We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Trend Micro PC Cillin 2006 vs. Norton Anti-Virus 2006??

Tom-J-Lael
Tom-J-Lael asked
on
Medium Priority
5,837 Views
Last Modified: 2012-08-14
Hello everyone,

I had been running the trial version of PC Cillin for about 60 days or however long the trial is. When the time came to buy it, I did because I always have nightmares with people installling NAV (any version) on their computer and me trying to fix it. I had a guy who I felt was really knowledgeable recomend Trend Micro PC Cillin to me, I was convinced NAV was an inferior product due to all of the problems Norton can cause. I was running Trend as my main virus auto-protection/auto-scan, firewall, etc

...and I had AVG free set to automatically update, but not auto protect or scan. I would manually scan with AVG every other week or so. I would run Adaware and Spybot regularly as well with little to no significant issues arising.

Neither AVG nor Trend would find viri. I did knowingly get a trojan ONCE from using P2P program (i know...tsk tsk). But Trend 's autoprotect spotted the problem and seemingly quarantined the files right away. This was some time ago though, an no threats have been found since.

Well, for shits and giggles I decided to run the online Norton Security and Anti-Virus checks. The Security check was clean, but the Virus check found 2 files associated with a trojan. LSSAS.EXE and MS32.DLL .

Now I'm questioning Trend. Any thoughts?
Comment
Watch Question

Author

Commented:
PS...

Is it possible that those two files , LSSAS.EXE and MS32.DLL were just "schrapnel" if you will from the quarantined trojan? Because like I said, Trend and AVG never found any other issues after the fact, and the Symantec Online Virus Scan found those two files, but never found any memory resident viri.

The only reason why I question is I was checking my System Logs in Event Viewer. Daily I'm getting the following Warning.

*** Source:LSASRV
Category: SPNEGO
Event: 40961
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org.  No authentication protocol was available. ***

I have no idea what that domain is.


On 3/18 (still significantly after the infection) I had a couple warnings

***Source LSASRV
Category: SPNEGO
Event:40960
The Security System detected an attempted downgrade attack for server cifs/WGT634U.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)". ***

WGT634U is my default gateway.

I've also had this error

**Source: Dnsapi
Category: None
Event: 11165
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {1657F8BE-4574-43CB-BE2E-2E5ABB38BD37}
   Host Name : johnny5
   Primary Domain Suffix : TestEnterprise.local
   DNS server list :
           192.168.1.1
   Sent update to server : 192.1.1.1***

Why would it try to send an update to a server that is not my DNS server and is not on my subnet ??
CERTIFIED EXPERT
Top Expert 2008
Commented:
Greetings, Tom-J-Lael !

Antivirus program check for virus, no adware.  So PC Cillin and AVG missed the adware trojan.  You need an anti-adware program, like BitDefender, to actively protect you from adware.

http://www.bitdefender.com/


Best wishes!

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
If you're looking for a Security Suite (Antivirus/antispyware/firewall) you should look at this PC Magazine story

http://www.pcmag.com/article2/0,1895,1891834,00.asp

though I'd make one comment regarding the trojan - if PC-Cillin was a trial version that was not being updated after the end of the trial, that could have caused it to miss the malware that wound up on your PC.  Otherwise, I'd recommend you go with the editor's choice in the category, ZoneAlarm Security Suite.

http://www.zonelabs.com/store/application?namespace=zls_catalog&origin=catalog_main.jsp&event=link.skuList&dc=12bms&ctry=US&lang=en&lid=ho_zass

Commented:
Trend is very good.  NOD32 is good too, a little technical.  I use both for virus scanning.   Webroot Spysweeper and the Microsoft Anti Spyware + Spybot and Lavasoft's adaware are the way to go.  If no firewall is present i.e. not xp, use pccillin - it has a firewall too.  Your not done :-(  Now we scan for rootkits (rootkitrevealer at sysinternals) and panda's beta rootkit tester, and then for trojans, trojan hunter and ewido are good at that.

-gsgi

Author

Commented:
tahnks to everyone for the input. I have been using PC-Cilling firewall, and even though it was a trial version, it was consistenly being updated with automatic updates. The same is true with AVG. I've used Sysinternals RootKitRevealer but never really understood the output. I'll take a look at the other things suggested.

many thanks!

Author

Commented:
PS. I tried to split the points between all three but couldn't ...my apologies davidis99

Commented:
Post here and ask for the split.  They will fix it.  http://www.experts-exchange.com/Community_Support/

-gsgi
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.