My computer got a nasty IE infection of some kind and it had been 2 years since I did a full reformat so I decided to finally take the plunge. Everything was going smooth and I had installed Norton Anti virus corporate edition and did several numerous scans and my system was completely wiped clean. ( note I use windows xp SP3 that’s fully updated )
However once I installed the latest version of Spyware terminator and ran a full spyware and virus scan with Spyware terminator, my auto protect Norton alerted me to a constant stream of Trojans every 5 seconds coming from my C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SYMANT~1\7.5\APTemp\ and the Trojans went by the name APQXXX.tmp ( where XXX was various numbers and letters ) and the symantic information page on the Trojan was this:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99, it also found only 2 Trojans by the name of CLAMAV~1.CLA in the C:\DOCUME~1\User\LOCALS~1\Temp\ directory that was apparently the same Trojan as the one mentioned earlier.
Now heres the puzzling part and why I may think this is some kind of false positive that’s not discovered yet ( I did a lot of searching on google and couldn’t find others with this problem )
1. I only get the constant stream of Trojans after a full spyware and Virus scan with spyware terminator WHILE spyware terminator real time protection is enabled and the only way to stop this constant 5 second stream of Trojans is to disable the real time spyware terminator protection
2. If I do a full spyware and Virus scan with spyware terminator with spyware terminator real time disabled then I only get 2 trojans by the name of CLAMAV~1.CLA in the C:\DOCUME~1\User\LOCALS~1\Temp\ directory. ClamAV is the name of spyware terminators anti virus software and this makes me strongly suspect that Norton falsely thinking Clam AV is creating Trojans of some sort ( I know for sure it is not since Spyware terminator is reputable ): http://en.wikipedia.org/wiki/Clam_AV
3. If I do a fast spyware scan with spyware terminator I get no auto protect Trojan detection from Norton at all and I believe its because the fast spyware scan isn’t a virus scan using Clam AV
4. Even though a constant stream of Trojans are detected every 5 seconds, when I finally stop the bleeding by turning off Spyware terminator real time protection I only find 4 trojans from that one incident in the quarantine even though the history logs show a Trojan detected every 5 seconds
5. I have tested this more then 3 times to confirm the results I have listed above and its consistent every time so this isn’t a one time fluke thing
6. When I do a normal full scan with Norton it doesn’t find anything, same with Spyware terminator spyware and anti virus scan ( of course after the spyware terminator scan ill get the Norton auto protect detection of the Trojans I mentioned before )
My guess is, that the virus scan part of the spyware terminator is causing the Trojan detection from Norton since its moving a file somewhere and Norton is picking it up and quickly quarantining it. All the symptoms in the Nortons Trojan description I have never experienced and so I think it’s a misdiagnosed problem. What does everyone think? Any Feedback and comments would be especially appreciated.