Re: hacktool.rootkit

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/23/05

Date: Sun, 23 Oct 2005 15:34:49 -0400

From: <>

| David
| Thankyou for your quick action.
| All of your verifications seem clean.
| This would lead one to think Symantec has wrongly identified a Virus
| Hacktool.Rootkit on my computer (after thheir update 19.10.05).
| I wonder if similar reports of Hacktool.Rootkit are a result of Norton
| noting SPKP.sys in software on other people's computers.
| Thanks again for giving me peace of mind.
| ps Whilst doing scans from various other companies I think
| SpywareDoctor, on my computer Ezula was reported. Norton has never
| reported this.
| Any advice on better virus protection to Norton much appreciated.
| Cheers Tony


I am glad to help ! ;-)

Note that all AV applicvations will suffer False Positive declarations from time to time.
Therefore if you are happy with what you have, stick with it. Just make sure files declared
to be infected are quarantined until proven to be a Flase positive declaration. This way
the so-called infected file will not be auto-deleted but it will be quarantined such that it
can be restored if need be. Usually you won't have to quarantine a file for more than a
week or so. as you have sen through this dialogue, there are ways to prove if a file is
truly infected or not. Once the AV vendor recognizes that they have faulty definitions, one
just has to download the corrected signatures and the restore the file from quarantine.