Click the Process tab.
-  Click "Image Name" twice to sort the processes.
-  Look through the list for possible threats and take a note of the file name.

Submit suspicious files for analysis:

Any suspicious files identified in the above steps should be submitted to Symantec Security Response for analysis:

-  Go to
-  Locate the files identified above and submit for analysis following the instructions provided
-  An email with a tracking number one will sent once the submission has been received.
-  A closing email will be sent once submissions have been processed with the results of the analysis
-  For files which are determined to be malicious, details of the definition versions which provide detection will be included in the email.
Message Edited by Tony_Weiss on 09-05-2008 12:45 PM

Tony Weiss
Norton Forums Administrator
Symantec Corporation
06-27-2008 05:49 PM    

Report Abuse to a Moderator  
  Add this Message to My Bookmarks  
 Add this Message to My Subscriptions  
 Subscribe to this message's RSS Feed  
 Highlight this Message  
 Print This Message  
 E-Mail this Message to a Friend  
 Report Abuse to a Moderator  

Jump to Page:   1  
         Message Listing    
        Previous Thread    
    Next Thread        



©1995 - 2008 Symantec CorporationSite Map |Legal Notices |Privacy Policy |Site Feedback |Norton Support
Business Support
Business Sales
Corporate Information
Contact Us |
Global Sites |License Agreements

LVL 23

Expert Comment

ID: 22676393
This has been looked at before:

After some digging on the net, there appear to be two schools of thought:

1) It is a false positive from Norton:

Are you using Norton 360, or some other Norton product?

2) It is a haxdoor variant:

I usually use Unhackme to get rid of rootkits:

Specific instructions:

What makes you believe you are infected?  What av/symptoms?

LVL 23

Expert Comment

ID: 22696708

Glad to hear your problem is resolved.
Please could you briefly outline what steps you took to resolve this issue, so that others can refer to this solution if they are similarly affected.


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does ESET Anti-Virus rate? 5 102
Microsoft scam computer 10 72
optimal method deal ransomware in files folders 9 92
webroot plus microsoft security essentials 2 105
Change your it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now