Video Screencast Help

How to delete

Created: 01 Apr 2011 • Updated: 29 Jul 2011 | 5 comments
This issue has been solved. See solution.

Hi,

 

A firus was affected my system. How to delete that one. Is there any particular available?. How have to solve this..what do i do?

 

Comments 5 CommentsJump to latest comment

Chetan Savade's picture

Hi,

Symantec has detected infection W32.Rontokbro@mm.

Check what action Symantec has taken place.

If it's quarantine & you want to remove it then I would suggest scan the machine in safe mode & check.

http://www.symantec.com/security_response/writeup....

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

What version of SEP are you carrying?

Checking it carefully, found this:

 

Your Symptoms looks very similar to these as below:

You run a scan multiple times and it continually finds threats previously quarantined in C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine. A full system scan will find the files and claim that it successfully quarantined the file but will be found my another full system scan in the same location.

Cause: Unknown. It is suspected that the SRTSP is a middle point for the main quarantine typically located in C:\Documents and Settings\All Users\Application data\Symantec Endpoint Protection\Quarantine 
 
Solution:

Disable the System Restore from the Machine.

When trying to access C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine you will probably get an access denied.

  1. Right click on the folder, go to Properties then Security.
  2. Add the user who is currently logged on with Full Control.
  3. Open command window (Start > Run > cmd).
  4. At command prompt, navigate to the directory (cd "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine")
  5. Delete all files by typing the command del *.* and hit enter.
  6. Restore the default privileges by removing the user added with Full Control.
  7. Initiate a full system scan.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Mithun Sanghavi's picture

Hello,

Once you have worked on the Above Steps, I would recommend you to follow the steps provided int he article below:

 

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 
 
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
 
By following this above steps, we are ensuring that there should not be any Files left away which symantec is not detecting. And if there is any, the same should be submitted to the Symantec Security Response Team.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kp.ashok87's picture

hi mithun,

 

in vista, how to access the SRTSP location. and why should we stop the system  restore point. because, everyone says , to stop system restore point and do full scan in safe mode. thats why i am asking

pete_4u2002's picture

open the regedit and browse to the path to know the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\SRTSP\Parameters

 

And regarding the system restore, the AV does not scan system restore.