I use Symantec Antivirus as anit-virus software, when I use Microsoft
Antispyware scan my comouter, 2 files always are detected as spyware. One of
them us PWS.Bancos.A Password Stealer, information is as follow:

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AddressCache\GWLICSVR ScanEngineVendor NAV
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductLanguage SymAllLanguages
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductVersion MicroDefsB.Old
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductName Avenge 1.5

.......


DTService Spyware more information...

Infected files detected
c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtdl.dll
c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtsm.dll

I have no idea if there is real spyware or something else. Because after I
remove them , the anti-virus software doesn't work anymore.

You are running Microsoft Antispyware beta1, and your antispyware signatures
are out of date.

Have you been successful in recovering functionality in your antivirus?
Symantec has a special tool to help you with this, and should be willing to
help you without charge, I believe.

To prevent recurrence, you need to as a minimum update your antispyware
signatures--go to File, check for update.

Once whatever happens there completes, please go to Help, about. Note the
definition version there, and then press the diagnostics button. You are
looking for a line ending in two 3 digit numbers separated by a / --e.g
162/162.

If those two numbers are not equal, or either is 160, you are not up to date
yet, and need to retry the file, check for update.

A better preventative would be to update to Windows Defender--the long
awaited beta2 version, available here:

http://www.microsoft.com/downloads/d...displaylang=en

Just download and run--it will take care of removing the old version.

The issue you are writing about is a false-positive--i.e. Microsoft
Antispyware identifies innocent software as something bad. In fact, the
files are fine--and needed by Symantec's antivirus application.

--

"Angela" <(E-Mail Removed)> wrote in message
news:5B400F2B-33AE-4045-8396-(E-Mail Removed)...
>I use Symantec Antivirus as anit-virus software, when I use Microsoft
> Antispyware scan my comouter, 2 files always are detected as spyware. One
> of
> them us PWS.Bancos.A Password Stealer, information is as follow:
>
> Infected registry keys/values detected
> HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6
> HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AddressCache\GWLICSVR
> ScanEngineVendor NAV
> HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> ProductLanguage SymAllLanguages
> HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> ProductVersion MicroDefsB.Old
> HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> ProductName Avenge 1.5
>
> ......
>
>
> DTService Spyware more information...
>
> Infected files detected
> c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtdl.dll
> c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtsm.dll
>
> I have no idea if there is real spyware or something else. Because after I
> remove them , the anti-virus software doesn't work anymore.
>

got it! Let me try. Thanks a lot!

"Bill Sanderson" wrote:

> You are running Microsoft Antispyware beta1, and your antispyware signatures
> are out of date.
>
> Have you been successful in recovering functionality in your antivirus?
> Symantec has a special tool to help you with this, and should be willing to
> help you without charge, I believe.
>
> To prevent recurrence, you need to as a minimum update your antispyware
> signatures--go to File, check for update.
>
> Once whatever happens there completes, please go to Help, about. Note the
> definition version there, and then press the diagnostics button. You are
> looking for a line ending in two 3 digit numbers separated by a / --e.g
> 162/162.
>
> If those two numbers are not equal, or either is 160, you are not up to date
> yet, and need to retry the file, check for update.
>
> A better preventative would be to update to Windows Defender--the long
> awaited beta2 version, available here:
>
> http://www.microsoft.com/downloads/d...displaylang=en
>
> Just download and run--it will take care of removing the old version.
>
> The issue you are writing about is a false-positive--i.e. Microsoft
> Antispyware identifies innocent software as something bad. In fact, the
> files are fine--and needed by Symantec's antivirus application.
>
> --
>
> "Angela" <(E-Mail Removed)> wrote in message
> news:5B400F2B-33AE-4045-8396-(E-Mail Removed)...
> >I use Symantec Antivirus as anit-virus software, when I use Microsoft
> > Antispyware scan my comouter, 2 files always are detected as spyware. One
> > of
> > them us PWS.Bancos.A Password Stealer, information is as follow:
> >
> > Infected registry keys/values detected
> > HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6
> > HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AddressCache\GWLICSVR
> > ScanEngineVendor NAV
> > HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> > ProductLanguage SymAllLanguages
> > HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> > ProductVersion MicroDefsB.Old
> > HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1
> > ProductName Avenge 1.5
> >
> > ......
> >
> >
> > DTService Spyware more information...
> >
> > Infected files detected
> > c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtdl.dll
> > c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtsm.dll
> >
> > I have no idea if there is real spyware or something else. Because after I
> > remove them , the anti-virus software doesn't work anymore.
> >
>
>
>