Symantec: The Borg are ever present...
All this from the company that `assimilated' Sygate... originally to expand their complete line of coverage for Symantec Firewall products. Yeah, that got k/o'd real quick, save their Enterprise lineup.
No respect for Symantec any more
I swore by the corporate version of Symantec antivirus for years. My company would get renewals and I would update as they came out. It would get new definitions on a daily basis.
About 2 months ago, however, my computer became infected with some sort of trojan that actually used the Symantec email proxy as its method of spamming/spreading. My computer tried to send out THOUSANDS of emails, dozens at a time. Thankfully I was able to catch it before many went out by turning off my cablemodem. I did a complete scan with Symantec, it found nothing, but nowhere could I find where these emails were being stored in order to delete them from Symantec's queue. Every time I activated my modem, the emails would try to send.
Finally, I uninstalled all of Symantec, powered on my modem, and went to the free.grisoft.com site to download the free AVG antivirus. During the install it detected and removed 3 trojan programs that were running on my computer, one a "trojan proxy tool" that obviously was designed to use proxies like the Symantec.
I emailed Symantec support, even included the found files, but they denied that their product was being used by any malware (even though I sent them system logs which proved it was). They were far more concerned with anyone else finding out their product was actually being targeted and thus unsafe than in attempting to correct the problem.
I'm now a paid AVG antivirus user and will never, ever go back to Symantec products. And neither will my company, we've cancelled all Symantec product use.
Norton is simply not worth the trouble
Resource hogging software that is far worse to remove than malware! I despise the amount of time Symantec has cost me in "repairing" PCs both at work and privately, when the only fault was there garbage software.
Spybot has been a faithful friend for many years.
IF statement needed in detection...
If you want to detect Norton, only do it if the following condition is true...
If there is a copy of NPROTECT.EXE on the hard drive, you can call the norton install hostile/malware. This program is the infamous Norton Rootkit (Aka Protected Recycle Bin). I found a Direct Connect++ p2p client running on my machine from inside the hidden (from the API) directory.
***ADVANCED USERS ONLY***
To neuter it, rename NPROTECT.EXE to XNPROTECTX.EXE and reboot. Then prowl your recycle bin via CMD prompt, and INSIDE (not at recycler root) every directory of your recycl~1 type in these 2 commands.
attrib *.* -S -H -A -R
attrib *. -S -H -A -R
Then go about deleting all the files you find therein. Don't delete the directories, unless you are sure you can. Never ever delete the root recycler directory.
As long as NPROTECT.EXE cannot be found at boot, then the rootkit cannot run.
(I of course take no responsibility for what you may injure following above setps)
Zap