Re: Norton Enterprise AV - scan missing viruses, trojans, keyloggers, rootkits, etc???

On Thu, 12 Apr 2007 22:42:22 -0700, "MAP"
Mark S wrote:

When watching Norton scan directories, I briefly see it scan
directories containing the following names ...\keylogger\..,
...\spectre\spectre.exe, ...\cloaking , ...\cloak, etc. When I
browse or search for these files or directories I cannot find them,
they don't exist, yet appear briefly in the Norton scan window. After
searching the internet on these terms they are not good. Norton
completes the scan without any warnings and claims all is well.
Norton is uptodate with the latest. What is going on here? Need I be
worried?

I would be - you may have a rootkit, i.e. malware that takes advantage
of the gaping opportunity to actively defend itself against detection.

Norton is just scanning for those files, it doesn't mean that they are on
your system. Many malware/virus scanners will do this.

I don't think it's that, if they show as directories.

Most av scanners doa preliminay activity and active-tasks check, then
checks each file to test it against what malware it could be.

Some antispyware scanners work a little differently, e.g. Spybot; they
can search the system for one known malware at a time, so instead of
showing what they are searching (files, dirs), they show what they are
searching *for*, as MAP suggests. Trend SysClean also does this, when
it runs DOS-looking checks for various malware.

If you want you can run an online scanner to double check Norton,here is a
good one.
http://www.kaspersky.com/virusscanner

Bah... if malware is active, it can defend itself against scanners
that are trying to take off and run in the infected OS - and they sure
as hell can shoot down an online scanner, or re-direct attempts to
reach such a scanner site to a malware look-alike.

Guess what that sort of site is going to "scan" for?

In cases like this (and ALL "something odd is happening, could it be a
virus?" cases are exactly like this) one wants to scan from a
known-clean OS, without running ANY potentially-infected code.

That's possible using a Bart CDR built on a known-clean PC. This
should be as well-supported and easy as, say, starting the PC in
<cough> "Safe" mode, but it isn't; MS have been asleep at that wheel



------------------------- ---- --- -- - - - -
Let's make a humming sound
------------------------- ---- --- -- - - - -
.

Relevant Pages

  • Re: Trojan.ByteVerify
    ... for your named virus - which I suppose Norton may or may not miss. ... Searching for the same filename and spyware at the same time also brought up ... Spybot - Search & Destroy by PepiMK Software: ... Also downloaded and ran "Trojan Remover" which finds ...
    (microsoft.public.security.virus)
  • Re: Problems using Search engines
    ... given me to go to after searching, it takes me to a different website all ... I can search for MSN on the net and when i click on the link given, ... For quite a few people it's by installing Messenger Plus, whose ads for malware don't identify the malware as such and try to convince you that you owe it to the author. ... Don't ever do a "default" install of anything. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: "An Access Denied error..."
    ... Did you try the registry hack I suggested? ... I am searching ... malware now. ... unchecked was the Google Tool Bar. ...
    (microsoft.public.windowsxp.general)
  • Re: Wood carving using Lightwave
    ... I was searching the web for 3D scanners, and cad cam machines. ... My main aim is to be able to scan someone's head so I can replicate it, full size, in bronze. ...
    (comp.graphics.apps.lightwave)
  • Re: Slow Startup
    ... I'm searching for some answers regarding my laptop's slow performance. ... I'm using a Sony Vaio laptop with 512Mb memory runing XP Home Edition. ... It got slower after I installed Norton System Work. ... Ding! ...
    (microsoft.public.windowsxp.perform_maintain)