We recently go hit by a virus. We are about to get rid of Symantec and go with Trend Micro for our Antivirus solution. During this last outbreak we experienced our Internet connection getting saturated by traffic. We have since cleaned every pc using Clamwin. My question after extensive Internet searching is whether the virus "Trojan.Aavirus" is actually a virus, spyware, or something that Norton uses. I am finding mixed results on it online. One link I found that makes sense about it says "This parasite, as it is clear from its name, specializes in disabling the defense installed on the target computer. This technique is tremendously dangerous, because it makes system unable to resist other destructive parasites. What is more, AntiAntivirus also tries to download various Trojans and install them onto the infected machine." http://logiguard.com/spyware/a/antiantivirus.htm
This would make sense because of the virus outbreak that effected our Internet connection. It would also make sense because I am wondering how pc's running Symantec 7.5 allowed virus' (Trojans) to infect pc's.
The webpage in the above link mentions that the full name of "Trojan.Aavirus" is antianitvirus. When I searched for more info on this virus I found sites that gave me more info on this spyware program. I have not found one instance of a pc that is being reported by Clamwin as infected, that was running the anti.exe process as described in the first link. I also found a couple of sites that say this is not really a virus http://forums.clamwin.com/viewtopic.php?p=530&sid=cc49b92235dbf46f77c5c2c52303786c
So my questions are these:
If this was really a false positive it seems that if Clamwin was having you remove a component of your Corporate Antivirus solution that Clamwin would have been updated by someone with such a serious flaw quickly.
If this is not a component of Symantec the only thing that makes sense to me is that another version release other than 7.5 fixes this problem and Symantec considers this a spyware program and not a virus. Am I correct?
I guess my last question is if this is not a virus or a threat to my network why did I have so many Trojans infected on my pc's/servers (maybe 1 out of 5) and shareware installed on pc's/servers that I KNOW no one but me touches (our domain controller for one).
Before I began to clean infected pc's I ran a virus sweep with Symantec Corporate 7.5 and my Internet bandwidth was maxed out. Symantec did not catch the virus' that Clamwin's found (big surprise) and as I cleaned pc's/servers I saw my bandwidth usage dropping. Is it just a coincidence that I got this "antiantivirus" reporting back to me, with another site that says it is a destructive parasite that tries to download other Trojans and install them on infected pc's, when I really had another virus on my network?
Thanks in advance. I will give 500 pts to anyone who can give me a good explanation about the "Trojan.Aavirus" being reported as a infected file by Clamwin.