Endpoint Protection

 View Only

  • 1.  Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 09:02 AM

    Here is an example. I had someone who had something called I believe "Internet Security Pro" Everything I had attempted to transfer and installed was killed by this including NPE. I had to have the user take the PC off of the network and run NPE in order to remove the garbage. What I would like to do is kill that process and NOT permit it to restart but no matter what I did, that things kicked off the dirt, came back on and contunued to wreak havoc. Since we are in different sites, going through Safe mode is not that good of an option.

    Any ideas, suggestions ?

     



  • 2.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 09:13 AM

    You can use Process Explorer.

    If you try to start PE and if the malware kills it, simply rename the PE executable to a known Windows process like svchost.exe or explorer.exe and try running again. It is usually successful and you can kill the malicious process.

    The malware is coded to not kill important Windows processes so this usually works.

    Have you tried running Symantec Power Eraser to see what it does?



  • 3.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 09:34 AM

    When the NPE was run, the PC needed to be taken off of the network. Otherwise the process killed it. I do not know if it was NPE or the Malware, but one of these also resulted in killing the BFE service, and without that service, SEP will not install. As for the BFE, I have tried different things and have not been able to repair it. The only things I can think of in order to try to get it restored are Windows System restore, or a re image. These are things I really want to avoid doing. This is the 2nd time I have had an issue with BFE and I do not know what caused the damage to it, but I want to be more careful about removing processes or running utilities that can potentially knock out this service.



  • 4.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 09:58 AM

    Rapid realese will help you.



  • 5.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 10:15 AM

    Hello,

    take a sample of the threat, submit it to http://www.threatexpert.com/ you will receive a report which shows you how that threat modify the system, what are the used external URL's, etc. once you know those things, you will be in a better position to manually stop it (remove related registry keys and files, block malicious URL's, etc.).

    A scan for security risks with our SymHelp tool might help you too.

     



  • 6.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 01, 2013 11:48 AM

    I will try this, but I need to isolate it, then be able to copy it.



  • 7.  RE: Are there any tools that can override what a malicious virus/malware can do when it stops processes

    Posted Jul 02, 2013 07:07 AM

    Yep, try to isolate it by using our risk scan done by the SymHelp tool.