Help! Re-direct virus?
Hi,
My computer came under anti-virus protection from Symantec Endpoint Protection (SEP) since Aug 2012. However, recently, about two weeks ago, whenever I used internet search engines (e.g. Google and Bing), my intenet browswers started to automatically re-direct me to www.bts.scour.com and other dubious websites. Despite conducting regular scans on my computer (both before the current spate of redirections, and after the redirections started happening), the problem persists -- it seems that SEP is either not detecting, or failing to remove whatever malicious software is causing the re-direction.
Should I change any of the settings in my SEP in order for it to detect and remove the malware? Or do I need to purchase some other Symantec product? Thanks.
Comments 12 Comments • Jump to latest comment
open a support ticket and ask for analysis of load point logs for suspicious file.
is the system updated with latest definition?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
hi pete, how do i open a support ticket?
my virus definitions are updated as of 5 oct 2012, r18.
Please raised support ticket..
Please contact Symantec Technical Support via the support phone numbers listed below
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp India: Toll-Free 000 800 4401 456 directly
Contact Symantec Customer Care on
http://www.symantec.com/support/assistance_care.jsp
OR
Technical Support
http://www.symantec.com/business/support/contact_techsupp_static.jsp
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
do you have a support id? if yes that needs to be mentione dwhen you call toll free no.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Pete,
i'm afraid I don't know what's the support ID for my SEP. I would have to ask my IT department for it when the working week resumes on Monday.
may be you can check this registry entry
HKey_Current_User\Software\Microsoft\Internet Explorer\Main\start page and if it has suspicious entry delete it.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks, Pete, but I'm afraid I'm not really an expert with computers, and I don't know where to look for registry entries.
Should I just ask my IT department for help if Symantec cannot help at this stage?
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Is your system infected? Symantec tools to help clear an infection
https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection
Check this thread:
https://www-secure.symantec.com/connect/forums/virus-cleanup-exercise
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thanks, Aishish!
I'm running the SEP support tool now. when the data collection is complete, do i post the results directly in this forum, or should i email it separately to symantec? The reason I'm asking this is because I don't know if the data search will disclose any sensitive private info that should not be posted in a public forum like this?
Hi,
Check this thread
https://www-secure.symantec.com/connect/forums/browser-redirected-unwanted-site
Unwanted web sites display
http://support.mozilla.org/en-US/questions/697610
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello,
Plan of Action -
1) Disable the System Restore http://support.microsoft.com/kb/283073
2) Disable the Browser Helper Objects on all Installed Browsers
3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.
4) Login to the machine as a Different User and check if this issue is occurying?
If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.
5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Also, Check these Threads with similar issue -
https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page
https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
If you're using a router, make sure that the router settings for DNS are correct for your ISP. I have seen this happen, where the DNS entry was changed to one in a (shall we say) distant land and redirecting in the manner you describe. Nothing malicious was actually on the affected computer.
If the DNS entries are incorrect, change them to the correct ones... and then change the password on your router.
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Would you like to reply?
Login or Register to post your comment.