From mskremote@yahoo.com Wed Oct 24 17:15:51 2012
Subject:Re: OT ANTIVIRUS too often malicious warnings


Rafael,

I have Symantec SEP on my machines (corporate version of Nortons). I recently got a worm on one machine that hi-jacked my browsers and pushed very google link to a rapid succession of pay per click sites. My research indicated that I had recent mutation of worm that had been around for 3 or 4 years. The were tips on how to remove it but this involved system level editing of core Windows dll's.  I found a utility that Kaspersky had released that automated the process and had cleaned the machine and fixed it inside the 2 hours it took Symantecs engineers in SF to call me back after logging the issue via their corporate "Gold" level support service.

Rather embarrasing call for Symantec, I had traced the infection to a specific file that I had downloaded that was spoof of the legitimate file I thought I was downloading and immediately deleted it, Symantec requested a copy of the payload so they could update their signature file which I said I would have to download again and I was not prepared to take the risk  as Symantec did not recognise its signature.  I asked why it was not recognised by SEP as there were web reports of this mutation's existence going back 6 months and suggested they note that the problem was solved by the Kaspersky utility and to refer to Kaspersky's website for further information.

Based on this experience as you would already know not to use Symnatec/Nortons I would suggest Kaspersky. (they also happen to the main sponser of the NRL team I support!!)

Cheers

Mark  

[Non-text portions of this message have been removed]