PDA

View Full Version : Spybot Resident and Symantec


dsipp
2006-11-29, 05:35
I have Symantec 10.1.5.5 and Auto Protect keeps popping up with Trojan Start Page 4xxxxxxx.qsp. SB scans find nothing. Resident blocks all the changes and the Resident Log shows these entries:
11/28/2006 8:23:28 PM Denied value "Start Page" (new data: "http://securityresponse.symantec.com/avcenter/fix_homepage/") changed in Browser page!
11/28/2006 8:23:28 PM Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
11/28/2006 8:23:29 PM Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
11/28/2006 8:23:29 PM Denied value "Search Bar" (new data: "http://search.msn.com/spbasic.htm") changed in Browser page!
11/28/2006 8:23:29 PM Denied value "Start Page" (new data: "http://securityresponse.symantec.com/avcenter/fix_homepage/") changed in Browser page!
11/28/2006 8:23:29 PM Denied value "SearchAssistant" (new data: "") deleted in Browser page!
11/28/2006 8:23:30 PM Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "Search Bar" (new data: "http://search.msn.com/spbasic.htm") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "Start Page" (new data: "http://securityresponse.symantec.com/avcenter/fix_homepage/") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "SearchAssistant" (new data: "") deleted in Browser page!
11/28/2006 9:23:32 PM Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "Start Page" (new data: "http://securityresponse.symantec.com/avcenter/fix_homepage/") changed in Browser page!
11/28/2006 9:23:32 PM Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!


Who is the culprit here? Sb, Microsoft or Symantec? Other?

TIA

Dsipp
md usa spybot fan
2006-11-29, 14:52
It appears to me that an attempt is being made to reset the registry entries to their default values with the exception of the Start Page (Home Page) which is being set to a Symantec Web page:
http://securityresponse.symantec.com/avcenter/fix_homepage/
That Web page contains instructions on how to set your Home Page.

Although this is speculation, one could assume that Symantec having encountered what it identified as a "Trojan Start Page" is attempting to reset the "Start Page", "SearchAssistant", "Search Page" and "Search Bar" entries in the registry and you are denying those changes with TeaTimer.
dsipp
2006-11-29, 15:39
I agree. Looking for that root cause?