Hello,
You could try running the SERT Utility on one of the client machines.
If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.
Symantec Endpoint Recovery Tool (SERT)
The Consumer version of this tool is the Norton Bootable Recovery Tool.
The tool is free, so there is no need for a Fileconnect account to download the software.
You could also try working on the steps provided below on collecting the suspicious files and submitting the same to the Symantec Security Response Team.
Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
I would also recommend you to make sure you create a case with Symantec Technical Support.
You could either Create a Case OR contact Symantec Technical Support.
How to create a new case in MySupport
http://www.symantec.com/docs/TECH58873
How to update a support case and upload diagnostic files with MySupport
http://www.symantec.com/docs/TECH71023
OR
Regional Support Telephone Numbers:
- United States: https://support.broadcom.com (407-357-7600 from outside the United States)
- Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
- United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Hope that helps!!