[Orbitton]

I currently have AVG anti-virus (free) and a no longer updating version of Norton anti-virus installed and running on my computer. I know 2 of these programs can cause conflict, thats why I want to uninstall norton.

However, every so often, I get a notification (from Norton) that a trojan horse (Deep Throat) was blocked from entering my system.

I ran scans with AVG, Malwarebytes, Spywareblaster and spybot, and at the moment they are all telling my my computer is clean. I also have ZoneAlarm installed, but it's still Norton blocking the trojan.

I was wondering if I could get some advice about what to do here.

Are AVG and Norton really prone to conflict?
If I unistall Norton, will ZoneAlarm cover this blocking routine?
Do I need any additional Security programs?
Should I be carefull about any other possible conflicts?

[JAP1st]

Hi, I'm personally not very fond of Norton products, I believe they are quite intrusive, resource demanding and inaccurate (naturally this opinion will vary from one user to another).

I would recommend you to try to find out the location of this suspected trojan in your system (by means of Norton logs or something similar). If you manage to detect it, you can either scan it with many installation or online threat scanners, or you can try to manually quarantine it (change extension, change directory, etc.) and see if Norton stops detecting it or if it was essential to any trusted program. You should also try HijackThis for a deep scan.

After you get rid of this concern, you should uninstall Norton (I shall guess you talk about Security Suite or Systemworks) and compensate its functions with several programs, which I particularly like (and I see you have some of them too):

Firewall: Comodo Firewall Pro - it's free, regarded as one of the best software firewalls today, with quick learning curve and an easy GUI for beginner or advanced configuration. I used ZoneAlarm some time but I did not keep it for a long time (I cannot remember why, but I did not feel quite satisfied with it).

Antivirus: Avira or AVG - both have free versions which are quite good, also widely recommended. I don't know about the latest AVG version, but Avira also includes an anti-rootkit scan option.

Antispyware: Spybot and Spyware Blaster which you already have.

If you are almost paranoid about your security, then you can also get Keyscrambler (an anti-keylogger) and JonDo (a proxy anonymization software to prevent spies from getting your real IP address).

Of course, you should only keep one software of every kind to avoid conflicts (perhaps except for the Spybot-Spyware Blaster combination). I don't know if I'm missing any security hole, but I believe this personalised bundle should cover the most affected areas of computer security. I hope it helps.

[Orbitton]

Thanks for the rapid response, I'm feeling safer already .

But I think I may have miscommunicated something (if I'm wrong, feel free to correct me). Every so often, Norton gives me a warning about an external adress trying to acces my computer (Not sure I formulated this right, but I think this best conveys my concern.), namely "Deep Throat", which is then blocked by some part of Norton. I've already scanned my computer several times, with the aformentioned software(s), but as far as they tell, it's not a matter of an infected file.

My question therefor still remains unanswered: If I uninstall Norton, will who/whatever is trying to get into my computer, still be blocked off by my firewall?

[JAP1st]

Oh, I get it now. The warning coming from Norton is about an external intrusion to your system from a specific IP address and which is being identified as "Deep Throat" by Norton itself.

According to Symantec's technical details for the DeepThoat.Trojan is a trojan horse which adds itself to the infected system's registry and lets others gain full access to the system through a network connection. Apparently, the reason why you cannot detect the threat with other applications is because it is supposedly not in your system yet, being blocked by your Norton application's Block Rule DeepThroat. It also states that Norton products have different notifications: 1) for the attempt to download DeepThroat (specifically notified by Norton Firewall) and 2) for the actual infection inside your system (specifically notified by Norton Antivirus) (http://www.symantec.com/security_res...121423-3801-99).

Thus you should make sure which of those notifications is the one being reported, since possible measures will be different (prevention/disinfection). Depending on the type of notification, you have two different security risk levels and measures to take: in case 1 (attempt of download) your risk is relatively low and one of the measures you should take is make sure that the web pages you visit or the emails you receive are safe (it could also be any file being downloaded by a P2P application); in case 2, however, you are dealing with a bigger threat because now you are at risk of being compromised by an actual hacker, and your measures should be the same as for case 1, plus running a trojan-specific removal software (I just found one which seems to relate to DeepThroat.Trojan although it is quite old: http://www.privsoft.com/archive/psc-dt.html) and adding a rule to any firewall you have for blocking any incoming connections from the IP address specified by Norton's notification (if it does not show one try to get it by means of Norton logs).

As for your question about being safe if Norton is uninstalled, in theory any good Firewall (ZoneAlarm included) should be capable of detecting the threat (either case 1 or case 2) because we are talking about a rather popular infection and they will detect the malicious code. Nevertheless, you could not be 100% sure of it unless you found a proof (usually a test) in which two compared Firewalls (Norton vs. ZoneAlarm in this case) were able to detect that specific trojan. I guess you could find more information about it by searching Norton ZoneAlarm DeepThroat trojan on google or by checking the technical databases of ZoneAlarm.

