Categories
I came into work this morning and was greeted by an alert from Microsoft Anti Spyware Beta 1 that I was infected with a Trojan, “PWS.Bancos.A (Password Stealer)”. MSAS had marked this particular item as severe. It had found a number of entries in the Registry, but no files. The entries looked legit, but knowing how trojan writers enjoy trickery, I had MS remove the entries (it was “severe” afterall). I then re-scanned to make sure it was gone. The second scan yielded one result, so I clicked remove again.
At this point, I decided to run Norton (better safe than sorry). Norton would not start the full scan. After first considering that I might have a virus on my machine that was blocking Norton, I wondered if MS had detected Norton as this Trojan. To test this theory, I uninstalled Norton. I ran the MS scan again and it found no trojan. Then I installed Norton and sure enough, MS detected the trojan again.
For the Paranoid: I have to admit, this is a great strategy with One Care on the horizon. Just have AntiSpy disable everyones Anti Virus software and then offer them a discount on One Care.
I can’t let this one go by without complaining about Symantec. SAV corporate edition 10.x has been a royal pain in the keister–first it was the startup scans, something they partially fixed with a later rev. but still not all clients seem to listed to the server and go about quarantining items marked as excluded. SAV 10 tested fine in a lab environment, but in the real world it has proven to be a problem child.
BTW glad to see more stories being posted! Keep up the good work.