Endpoint Protection

 View Only

  • 1.  How to Remove winlogon.exe Virus?

    Posted Apr 15, 2013 06:59 AM

    Hi,

    I have SEPM 12 on over than 500 pcs and Symentec EndPoint Can't detect winlogon.exe virus in my network, how can i remove the virus??

     

    Thanks 



  • 2.  RE: How to Remove winlogon.exe Virus?

    Posted Apr 15, 2013 07:33 AM

    Hi,

    Please update the system with latest antivirus definition and then.

    To remove Trojan Winlogon.exe ,just download this small utility and run it..
    http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe



  • 3.  RE: How to Remove winlogon.exe Virus?

    Posted Apr 15, 2013 07:38 AM

    Hello,

    Does the system are latest virus defination update ?

    You can download the symhelp tool and collect the data symantec support and also raise support ticket

    Using SymHelp, How to collect Full Support Logs for Symantec Support.

    https://www-secure.symantec.com/connect/articles/using-symhelp-how-collect-full-support-logs-symantec-support

     



  • 4.  RE: How to Remove winlogon.exe Virus?

    Posted Apr 15, 2013 07:52 AM

    Use the Symantec Power Eraser and scan the system. This utility is more aggressive in catching unknown malware.

    If SPE doesn't find anything than you may need to try a third party tool such as malwarebytes or hitman pro. If something is found, than you can submit to Symantec response so definitions can be created.

    Have you submitted the winlogon.exe file to security response yet?



  • 5.  RE: How to Remove winlogon.exe Virus?

    Posted Apr 15, 2013 08:15 AM

    This article may help:

    Eliminating viruses and security risks
    http://www.symantec.com/docs/HOWTO27280

    Also: if you have SEP 12.1, you can increase the sensitivity of the Insight-based heuristics.  That will make SEP 12.1 more aggressive in its approach to unknown files.
     



  • 6.  RE: How to Remove winlogon.exe Virus?

    Trusted Advisor
    Posted Apr 15, 2013 01:32 PM

    Hello,

    You could try running the SERT Utility on one of the client machines.

    If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

    Symantec Endpoint Recovery Tool (SERT)

    The Consumer version of this tool is the Norton Bootable Recovery Tool.  

    The tool is free, so there is no need for a Fileconnect account to download the software.

    You could also try working on the steps provided below on collecting the suspicious files and submitting the same to the Symantec Security Response Team.

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    I would also recommend you to make sure you create a case with Symantec Technical Support.

    You could either Create a Case OR contact Symantec Technical Support.

    How to create a new case in MySupport

    http://www.symantec.com/docs/TECH58873

    How to update a support case and upload diagnostic files with MySupport

    http://www.symantec.com/docs/TECH71023

    OR

    Regional Support Telephone Numbers:

    • United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    • United Kingdom: +44 (0) 870 606 6000

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

    Hope that helps!!