Hi Giuseppe,
I, too, am experiencing the same issue. The suggestion you made is incorrect, as this is not an infection of another machine on a user's network, but on the machine itself.
I have followed all of the Symantec removal instrructions, but it appears this trojan has latched on to the svchost.exe in the C:\WINDOWS\system32 folder, and can not be removed.
This trojan, or at least the one infecting my HP Netbook, attempts to contact a static IP, 174.133.104.203 via an outgoing TCP port. The port itself is not specified in the Security Log. An IP lookup points to theplanet.com as the host provider.
This trojan was acquired while running SEP. Apparently, an uniformed user bought in to a web-popup "virus scan requirement" while viewing unsafe sites. I believe the installer and popup was entitled XP Deluxe Protecor. Though I killed and removed all references to the service, the current and disturbing issue is still at hand. Again, SEP was running and enabled with the default OOB functions when this occurred.
Immediately after being infected by this trojan, I/we received a call from Chase, informing us that over $1,000 of credit card fraud was identified on one of our credit cards in Albania. The scammers had apparently captured financial details, and cloned our card, as several of the transactions were recorded as a swiped card, and the only two cards we have ever had are in our immediate possession, and have not used said cards for over 6 months - fortunately, we were able to verify the illegimate charges rapidly by this fact, in addition, Albania is not one of the countries I currently provide services to, only the UAE, EU, and US.
I am very dissappointed with Symantec for not having resolved this issue to date. I am running SEP 11.0.4202.75, and frankly, I find this absolutely unacceptable. My only recourse at this point is to low level format my Netbook, and reinstall the OS and programs.
If this issue can be resolved in the next week, I will certainly provide any insight or assistance to you. However, if no resolution is available, I will be wiping the entire machine.
Any / all communication would be greatly appreciated... Again, if Symantec has not picked up on this, I have great concern, as well as the corporate sounding board(s) for the international commmunity if no resolution is provided immediately.
hal.dll