Hi Folks,

So I recently took over as admin and it seems that I took over an infected network, not sure where it started, nor have I completely isolated all infected machines yet although that is a work in progress.

The hardest part to swallow is that I first became aware of this when users started reporting not being able to open their usual files (.xls, .doc, .pdf). My concern is that the backups have either not been running properly or are infected as well.

I'm hoping there as a way to reverse that damage?? 

Anyone else dealing with this P.I.T.A.!!

Any help is greatly appreciated.

Thanks in advance for your replies.

You can try running a full scan on the infected system(s)

SEP does have a clean option but there will be times it cannot clean the file.

What was the action taken?

There is not a possiblity to recover the file.

To clean the virus, run the tool to collect the suspicious file and submit to symantec

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Best practices for troubleshooting viruses on a network 

http://www.symantec.com/docs/TECH122466

Hi Brian, and thanks for the quick reply.

Aside from scanning the networked machines starting with the users that reported the problems (with SEP and MalwareBytes), I'm in the process of running an offline (safe mode) Full SEP scan on the file server where the majority of the damage seems to have occured.  I'm able to tell that it looks like the damage has propagated thru network shares.  Right now I'm just hoping and praying that the corrupt files can be un-corrupted and brought back to their original working state.

I'm more concerned about recovering the damaged files than I am over containing the outbreak.

if the scan does not recover the file , it cannot be reused.

run load point on the machine and work with the technical support.

Do you have SEP configured to try and clean first?

Have you been able to restore from backup?

Check this articles

Eliminating viruses and security risks

Using SEPM Alerts and Reports to Combat a Malware Outbreak

https://www-secure.symantec.com/connect/articles/using-sepm-alerts-and-reports-combat-malware-outbreak

Hello,

W32.Changeup!gen44 is a heuristic detection that may include members of the W32.Changeup family of threats. 

Check these Articles:

How to clean up a W32.Changeup infection

http://www.symantec.com/docs/TECH201560

W32.Changeup keeps on giving

https://www-secure.symantec.com/connect/blogs/w32changeup-keeps-giving

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Secondly, I would appreciate if you contact Symantec Technical Support and create a case.

Check these Steps below:

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

• United States: https://support.broadcom.com (407-357-7600 from outside the United States)
• Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
• United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...