Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Spyware and malware

Updated: 26 May 2010 | 2 comments
camaroguy's picture
camaroguy
0 0 Votes
Login to vote
This issue has been solved. See solution.

 Some of my techs run anti-malware bytes which is free and it finds items like this on the computer.
 SEP 11.4 install with the newest dat files on the machine.

Anti-malware log file:
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

So here is my questions...

1.  Is what anti-malware finding even valid?
2.  is what anti-malware is finding leftovers from a incomplete clean from SEP.
3.  What are these reg setting doing?

Any help ir insight to all of this would be great.

discussion Filed Under:
, ,

Comments

Vikram Kumar-SAV to SEP's picture
18
Nov
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

 Malware bytes over here

 Malware bytes over here cleaning leftover reg entries by SEP. However it doesn't mean the free version will only detect left overs.

Every AV has diffrent definition sets and they catch different types of malwares. So it is quite possible that a threat may not be detected by SEP but would be detected by Malwarebytes ( or nay other AV in the market)
It is also possible that SEP will detect it but others won't or some will some will not and it is also possible that there ( which is most of the times ) that there will be a virus but none AV companies will detect it.

Find you find that there is some file that other AV ( ANy ) is detecting a threat and SEP is not submit the file to https://submit.symantec.com/basic so that SEP can create definitions for it.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION
teiva-boy's picture
18
Nov
2009
0 Votes 0
Login to vote
teiva-boy

 What I've found is that SEP

 What I've found is that SEP will do great on getting at the files that are infected, clean those out, but there is a lot of cleanup left over that SEP doesnt deal with.  Thus, following up with a cleanup tool.

So malwarebytes is a great cleanup tool to follow up with after SEP has dealt with the infected files.


There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,006