I have had 3 files now in the last week where my Norton Community watch log, going back to 1/27/09 and as recent as 2/7/09, that indicated something about Vundo sample submission. It indicates low risk and no action needing to be taken
the 3 files in question are
ehtray.exe
qsp2ie07076007.dll (associated with move networks program)
and a dll file associoated with PC Doctor
ehtray.exe and the dll file associated with PC Doctor program were on my computer at the time of purchase (computer bought new). All 3 of the files in question show no recent modifications.
Now wehn I scan all 3 of these, they come up clean. However as I watch the specific custom scan of each of these items, I notice that there is a quick flash indicating threat but then it goes away and the scan shows clean. Is this quick flash due to the "suspicion, but unfounded" and thus shows clean? I also emailed these files to another of my email adress that I have with yahoo. The yahoo email uses Norton as it's built in antivirus. So when I go to "download" the file from the email it scans clean (I then discontinue the download)
so two bottom line questions
1. Has there been a higher rate of "false positives" on the detection of suspicious Vundo?
2. is the quick flash of threat then change to no threat when running a specific scan on the file due to the non-confirmed problem (ie the concern but no threat)?
I don't mind the false positive. makes me feel like Norton is super secure