My yesterday's early morning NIS2009's full scan of 'our' Vista machine, reported the detection and quarantining of a trojan horse, ie; ERASER 109.2.2.4, but I've noticed a number of questionable issues surrounding this thing's 'fully resolved' status.
First, preceeding that 'full system scan' (FSS), my fully updated NIS2009 had immediately before that scan, just performed an 'idle quick scan' (IQS) which I'm pretty certain I initially read (in it's scan results) that the IQS had resolved a single threat, ie; '1 cookies') and yet some 18 hours later (as I write this post), it seemingly no longer lists anything detected. About a 1% chance my memory fails me and that I simply imagined the '1 cookies' threat.
Nevertheless I mention it as that plus the fact that I'd just before the IQS, recently ignored my brower's caution of the site I wanted to visit 'reportedly' containing malicious content and went ahead and visited the site (trusting that NIS2009 would prevent anything serious, which both seems proven true). Anyway, I immediately ran a full system scan right after the IQS and only then did NIS2009 detect the trojan horse. Aside from my rather flip lapse at browsing edicut, have I not done something I need to in NIS2009's settings and/or does anyone know if NIS2009's supposed to prompt trojan horse's at the moment they're intriduced?
What I have a hard time with is that presumably, at least browsers, if not also connected flash drives are a commonly scanned area that NIS2009 IQS's are supposed to scan, no? If 'no', then why didn't the idle quick scan detect the trojan horse? If, 'yes, then how is it that Symantec apparently doesn't consider a browser and/or a connected flash drive as commonly affectable?
I only mention that as I also notice in security history "scan results", that while it lists the IQS and my subsequent FSS, oddly the date-times of these two scans, indicates there being a differnece of some 6 hours between the two scans (when I'm fairly positive I began the scan right after the IQS finished, then went to bed. Anyway, in that the FSS lists as having taken 56 minutes to complete, is there some explanation why the date-times are 6 hours apart?
What bothers me the most out of this thing is in that I'm not running silent (I'd prefer virus alerts immediately), plus I have opted for the advanced protection, and yet I neither saw any alerts, nor does the security history seem to even record when the trojan horse was introduced.
Am I wrong and NIS2009 isn't capable of detecting a trojan horse's introduction and also isn't capable of notifying the user of when a threat was introduced (even after it's been detected and resolved), maybe I've just not got the right NIS settings for what I expect from NIS??
On top of that, if there's any difference between Idle Quick Scans and Idle Time Scans, I'm unaware of it, but IQS's are running while i've opted out of the setting for Idle Time Scans (set to "off").
The aparrent inability of NIS2009 to notify me when a trojan horse is introduced, plus the aparrent lack of sufficient scan results details (to at least indicate when the trojan horse was introduced) leaves me wondering if Symantec is doing something about where this stuff's coming from, especially since I see yet another issue when reading the security history (as follows).
I see in my the security history's advanced details, that the alert summary indicated that the details were being submitted to the community watch, but when I woke up yesterday (after some 7 hrs sleep after initiating the FSS), I see that regardless of my having opted for community watch, the threat's detail's submittal still listed as "pending" (so I manually submitted them). Something seems amuck there, no?
So at what point might I expect to hear anything back about the trojan horse's origin and/or that maybe the coded details might have provided enough details in order to hopefully be acted on (at least by Symantec notifying the responsible server)? Never, or am I expecting too much from NIS2009 and/or Symantec and I'm supposed to doing being something myself, if so what can I do w/o what seems to be a signifcant lack of detail about it (the trojan's date and time of introduction)?
That said, the remainign issue is that my portable chrome's remaining files (on my Vista's flash drive) don't now compare to those of my XP's flash drive (each flash drive has the exact same cersion of chrome on them). Missing from my Vista's flash drive, a result of NIS2009's cleaning, is not only the "chrome_update.exe", but several other files seem to be missing from it's folder.
Other apparently missing files are chrome's "Local State" (it's xtn is undisclosed) and hdmi.ico. As such, in that Chrome's browser stills works (though probably something related to any update feature won't work any longer), I'm left to presume one of several things here.
Assumption one, apparently Symantec doesn't see the need to prompt users when a file can't be cleaned, except by the inference of it's being quarantined and therefore comes up missing (unless it's automatically re-generated by Windows or some other means). So does anyone know if this's the case?
Assumption two, in that since NIS2009 didn't 'clean' the supposedly infected chrome_update.exe and either the trojan or NIS2009 apparently deleted the other two missing chrome files, what am I tpo believe? Should I copy and paste back (the now three missing files) and do so from my unaffected flash drive, or expectedly it'd be wiser to delete the entire chrome folder and simply re-run it's 'ini'?
App's for adding into this mix of issues, my memory, my assumptions and my expectations, but I think they all need addressed and I'd sure appreciate their being nswered and hopefully resolved.
Happ-e-trails to all,
wguru