Norton AntiVirus disabled ater removing password stealer threat

[Guest]

I downloaded the latest Microsoft Anti-Spyware definitions (February 10, 2006
at 8:53:10 AM) and ran a LiveUpdate in Norton Anti-Virus corporate edition
this morning. After downloading, I ran a scan in both NAV and MSAS. The NAV
scan detected nothing but MSAS detected the PWS.Bancos.A password stealer on
my computer.

MSAS said there were 1405 infected registry locations and most of the
reported infected locations look like they were associated with Norton
Anti-Virus. Our systems here are auto-protected with a NAV server.

I had MSAS remove the threat. Now, after reboting NAV is disabled and I
cannot start it from the 'Open Symantec AntiVirus...' menu item when I click
on the SysTray icon, nor can I find NAV in Add/Remove programs to repair it.
The NAV SysTray icon has an exclamation point. MSAS appears to be working
normally.

Does anyone have any ideas?

Thanks!

 

[Guest]

Experienced the same. tried 3 versions of Symantec corporate AV (v8-v10) from
seperate sources. also tried 3 different computers (1 not even on same
network). Hijackthis and AdAware don't detect pws.bancos.a If I allow MS-AS
to remove pws.bancos.a then Symantec is disabled, threat no longer detected,
re-install Symantec, rescan with MS-AS, threat back. Has to be false?

 

[Guest]

Had the same this happen this morning to both computers at work. We have the
corp. addition of norton anti virus. I cannot now reinstall norton or
unistall and have an explaination point on the virus shield also.

 

[Bill Sanderson]

This is being corrected with a rev to the definitions, which should be
available in the next few hours, if not already.

--

 

[Guest]

I downloaded the latest Microsoft Anti-Spyware definitions (February 10, 2006
at 8:53:10 AM) and ran a LiveUpdate in Norton Anti-Virus corporate edition
this morning. After downloading, I ran a scan in both NAV and MSAS. The NAV
scan detected nothing but MSAS detected the PWS.Bancos.A password stealer on
my computer.

MSAS said there were 1405 infected registry locations and most of the
reported infected locations look like they were associated with Norton
Anti-Virus. Our systems here are auto-protected with a NAV server.

I had MSAS remove the threat. Now, after reboting NAV is disabled and I
cannot start it from the 'Open Symantec AntiVirus...' menu item when I click
on the SysTray icon, nor can I find NAV in Add/Remove programs to repair it.
The NAV SysTray icon has an exclamation point. MSAS appears to be working
normally.

Does anyone have any ideas?

Thanks!

 

[Guest]

I called micosoft this afternoon, they are aware of the problem but they dont
have a fix for it yet. Something to due with a conflict between beta and the
corporate addition of anti virus.

 

[Bill Sanderson]

Please download definition set 5807--available now--it should fix this False
Positive.

--

 

[Guest]

I have the same problem, but I attempt to uninstall norton av and it doesn't
uninstall. I have norton 8.1 CE on, so I tried installing norton CE v10 and
it wouldn't install over the older version. Any ideas on getting Norton on my
System?

 

[Guest]

updated to 5807 and after removing PWS Bancos A Password Stealer from 4 of my
computers in apperared again after updating to 5807. Symantec corp is still
down on my computers. In another thread I read it knock out key registrys
See thread Def Version #5805 relealed.. Read JeffS post.

So what now since version 5807 after updating creates same problem.
Can not unistall norton corp and looks like I have no protection now.
What else did it destroy?

SteveR

 

[Guest]

I have the 5807 but it still gives false positive.
Do I have to uninstall the Norton Antivirus and
reinstall it?

 

[Guest]

You need to uninstall the antivirus program as posted on symantec's site,
remove the anti spyware, and reinstall the Symantec.

 

[Bill Sanderson]

I think you will need to reinstall Symantec Antivirus to fix the actions
taken in the removal process.

I have minimal experience with Symantec corporate versions--in general, I've
been able to fix issues with them by uninstalling and reinstalling. Such
uninstall/reinstall may well require passwords and permissions from central
IT administration to accomplish.

--

 

[Bill Sanderson]

If you have not told Microsoft Antispyware to clean the infection, have it
ignore the finding, and take no action.

Please do another File, Check for updates. Then go to Help, about, and
press the diagnostics button and look down the list for a line ending in a
pair of numbers separated by a /

162/162 for example.

If these two numbers are equal, the update has completed properly, and the
false positive should be gone. Otherwise, the update has not yet been
completed fully, and you should re-try, via file, check for updates.

--

 

[Bill Sanderson]

--

You need to uninstall the antivirus program as posted on symantec's site,
remove the anti spyware, and reinstall the Symantec.

 

[Bill Sanderson]

If you have successfully updated to definition set 5807, and can press the
diagnostics button in help, about and see a line like this: 162/162

where both numbers are equal--not sure what the numbers will, in fact
be--then there's no need to uninstall Microsoft Antispyware. This is a
false positive in one set of definitions--5805.

--

 

[Guest]

Still hasn't happened.

 

[Guest]

Where exactly on symantec's site is this information posted? I can't find it.
We've tried for a couple of hours to uninstall/reinstall with no luck. thanks
for your help.

 

[Guest]

Also noticed that when I called Microsoft customer support they did not seem
to really care. I am removing AS for now.

 

[Guest]

FWIW, I used a restore point from yesterday to recover my Symantec registry
settings.

 

[Guest]

I have permissions and I have attempted to uninstall with no luck then I
tried to reinstall over the old install and it doesn't work either. For some
reason it has put my Norton Corporate Edition in Limbo. The system will not
let me do anything to get what's left of my Norton CE off or put any Norton
CE back on.