Our office runs Symantec AntiVirus 10.1.0.394 on Windows 2003 SBS that pushes out to Windows XP pro machines. Viruse definitions were last updated (at time of this message) on 12/31/2010 rev. 2.
One of our users had a pop up yesterday (Monday) from Quick Scan that reported "Adware.lop" and the file "winlogon.exe". We haven't been in the office since Thursday. It could not quarrantine the file nor delete it.
I searched through Google and ended up at a Symantec website that shows instructions for manually removing it, here:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-092919-5421-99&tabid=3
The instructions were to reboot into safe mode, run a full scan, whatever was found have it deleted. When I reboot normally I might get some error messages, because that file was deleted. I'm supposed to say OK to the errors, then I needed to go into the registry and remove some stuff pertaining to that.
The file was deleted, but upon reboot I got another message from Quick Scan for the same thing.
If that page is correct (and I do have adware.lop as Symantec tells me) then I think one is wrong.. because none of the stuff on that page is even found. That page says to go to the application data folder and find some randomly named .dll file. Nothing suspicious looking there.
That page says to search the registry, and when I do I find 2 instances of winlogon.exe, but isn't that also a legit file from Windows, or should I get rid of those?
I can run other software if needed as we all have admin rights, so I can run HiJack this or something.