britney and Symantec Corp

So easily recognizable as a virus or trojan is britney.scr.
I check it with updated Trojan remover....says it's clean
I check it with updated Nortons....says it's clean.
Double click it (I know, I know....) and the Norton warning goes off
about quarantining a trojan (might be phatbot) then Nortons
disappears, won't start, and I must clean up the mess.

The question is, why would Norton NOT recognize it when I say "scan
the file" but once it starts, Norton notices, and then can't seem to
protect itself?

No flames about the double click.

TIA

---tns

"TNS" <TNS@nospamintexasoranywhereelse.com> wrote in message news:if4q501ucc079gjdh8j9ote6l1ht9i0mkd@4ax.com...
>
> So easily recognizable as a virus or trojan is britney.scr.
> I check it with updated Trojan remover....says it's clean

Not really I think. Perhaps it said it found nothing suspicious?

> I check it with updated Nortons....says it's clean.

Same as above?

> Double click it (I know, I know....) and the Norton warning goes off
> about quarantining a trojan (might be phatbot) then Nortons
> disappears, won't start, and I must clean up the mess.

The fact that it has recognized "something" tells me that the
already running executable was able to drop something that
*was* recognizeable as well as whatever else it might have
done. Since the program was already running you cannot
"prevent" its actions unless the "preventing" program is able
to recognize a malicious process and stop the process - the
"preventing" program runs in its own time slice as does the
malicious process, so by the time a malicious process gets
recognized it may be too late to prevent damage

Unrecognizeable malware runs and drops recognizeable malware
and initiates "AppKill" to disable the AV, firewall, whatever. The
AV says "alert trojan detec{ackkkk}and dies. The unrecognizeable
malware continues to do whatever it was programmed to do.

> The question is, why would Norton NOT recognize it when I say "scan
> the file"

Packed or encrypted with an unsupported runtime unpacker
or encryptor maybe? Or maybe it was just something new?

Just guessing.

> but once it starts, Norton notices, and then can't seem to protect itself?

Norton (or any AV) can't protect you from yourself, *you* ran
the executable that Norton told you basically nothing about. 'No
malware found' does not mean 'no malware present' only 'no
malware found'.

If the malware in question gets spread around enough then maybe
they will add detection for it - if you weren't so eager to be the
first one on the block to get burnt (i.e. a "cooling off" period for
programs of questionable nature) would likely have prevented
this mess because someone else would play the "canary in the
coalmine".

It is a good thing it wasn't a BIOS flash routine huh?

I know...I know... --you know already. ;o)

Thanks for the info

>
>It is a good thing it wasn't a BIOS flash routine huh?<--You got that right! I was pretty sure it was a trojan, and it was.
I think my experimenting days are over, though. I can stay clean if I
want

Your information was quite informative! Thanks!

---tns!
>
>I know...I know... --you know already. ;o)
>
>