Hey Hey,

*This belongs in both AV and Adware/Spyware Discussions... I picked this forum.... but a lot of the processes are Network Aware Adware... remember the below machine was used for no surfing... everything that appeared did so on it's own*

As many of you may know from my posts, convos on AIM, IRC and MSN, or from PMs.... The network at the college where I work is plagued with viruses... We were curious to see exactly what we were dealing with... so I created fresh machine... After spending a few hours trying to locate a Windows XP CD (everything we had was SP1 Slipstream).. I installed it and immediately turned off Automatic Updates... I also ran Pest Patrol, just to ensure there was nothing listed off the default install..

Over the course of the next 7 days, the test box was connected to 4 different VLANs... two representing Residence Traffic and two representing traffic from our IT Division (The majority of IT students are in a laptop program and have network access in every class).

I was really surprised to find that halfway through, after spending time on the Residence VLANs... that there were only two virus connections... Considering we see patched computers with double and triple this number of infections, I was very confused... I rebooted the machine and low and behold.. approx 10 additional processes appeared on boot. The machine spent the rest of it's week on the IT VLANs and picked up a few more viruses...

I created a ghost image of this infected machine, and started doing my testing.. So far I have ran:
Sophos Anti Virus
eTrust Antivirus (Our coporate solution)
ClamWin
AVG Professional
Norton AV 2004
Trend Micro Housecall
CA Pest Patrol Online

I have created an Excel sheet comparing the products and then breaking down what each found... In addition I've detailed which processes were running, and then hunted down the binaries of all non-MS applications that were listed.

I have plans to include:
McAfee
PC-Cillin
AdAware
SpyBot
Panda AV
HiJack This! Log files
and anything else anyone suggests.

I am attaching the Excel sheet and also the 'questionable' binaries... Any passwords you run into will be 'antionline'... The zip contains two files... another zip with the questionable binaries and the Excel sheet..

Anyways, hopefully this will be useful or at least interesting to some of you.

Peace,
HT