Two weeks ago, I finally quit procrastinating about updating my Antivirus software. I’d been running Norton Systemworks 2002 for a while and the updates expired in late June. My intentions were to remove Systemworks and install the latest release of Norton Antivirus. I’ve been holding back only because it seems that about a third of the time I attempt to reinstall NAV for customers, I have problems.
Most recently, I ran into a situation where the installation would rollback after getting about 90% of the way done. I diligently followed the instructions and then more instructions and never got it working. I never received a tangible error message and I couldn’t find any logging of the installation to troubleshoot the problem. I finally switched the customer to another product and moved on. Mostly, I can get the installation to work by running the uninstallers, removing all references to SYMANTEC and NORTON from the registry and then purging any lingering files from the file system, but it shouldn’t be that hard to upgrade.
I’ve had more than a few bad experiences with McAfee as well, so I decided I needed to try something new. I uninstalled most of Systemworks and decided to try AVG Free Edition by Grisoft. The installation went smoothly, I updated and ran a full system scan. AVG doesn’t include an integrated scanner for Thunderbird, but the default email scanner that hooks port 110 seems to work just fine. As a bonus, I discovered that my PC now runs about 2-3x faster than it did before. I attributed this to AVG being a bit leaner than Norton and patted myself on the back for being so smart.
The only oddity I discovered is that AVG remains convinced my 11 year old DOS program for processing credit cards is infected with an unknown virus. I don’t even use the program any longer, but I’m loathe to delete it. Sadly, the free version of AVG doesn’t allow me to exclude that file from the scan. Ah well, the price was right and AVG isn’t interfering with it.
Today, I decided to look at my logs to see what else I might have missed and I notice that AVG quarantined a file allegedly infected with Trojan horse Dropper.Agent.8.B. I expect infected files to pop up occasionally because not all of my email addresses have built in AV filtering, but this particular file was C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe. I’m wondering how the hell an infected file made it so far into my system. On my home computer, I have the connection firewalled, behind a NAT interface and I’m very conservative about what programs I install and run.
First, I google the file itself to see what it does. MSDN says it is an Indexing Component for the Indexing service. I decide to google the bug to see what it does. I immediate find dozens of hits all pointing to this post basically saying the problem is a false positive by AVG rather than an actual Trojan.
The file has now been restored and I suffered no ill effects. From the posts I read, I saw that others detected the file in the DLL cache, the system restore cache and in other places. A quick search of my hard disk turned up 4 copies of the file. Now I’m worried that AVG isn’t doing a thorough job. If it found one copy, shouldn’t it have found the others? More things to research I guess.