anti-virus files are detected as a spyware

G

Guest

I use Symantec Antivirus as anit-virus software, when I use Microsoft
Antispyware scan my comouter, 2 files always are detected as spyware. One of
them us PWS.Bancos.A Password Stealer, information is as follow:

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AddressCache\GWLICSVR ScanEngineVendor NAV
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductLanguage SymAllLanguages
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductVersion MicroDefsB.Old
HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine1 ProductName Avenge 1.5

.......


DTService Spyware more information...

Infected files detected
c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtdl.dll
c:\Documents and Settings\angelal\Local Settings\Temp\RarSFX0\ext\dtsm.dll

I have no idea if there is real spyware or something else. Because after I
remove them , the anti-virus software doesn't work anymore.
 
B

Bill Sanderson

You are running Microsoft Antispyware beta1, and your antispyware signatures
are out of date.

Have you been successful in recovering functionality in your antivirus?
Symantec has a special tool to help you with this, and should be willing to
help you without charge, I believe.

To prevent recurrence, you need to as a minimum update your antispyware
signatures--go to File, check for update.

Once whatever happens there completes, please go to Help, about. Note the
definition version there, and then press the diagnostics button. You are
looking for a line ending in two 3 digit numbers separated by a / --e.g
162/162.

If those two numbers are not equal, or either is 160, you are not up to date
yet, and need to retry the file, check for update.

A better preventative would be to update to Windows Defender--the long
awaited beta2 version, available here:

http://www.microsoft.com/downloads/...E7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en

Just download and run--it will take care of removing the old version.

The issue you are writing about is a false-positive--i.e. Microsoft
Antispyware identifies innocent software as something bad. In fact, the
files are fine--and needed by Symantec's antivirus application.
 
G

Guest

got it! Let me try. Thanks a lot!

Bill Sanderson said:
You are running Microsoft Antispyware beta1, and your antispyware signatures
are out of date.

Have you been successful in recovering functionality in your antivirus?
Symantec has a special tool to help you with this, and should be willing to
help you without charge, I believe.

To prevent recurrence, you need to as a minimum update your antispyware
signatures--go to File, check for update.

Once whatever happens there completes, please go to Help, about. Note the
definition version there, and then press the diagnostics button. You are
looking for a line ending in two 3 digit numbers separated by a / --e.g
162/162.

If those two numbers are not equal, or either is 160, you are not up to date
yet, and need to retry the file, check for update.

A better preventative would be to update to Windows Defender--the long
awaited beta2 version, available here:

http://www.microsoft.com/downloads/...E7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en

Just download and run--it will take care of removing the old version.

The issue you are writing about is a false-positive--i.e. Microsoft
Antispyware identifies innocent software as something bad. In fact, the
files are fine--and needed by Symantec's antivirus application.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top