Trend Micro PC Cillin 2006 vs. Norton Anti-Virus 2006??

Hello everyone,

I had been running the trial version of PC Cillin for about 60 days or however long the trial is. When the time came to buy it, I did because I always have nightmares with people installling NAV (any version) on their computer and me trying to fix it. I had a guy who I felt was really knowledgeable recomend Trend Micro PC Cillin to me, I was convinced NAV was an inferior product due to all of the problems Norton can cause. I was running Trend as my main virus auto-protection/auto-scan, firewall, etc

...and I had AVG free set to automatically update, but not auto protect or scan. I would manually scan with AVG every other week or so. I would run Adaware and Spybot regularly as well with little to no significant issues arising.

Neither AVG nor Trend would find viri. I did knowingly get a trojan ONCE from using P2P program (i know...tsk tsk). But Trend 's autoprotect spotted the problem and seemingly quarantined the files right away. This was some time ago though, an no threats have been found since.

Well, for shits and giggles I decided to run the online Norton Security and Anti-Virus checks. The Security check was clean, but the Virus check found 2 files associated with a trojan. LSSAS.EXE and MS32.DLL .

Now I'm questioning Trend. Any thoughts?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom-J-LaelAuthor Commented:

Is it possible that those two files , LSSAS.EXE and MS32.DLL were just "schrapnel" if you will from the quarantined trojan? Because like I said, Trend and AVG never found any other issues after the fact, and the Symantec Online Virus Scan found those two files, but never found any memory resident viri.

The only reason why I question is I was checking my System Logs in Event Viewer. Daily I'm getting the following Warning.

*** Source:LSASRV
Category: SPNEGO
Event: 40961
The Security System could not establish a secured connection with the server DNS/  No authentication protocol was available. ***

I have no idea what that domain is.

On 3/18 (still significantly after the infection) I had a couple warnings

***Source LSASRV
Category: SPNEGO
The Security System detected an attempted downgrade attack for server cifs/WGT634U.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)". ***

WGT634U is my default gateway.

I've also had this error

**Source: Dnsapi
Category: None
Event: 11165
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

   Adapter Name : {1657F8BE-4574-43CB-BE2E-2E5ABB38BD37}
   Host Name : johnny5
   Primary Domain Suffix : TestEnterprise.local
   DNS server list :
   Sent update to server :***

Why would it try to send an update to a server that is not my DNS server and is not on my subnet ??
Greetings, Tom-J-Lael !

Antivirus program check for virus, no adware.  So PC Cillin and AVG missed the adware trojan.  You need an anti-adware program, like BitDefender, to actively protect you from adware.

Best wishes!
If you're looking for a Security Suite (Antivirus/antispyware/firewall) you should look at this PC Magazine story,1895,1891834,00.asp

though I'd make one comment regarding the trojan - if PC-Cillin was a trial version that was not being updated after the end of the trial, that could have caused it to miss the malware that wound up on your PC.  Otherwise, I'd recommend you go with the editor's choice in the category, ZoneAlarm Security Suite.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Trend is very good.  NOD32 is good too, a little technical.  I use both for virus scanning.   Webroot Spysweeper and the Microsoft Anti Spyware + Spybot and Lavasoft's adaware are the way to go.  If no firewall is present i.e. not xp, use pccillin - it has a firewall too.  Your not done :-(  Now we scan for rootkits (rootkitrevealer at sysinternals) and panda's beta rootkit tester, and then for trojans, trojan hunter and ewido are good at that.

Tom-J-LaelAuthor Commented:
tahnks to everyone for the input. I have been using PC-Cilling firewall, and even though it was a trial version, it was consistenly being updated with automatic updates. The same is true with AVG. I've used Sysinternals RootKitRevealer but never really understood the output. I'll take a look at the other things suggested.

many thanks!
Tom-J-LaelAuthor Commented:
PS. I tried to split the points between all three but couldn't apologies davidis99
Post here and ask for the split.  They will fix it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.