A client of mine is receiving the following error message as a callout to the Symantec Endpoint Protection icon located in the notification area of a computer running Windows XP SP3:
<!> Symantec Endpoint Protection
[SID: 24014] System Infected: Trojan Bayrob Activity 2 detected.
After combing the Symantec site for information regarding this potential Trojan, I see no telltale signs of its existence. First, it is indicated that the Trojan creates a Windows Update service with corresponding registry changes - this does not exist on the machine in question. Additionally, none of the other telltale registry modifications associated with this Trojan seems to exist. I've run a full system scan using Endpoint and it turns up nothing. The above message occurs at minute intervals, meaning one minute of the message on the screen and one message with it not, with the capability to close the message; but, clicking on the message does not reveal any additional detail.
A screen capture of the desktop with this message is shown here:
I am at a loss where to go with this one, as there isn't much revealing within support on this site or the web.
Specifications for Endpoint:
Version: 11.0.2020.56
Antivirus and Antispyware protection: Wednesday, July 13, 2011 r24
Proactive Threat Protection: Wednesday, July 13, 2011 r219
Network Threat Protection: Wednesday, July 13, 2011 r1
The Quarantine and log areas show nothing. A full system scan reveals no infections.
Any help you can provide me is greatly appreciated!
Thanks,
Culprit