Is "Antivirus Suite" malware detected by virus database?
AndyHancock
http://www.spywareremove.com/removeAntivirusSuite.html. Every time I
tried to launch any exe, I got a bogus infection message and denial of
execution. This includes any indirect launching of "C:\Program Files
\Symantec AntiVirus\VPC32.exe" by right-clicking Symantec on the
system tray and choosing "Open Symantec Antivirus". No scanning was
possible.
I was followed step 1 in the above URL to kill the offending process.
I could then run Symantec AV, but initiating a scan caused the error
in http://service1.symantec.com/SUPPORT/ent-security.nsf/dbe87fe9662c16ef8825734100634940/5bfc1a720f52435988256fb9007a3a9e.
Restarting the service solved that problem. The scan did not find
anything. I noted that Tamper Protection was turned off (not sure if
it was before) and turned it on. (1) Would this have prevented the
interruption of the Symantec AV service? (2) Would it have prevented
the malware executable that was removed in Step 1?
I am now following through with the remainder of the steps. I am not
whether the null hits from scanning is due to removal of all vestiges
of the malware or because the Symantec AV database does not recognize
this malware. The AV database was up to date as of this morning. (3)
Is there a way to determine whether this malware is in the AV
database?
Thanks.
AndyHancock
> I picked up the (seemingly new) "Antivirus Suite" malware, http://www.spywareremove.com/removeAntivirusSuite.html. Every time I
> tried to launch any exe, I got a bogus infection message and denial of
> execution. This includes any indirect launching of "C:\Program Files
> \Symantec AntiVirus\VPC32.exe" by right-clicking Symantec on the
> system tray and choosing "Open Symantec Antivirus". No scanning was
> possible.
>
> I was followed step 1 in the above URL to kill the offending process.
> I could then run Symantec AV, but initiating a scan caused the error
> in http://service1.symantec.com/SUPPORT/ent-security.nsf/dbe87fe9662c16ef8825734100634940/5bfc1a720f52435988256fb9007a3a9e
> anything. I noted that Tamper Protection was turned off (not sure if
> it was before) and turned it on. (1) Would this have prevented the
> interruption of the Symantec AV service? (2) Would it have prevented
> the malware executable that was removed in Step 1?
>
> I am now following through with the remainder of the steps. I am not
> whether the null hits from scanning is due to removal of all vestiges
> of the malware or because the Symantec AV database does not recognize
> this malware. The AV database was up to date as of this morning. (3)
> Is there a way to determine whether this malware is in the AV
> database?
Please refer to http://groups.google.ca/group/alt.comp.virus/browse_frm/thread/8d265f4597b80b41
for continuation of this thread.