Defender doesn't identify Malware!

[Guest]

Tonight I spent considerable amount of time with malware that is identified
as Calco.exe and seems to effect the 16bit Windows subsystem. It tends to sit
in the system32\directx subdirectory. It may also be controlled by a
callc.exe or callc.dll, not sure. I just thought it was strange that a web
search showed at least two other malware / antispyware companies knew about
the trojan. But nothing showed up on Microsoft's site period nor for that
matter Symantec's site. Defender didn't catch it at all but it was freaking
out my system. Anybody else familiar with this? I had to use SuperAntispyware
to identify and remove the trojan. Why isn't Defender staying on the ball. I
have been promoting this product to all my customers and now it seems to be
way behind the attacks.

 

[Guest]

Simmer down, Ed.

First, NO THREAT SCANNER IS 100% ACCURATE, NOR ARE THEY 100% INFALLIBLE!

According to VirusTotal, as many as fifteen out of sixteen parasites escaped
detection by at least one popular threat scanner. That is sufficient reason
to use multiple scanners every day! (Moreover, I certainly would not hold
flawed Symantec products up as any sort of "standard" to which other products
should conform.)

Second, Defender is a Beta product. (e.g., It is not yet a retail product.)
As such, it doesn't have to perform. AT ALL! That is why we are all
*TESTING* it.

Third, you get what you pay for. Actually, I rather like the
price-performance of Defender, under the circumstances.

Lastly, *NEVER* rely on any single anti-threat scanner to cover your
backside, lest you lose the whole of your posterior due to ignorance. I
recommend a minimum of three alternative anti-threat scans. A nice
collection may be found through the Internet Security link in my sig.

 

[Guest]

Scott D,
Thanks for the whipping! Ouch it stings! I have been using several
antispyware/malware scanners but I will check out your "sig" and see what
ones you recommend. Obviously I must be using the wrong ones.
I was just saying it was odd that Microsoft or Symantec didn't even mention
it at all on their websites, search turned up zero!? Obviously I just can't
believe I was the only one of their users that just happened to be the first
person to ask or be infected with this particular malware. Two of the
companies that knew about the malware evidently had known about it for at
least a couple of months. I would have thought especially after all the
sharing that occurred recently at the Microsoft security summit with these
very same companies that some sharing of information would be occurring in
the industry.
Now as far as Defender goes, I'm not complaining as it's free but calling it
Beta? Come On, they bought the product. It was an existing product that they
just put a new user interface on. Even Sunbelt Software uses the same engine
on thier product and has for quite a while so that little Beta excuse is
running thin. The fact that it's free - that's just Microsofts new PR
program. Get people to use it (one vendor - one source) while initially not
having to support it and then start charging for it.
As far as Symantec - I don't use Symantec for anything other than
Anti-virus. Being in this business for over 25 years, and using Peter
Norton's products for years befor e Symantec, I can honestly say I have never
been burned on thier product. I'm not saying all thier products are the
greatest, but once again - I happen to be the only one that has had to deal
with this malware that is at least a month or two old? I doubt it. I just
wanted to post and see if anyone else had had a similiar experience as I
almost wondered if this malware was real or some false positive to get me to
purchase these companies products. It was one of extremely few infections
that I have ever had. But thanks again for the reponse - I stand corrected.

 

[Guest]

Hey Scott,
After checking out your site and seeing several of the products you
highlight or advertise on your site, I used several of these exact same
products including HiJack This, Ewido, McAffee, and Panda's product, and all
of them said my system was clean and hunkey dorey. So I am definitely puzzled
now. But thanks again, I am enjoying your website immensly though - thanks
for the link!

Ed R

 

[Guest]

You stand corrected? You must be wearing elevator shoes. ;-)

I too was a stauch supporter of Snortin' Norton since day one.
Unfortunately, Symantec has NEVER been on top of signature updates. Until
the past year, that really did not matter much. Now it does. Their three
major vulnerabilities that have arisen in the past few months also do not
bode well for a vendor of security products.

Might I suggest that you submit the suspect file to VirusTotal and get back
to us with the results. I suspect that at least 50% of the 25 AV engines
will be clue-impaired and the other half (or less) will identify the suspect.

Please let us know.