Endpoint Protection

 View Only

  • 1.  hide_evr2.sys 9129837.exe and other files not found but hanging during scan

    Posted Jun 08, 2010 12:22 PM
    Hi,

    I checked the old forums and found a closed thread with a related topic but the solution was not clear to a neophyte like me.   When I scanned my laptop (Dell XPS M1330 with Windows Vista Small Business), Symantec Endpoint Protection hangs for a while, perhaps 10 seconds or so, on some of the following file   9129837.exe, hide_evr2.sys, VirusRemoval.vbs, NewVirusRemoval..vbs, dll.dll, alsmt.ext, and _epnt.sys.  It does this if a run a scan that I set up to run on a new thumbnail drive and it does this even if the thumbnail is not plugged in.  It doesn't seem to do this if I can only the c drive.  I've check for problems with symantec endpoint protection and also with Microsoft Security Essentials and Malwarebytes Anti-Malware.  They found nothing and I can't find anything by searching for hidden files.   Next I tried microsoft's rootkitrevealer.  It (rootkitrevealer) finds 279660 (or so) discrepancies and the interface is so glitchy after that I can't really figure out what is going on.  The screen is squirrelly.   The rootkitrevealer pulls up many files in the folder \programdata\applicationdata and there are numberous appended \applicationdata on the end of that as well.  

    If anyone can provide me with advice on how to proceed I would appreciate it.  I have really important research data on this laptop.  Also, is there a safe way to get those data off the machine?  Thanks.


    Concernedly yours,


    Jack 


  • 2.  RE: hide_evr2.sys 9129837.exe and other files not found but hanging during scan

    Posted Jun 08, 2010 12:32 PM
    Thats when the product is scanning for those files, sometimes you will see different messages even virus names even though they are not there its just scanning for the files/virus etc.

    I would use GMER for a rootkit tool rather than rootkit revealer, rootkits are going to look for common tools like that and make them not work correctly.


  • 3.  RE: hide_evr2.sys 9129837.exe and other files not found but hanging during scan

    Posted Jun 09, 2010 02:32 AM
    Hi Jack,

    If there are specific files on your laptop that you are concerned may be malicious, I recommend that you submit them to Symantec Security Response for analysis.  If they are clean, you will receive a mail confirming this.  If they are malicious, then new signatures will be written to remediate them.

    Alternately, submit the files for a quicker automated analysis on threatexpert.com.

    Best of luck!!

    Mick


  • 4.  RE: hide_evr2.sys 9129837.exe and other files not found but hanging during scan

    Posted Jun 09, 2010 04:17 PM

    Hi Koosah.

    Based on the symptoms should I not be concerned or should I try running GMER and seeing what happens? 

    Thanks,

    Jack

     



  • 5.  RE: hide_evr2.sys 9129837.exe and other files not found but hanging during scan

    Posted Jun 09, 2010 04:28 PM
    GMER is also a good Rootkit remover..However if it doesn't find it you can alway browse to a rootkit and delete it using IceSword


  • 6.  RE: hide_evr2.sys 9129837.exe and other files not found but hanging during scan
    Best Answer

    Posted Jun 09, 2010 04:31 PM
    If you want to run GMER based on the names you saw while running the scan I would say its not needed. I can watch my scans and see the same names popup, on a lower powered system you can see even more as they will not flash past as quickly. I have talked with security response regarding this when another customer was concerned. If you feel you have an infection, run the support tool with the loadpoint selection checked and see what shows up as an error. It should show files that are suspect in red and allow you to collect them into one location so you can ZIP and upload to the symantec web submission site.

    Hopefully this answers your question!