Thread: Infection messages?
View Single Post
  #100  
Old January 1st 10, 12:28 PM posted to microsoft.public.security.virus,microsoft.public.windowsxp.help_and_support
FromTheRafters[_3_]
external usenet poster
  
Posts: 102
Default Infection messages?
"Kevin Zoll" wrote in message
om...

[...]

The problem is that another security application deletes the non-
malicious history file at system start. Which in turn triggers A-
squared. A-Squared wrongly sees this as malicious activity. I know
what index.dat is and I know who Butts is, and his unethical
practices.

Thanks for responding. I wouldn't fault AČ for alerting to "suspicious"
activity as well as malicious activity, but those messages do seem to
indicate that an attempted deleting of an already deleted file is the
problem.

The alteration, deletion, creation and replacement of files at system
start is very common with malware. Security applications should
monitor
this kind of system activity. Why A-squared is even trying to delete
index.dat is beyond me, and is something I will be discussing with the
developers.

Please do share with us whatever information you can.

However, the point here is that one security application is doing one
thing while the other security application is doing another.
Conflicting
with each other.

Yes, and the discussion the OP had with support outside of usenet did
indicate this as well (others may have missed that part). I, too, see
this as a case of too many antispyware (privacy) programs causing
conflict by trying to affect the same resources (as well as "overkill").
It just seemed to me that checking for the existence (if...then) of the
file prior to attempting to delete it would resolve this conflict.

A-squared Anti-Malware has both an AV engine and an AS engine. People
shouldn't be running 2 resident AVs. Kaspersky and A2AM are known to
interfere with each other. Something I would like to know is if beta
udpates was enabled. There a serval changes forth coming in A2AM and
if
the user has beta updates enabled or disabled would be nice to know.

Hopefully the OP will read your post and respond on that point.

I normally don't post in news groups. Since David pointed this out
too
me the other night, I took the time to read this thread and the one at
the EMSI Support forums.

I will be bringing this to Christian's and/or Fabian's attention, as
soon as I can catch either or both on IM.

Thanks for participating, it is nice to have knowledgeable posters join
in.
Ads