Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Auto Protect fails to clean files in Recycle bin Trojan.Zbot

Created: 08 Jul 2013 | 9 comments

I am running SAV 10.2 and Auto protect shows Risk: Tojan.Zbot

Action: Reboot Required, Original Localtion something like: c:\$Recycle.Bin/S-1-5-21-77533676-1963069347.....

I rebooted the system several times but this message keeps popping up.

I cleaned a spyware using Malwarebytes and since then it seems to show popups about the above file locations. When I try to delete the file permanently autoprotect give message:

Symantec AntiVirus cannot perform this actin on 1 of the files you selected.

Possible causes:

The files have been removed or deleted .....

------------------------------------

I have cleaned the recycle bin but autoprotect messages keeps popping up.

I have rebooted the system many times to no avail.

Any guidance?

Thanks a lot

 

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Judging by the message, did you delete the recycle bin contents?

Also, just as an fyi, SAV is EOL. You should consider moving to SEP as it has much better capabilities.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SafetyFirst's picture

Hi Brian: I did not explicitly removed the files. However I after seeing the message I tried to empty the recycle bin and several files were removed from there. Right now I am using SAV so is there a cure for this?

.Brian's picture

Assuming the items have been deleted (either by emptying the recycle bin or SAV) have you tried running a scan again or does it come up all the time?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SafetyFirst's picture

Is it an interactive run since it warns it can remove some legit programs. Is it possible that I first review what it will do before it actually erases anything. I don't want to be in a situation where I loose my system. I am only  a computer user and don't know many intricacies of these tools.

Thanks

.Brian's picture

It will mark the items as suspicious and allow you to delete them or keep them.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SameerU's picture

Hi

Request you to please upgrade to latest version SEP 12.1.3

Regards

 

Mithun Sanghavi's picture

Hello,

Is this happening on 1 of your client machines?

In this case, you may like to go ahead with SERT Utility OR Symantec Power Eraser Tool.

Check these Articles:

Symantec Endpoint Recovery Tool (SERT)

Symantec Power Eraser using Symantec Help (SymHelp) Tool.

Secondly, Are SAV 10 clients running with latest definitions and carry all the latest Microsoft updates and security patches?

Run a scan in safe mode with networking to remove the virus.

Could you zip each of the filesand submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Also, check this Article:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

On a Kind Note: Please migrate to the Latest version of SEP 12.1 as SAV 10.x is already a End-of-Support-Life (EOSL) from July 4, 2012.

Virus definitions, maintenance updates, and technical support will no longer be available for this product.

The recommended upgrade path is to replace SAV 10.x with Symantec Endpoint Protection 12.1 (SEP 12.1). More information.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.