In conclusion, you should first make sure you're not infected with it (although it is rather unlikely since other applications did not detect it). After you made sure of it and took the proper measures, it will be your personal decision to stay whether with Norton Firewall or with Zone Alarm (I think any of them should provide you with the proper protection) but only one of them because they can cause interference among themselves if active simultaneously. If you choose ZoneAlarm, you could try a monitoring period of a few days to test its detection capabilities for this specific trojan.

Here are two forum posts related to DeepThroat.Trojan's detection and removal that may be of your interest:
http://www.techspot.com/vb/all/windo...-Possibly.html
http://www.techspot.com/vb/topic58138.html

I hope this time I addressed your question and that it may be of help to you. If you still have the doubt I am afraid I'm not able to help you anymore, because I can only give you recommendations; you would then need the help from someone who has actually dealt with the DeepThroat.Trojan. Have a nice weekend.

[TOGG]

Generally speaking, being advised by security software that something has tried, and failed, to get into your system is good news. In your case there are some points that require investigation/clarification;

1. If you have a 'no longer updating' version of NAV which also has firewall capability, then you probably have a version of Norton Internet Security. You need to clarify exactly what is installed, perhaps by checking your Add/Remove list and seeing what Norton/Symantec entries there are.

2. You have AVG and Zone Alarm installed and, presumably, running at startup. That in itself could cause problems if the Symantec product is also trying to monitor everything, the others are, including the possibility of 'false positives' ie; the 'intrusion' attempt Norton is reporting could be the result of 'normal' operations by your other security software. I'm not saying that that is the case, but it is a possibility that can't be eliminated until you make the choice between the various security software you are currently using.

3. Your earlier posts suggest that you are aware of the problems this duplication can cause so I can only agree with JAP1st that you 'bite the bullet' and look into getting rid of Norton/Symantec or decide to renew your subscription and uninstall the free programs. If you decide to remove NIS/NAV you may, subject to which product you have, need to use an uninstaller that Symantec provide on their website.

You might also get some further reassurance about the current status of your system by running some online scans, including this one; http://www.eset.eu/online-scanner (be sure to read the Terms of Use).

[Orbitton]

Thank you both for your responses, and the incredible amount of information you provided me with.

Just for the sake of getting it right, I'm gonna 'answer' the possibilities you stated (in order). And if I'm wrong (or right) I'd love to hear it.

I've checked my Norton-logs in an attempt to find the IP-adress from where the intrusion is coming from. It says its 10.0.0.254, which, after googling it a little, would lead me to beleive its the router. I'm not sure completely blocking my router would be a good thing, so I don't think I can simply block the IP-adress.

I've tried googling for DeepThroat several times, but as far as I can tell, every hit seems to be because Norton detected it on someones computer, so as you say, I can't be 100% sure it will be blocked by ZoneAlarm. However, if it does enter my system, it should leave a file on my computer, ticking off nearly every other program I have, so I think I can feel (mostly) safe.

I think I'm gonna try uninstalling Norton then, which seems to be simple enough, as the Symantec website simply instructs the use of the Add-Remove panel. If it does seem to be the case that DeepThroat gets in, then I'll try Comodore, and if that fails too, I'll simply come back here to ask for further instructions.

As for the clarification to my version of Norton: It's Norton AntiVirus 2006, of which my subscription expired 1 year ago, which means I no longer get viral-definition updates.

About AVG and Zonealarm, I assume you mean they don't conflict with each other, since one is firewall and the other is Anti-virus software, but that they both conflict with Norton. You are also right in that I already know this (at least the part of AVG and Norton, I hadn't thought of ZoneAlarm and Norton yet), which is why I want to uninstall Norton, leading to my initial questions.

Sorry if I sound like being a pill, I just want to make sure .

[TOGG]

I think the problems with Norton/Symantec uninstallations are mainly caused by people attempting to reinstall or upgrade their products afterwards. If you are not planning to use any Symantec products in future, Add/Remove may do a good enough job (although you could be left with hundreds (if not thousands) of entries in your Registry!) Not that that would be a serious problem.

I obviously misunderstood your reference to the alerts you are getting because it seemed like firewall type information to me, but the last NAV version I had was 2002 or 2003 so things have obviously moved on since then. I have no idea if NAV and ZA actually do conflict if there's no firewall element with NAV but if you're behind a router and have a software firewall, you should be fairly well protected.

[Orbitton]

Thank you very much for your help. I have now officially 'bitten the bullet', and with a bit of luck it won't bite me back .

That is to say, I've uninstalled Norton from my system, and should now be free of any false detections. (well, free'er' anyway).

I won't press the solved button just yet though. I first want to be sure the problem is really solved, which, sadly, only time can tell. But either way, I really appreciate all you've done .

[TOGG]

I'll keep my fingers crossed (it can't make my typing any worse)!!