O.S. is NT server (don't laugh), Norton/Symantec Corporate AntiVirus 8.01
I have been getting numerous W32.DetNat alerts, all over my NT servers. It's not hitting 2003 servers, but it has hit one Win2000 workstation.
The alerts have been preceeded by alerts for PWSTEAL lineage.
However, when I run AVG or TrendMicro on-line scan, they find nothing. I searched for a couple of days on the net, but could find no reports of false positives until I came across Sopho's site saying Symantec may have a false positive (See http://www.sophos.com/virusinfo/hoaxes/pwsteal.html
Has anyone else been seeing what might be "false positives" from Symantec on W32.DetNat ?
Also, NAV's write up of DetNat does not quite match what I am seeing, for example they tell you to look for a HKLM\Software\Microsoft\Wi
ent Version\Run\Delphi key - I haven't seen that anywhere on the servers that report themselves infected.
To my chagrin, I have had NAV deleting infections as the primary option for the last 3 years. I thought it was better to kill something immediately. Since it has deleted (apparently) uninfected files I have to go to backups..
I set NAV to clean, and if it can't, leave the file alone. I finally stopped NAV and am running AVG temporarily.
Oh, and my NAV corporate server was one of the infected servers.
Anyway, anyone else seeing W32.DetNat's out there that other AntiVirus products don't see ?
Thanks in advance,