Video Screencast Help

Help! Re-direct virus?

Created: 05 Oct 2012 | 12 comments

Hi,

My computer came under anti-virus protection from Symantec Endpoint Protection (SEP) since Aug 2012.  However, recently, about two weeks ago, whenever I used internet search engines (e.g. Google and Bing), my intenet browswers started to automatically re-direct me to www.bts.scour.com and other dubious websites.  Despite conducting regular scans on my computer (both before the current spate of redirections, and after the redirections started happening), the problem persists -- it seems that SEP is either not detecting, or failing to remove whatever malicious software is causing the re-direction.

Should I change any of the settings in my SEP in order for it to detect and remove the malware?  Or do I need to purchase some other Symantec product? Thanks.

 

Comments 12 CommentsJump to latest comment

pete_4u2002's picture

open a support ticket and ask for analysis of load point logs for suspicious file.

is the system updated with latest definition?

Symantec KJ's picture

hi pete, how do i open a support ticket?

my virus definitions are updated as of 5 oct 2012, r18.

Ashish-Sharma's picture

Please raised support ticket..

 

Please contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp   India: Toll-Free 000 800 4401 456 directly                                                                                                       

Contact Symantec Customer Care on 

http://www.symantec.com/support/assistance_care.jsp

OR 

Technical Support

http://www.symantec.com/business/support/contact_techsupp_static.jsp

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

do you have a support id? if yes that needs to be mentione dwhen you call toll free no.

Symantec KJ's picture

Hi Pete,

 

i'm afraid I don't know what's the support ID for my SEP. I would have to ask my IT department for it when the working week resumes on Monday.

pete_4u2002's picture

may be you can check this registry entry

HKey_Current_User\Software\Microsoft\Internet Explorer\Main\start page and if it has suspicious entry delete it.

Symantec KJ's picture

Thanks, Pete, but I'm afraid I'm not really an expert with computers, and I don't know where to look for registry entries.

Should I just ask my IT department for help if Symantec cannot help at this stage?

Ashish-Sharma's picture

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Check this thread:

https://www-secure.symantec.com/connect/forums/virus-cleanup-exercise

Thanks In Advance

Ashish Sharma

 

 

Symantec KJ's picture

Thanks, Aishish!

 

I'm running the SEP support tool now. when the data collection is complete, do i post the results directly in this forum, or should i email it separately to symantec?  The reason I'm asking this is because I don't know if the data search will disclose any sensitive private info that should not be posted in a public forum like this?

Mithun Sanghavi's picture

Hello,

Plan of Action - 

1) Disable the System Restore http://support.microsoft.com/kb/283073

2) Disable the Browser Helper Objects on all Installed Browsers

3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.

4) Login to the machine as a Different User and check if this issue is occurying?

If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.

5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also, Check these Threads with similar issue - 

https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page

https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

sandra.g's picture

If you're using a router, make sure that the router settings for DNS are correct for your ISP. I have seen this happen, where the DNS entry was changed to one in a (shall we say) distant land and redirecting in the manner you describe. Nothing malicious was actually on the affected computer.

If the DNS entries are incorrect, change them to the correct ones... and then change the password on your router. wink

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help