mailing list archives
Microsoft AntiSpyware attacks Norton AV?
From: "Joel R. Helgeson" <joel () helgeson com>
Date: Sat, 11 Feb 2006 01:28:20 -0600
Is anyone else seeing/experiencing this?
A customer of mine stated that Microsoft AntiSpyware updated its signature files between 2/9 and 2/10 to signature
When it scanned each system it found a Trojan called PWS.Bancos.A (Password Stealer) - Level: Severe
When it quarantined the bug, it also rendered the Symantec Anti-Virus helpless. The Rtvscan.exe kicks up to 100% CPU
The only way to stop it is try to end process in task master or reboot the computer system. Either will release the
CPU however, how the
Symantec Antivirus is corrupt and not usable.
My take on what has happened:
The PWS.Bancos.A virus was apparently distributed with the Bagle worm, it attacked and shut down Microsoft AntiSpyware
as well as deleted executable files and killed running processes for anti-virus software.
It appears that MS AntiSpyware incorrectly identified some parts of Symantec's AntiVirus as being the trojan and then
went to delete the infection. Once deleted, It threw Symantec AV into a tailspin causing 100% CPU utilization wherein
upon reboot or killing the offending task, SAV was rendered useless and needing to be reinstalled.
Microsoft very quickly released signature version 5807 to correct the mistake.
Anyone else seeing this?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Microsoft AntiSpyware attacks Norton AV? Joel R. Helgeson (Feb 11)