Can anyone confirm the existence of any stealth virus that undermines the antivirus engine and alters the definition date reported as to appear current? We are seeking info on a documented instance for this characteristic for insurance purposes.

This is the symptom reported as the original condition for a network we are working to clean up. Forensic data was gone before we became involved and current log information shows only typical adware / spyware. We've introduced clean systems and have innoculated each system prior to allowing it back in the network.

Symantec Corp Edition rel 9 was running with the System Center Console for management. Avast, Spy Sweeper, and Pest Patrol have all been used in the remediation.

Thanks in advance,

jb

Of course there are viruses/worms/trojans that exist to shutdown antivirus programs and sometimes even uninstall them, but I'm not quite sure if there is a virus that can change the definition dates on your antivirus program.

I haven't heard about a virus with these symptons and I'm not quite sure if its possible, because it obviously depends on the antivirus program. If the dates are just stored in a single file, then this is likely to be exploited, but if they are built into the definition files which have been compiled, then its not going to be as easy.

Sorry I don't know anymore.