<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.5296.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>Is anyone else
seeing/experiencing this?</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>A customer of mine
stated that Microsoft AntiSpyware updated its signature files between 2/9 and
2/10 to signature version 5805.</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>When it scanned each
system it found a Trojan called PWS.Bancos.A (Password Stealer) - Level:
Severe</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>When it quarantined
the bug, it also rendered the Symantec Anti-Virus helpless. The
Rtvscan.exe kicks up to 100% CPU utilization.</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>The only way to stop
it is try to end process in task master or reboot the computer system.
Either will release the CPU however, how the</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>Symantec Antivirus
is corrupt and not usable. </FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>My take on what has
happened:</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2><speculation></FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>The PWS.Bancos.A
virus was apparently distributed with the Bagle worm, it attacked and shut down
Microsoft AntiSpyware as well as deleted executable files and killed running
processes for anti-virus software. </FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>It appears that MS
AntiSpyware incorrectly identified some parts of Symantec's AntiVirus as being
the trojan and then went to delete the infection. Once deleted, It threw
Symantec AV into a tailspin causing 100% CPU utilization wherein upon
reboot or killing the offending task, SAV was rendered useless and needing to be
reinstalled.</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></speculation></FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>Microsoft very
quickly released signature version 5807 to correct the
mistake.</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial size=2>Anyone else seeing
this?</FONT></SPAN></DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=428500721-10022006><FONT face=Arial
size=2>Joel</FONT></SPAN></DIV></DIV></BODY></HTML>