Norton Enterprise AV - scan missing viruses, trojans, keyloggers, rootkits, etc???

Norton Enterprise AV - scan missing viruses, trojans, keyloggers, rootkits, etc???
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Norton Enterprise AV - scan missing viruses, trojans, keyloggers, rootkits, etc??? Mark S 04-12-2007
Posted by Mark S on April 12, 2007, 6:33 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
When watching Norton scan directories, I briefly see it scan directories
containing the following names ...\keylogger\.., ...\spectre\spectre.exe,
...\cloaking , ...\cloak, etc. When I browse or search for these files or
directories I cannot find them, they don't exist, yet appear briefly in the
Norton scan window. After searching the internet on these terms they are not
good. Norton completes the scan without any warnings and claims all is
well. Norton is uptodate with the latest. What is going on here? Need I be
worried?


Posted by MAP on April 12, 2007, 11:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Mark S wrote:
> When watching Norton scan directories, I briefly see it scan
> directories containing the following names ...\keylogger\..,
> ...\spectre\spectre.exe, ...\cloaking , ...\cloak, etc. When I
> browse or search for these files or directories I cannot find them,
> they don't exist, yet appear briefly in the Norton scan window. After
> searching the internet on these terms they are not good. Norton
> completes the scan without any warnings and claims all is well.
> Norton is uptodate with the latest. What is going on here? Need I be
> worried?

Norton is just scanning for those files, it doesn't mean that they are on
your system.
Many malware/virus scanners will do this.
If you want you can run an online scanner to double check Norton,here is a
good one.
http://www.kaspersky.com/virusscanner

--
Mike Pawlak



Posted by cquirke (MVP Windows shell/use on April 24, 2007, 5:22 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Thu, 12 Apr 2007 22:42:22 -0700, "MAP"
>Mark S wrote:

>> When watching Norton scan directories, I briefly see it scan
>> directories containing the following names ...\keylogger\..,
>> ...\spectre\spectre.exe, ...\cloaking , ...\cloak, etc. When I
>> browse or search for these files or directories I cannot find them,
>> they don't exist, yet appear briefly in the Norton scan window. After
>> searching the internet on these terms they are not good. Norton
>> completes the scan without any warnings and claims all is well.
>> Norton is uptodate with the latest. What is going on here? Need I be
>> worried?

I would be - you may have a rootkit, i.e. malware that takes advantage
of the gaping opportunity to actively defend itself against detection.

>Norton is just scanning for those files, it doesn't mean that they are on
>your system. Many malware/virus scanners will do this.

I don't think it's that, if they show as directories.

Most av scanners doa preliminay activity and active-tasks check, then
checks each file to test it against what malware it could be.

Some antispyware scanners work a little differently, e.g. Spybot; they
can search the system for one known malware at a time, so instead of
showing what they are searching (files, dirs), they show what they are
searching *for*, as MAP suggests. Trend SysClean also does this, when
it runs DOS-looking checks for various malware.

>If you want you can run an online scanner to double check Norton,here is a
>good one.
>http://www.kaspersky.com/virusscanner

Bah... if malware is active, it can defend itself against scanners
that are trying to take off and run in the infected OS - and they sure
as hell can shoot down an online scanner, or re-direct attempts to
reach such a scanner site to a malware look-alike.

Guess what that sort of site is going to "scan" for?

In cases like this (and ALL "something odd is happening, could it be a
virus?" cases are exactly like this) one wants to scan from a
known-clean OS, without running ANY potentially-infected code.

That's possible using a Bart CDR built on a known-clean PC. This
should be as well-supported and easy as, say, starting the PC in
<cough> "Safe" mode, but it isn't; MS have been asleep at that wheel



>------------------------- ---- --- -- - - - -
Let's make a humming sound
>------------------------- ---- --- -- - - - -

Similar ThreadsPosted
Needing an enterprise product installable on Windows XP or 2003 that can scan Apple Mac's July 17, 2008, 7:21 pm
NAV Enterprise... January 14, 2006, 10:19 pm
ForeFront Enterprise CAL May 15, 2007, 9:43 am
OneCare Enterprise Edition February 1, 2007, 3:40 am
McAfee VirusScan Enterprise 8.0 Patch 13 on Vista September 23, 2006, 5:44 am
Files missing January 25, 2006, 3:46 am
OT: missing r's and virsu's !! January 19, 2007, 4:14 am
AVG 8 Pro Missing from Systray June 18, 2008, 2:50 pm
hosts file "missing" February 21, 2006, 3:48 pm
Some file or path missing! May 27, 2008, 6:29 am

The site map in XML format XML site map

Contact Us | Privacy Policy