Hi, I am running Windows 7 32-bit PC installed with Symantec endpoint protection small business edition 10-user licesed active. I found out my pc is always scanning and analyzing two particular viruses AXlove_install.exe & mdhivw.exe and cannot clean them which made it impossible to work on the PC as it is now very slow on response. Then I installed Norton power eraser but it failed to clean these 2 viruses.

Please help me cleaning the viruses.

You can scan your system with the help of symhelp tool if symhelp tool does not help you can submit your submission file Symantec Security Response Team.

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

http://www.symantec.com/business/support/index?page=content&id=TECH215519

How to run Symantec Power Eraser with the SymHelp utility

Upload a suspected infected file (Retail)

https://submit.symantec.com/websubmit/retail.cgi
How to submit suspicious files via the online submission form that have been quarantined by Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV)

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Run the analysis scan and submit report to symantec

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

You can submit the suspected file to symantec for analysis

https://submit.symantec.com/websubmit/retail.cgi

since your machine is infected and you are unable to do any work, the first thing I would say is to Install MalwareBytes and run a full scan.

Or Submit the samples , symantec will release defs for it.

I tried with symantec Help v2.1 but it could not detect the virus

You can submit that file to symantec

zip the file and upload

https://submit.symantec.com/websubmit/retail.cgi

I tried NPE again see the result, it still failing to clean it. Please help

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH215519

Security Response recommendations for Symantec Endpoint Protection 12.1 settings

http://www.symantec.com/docs/TECH173752

Security Response recommendations for Symantec Endpoint Protection 11.x settings

http://www.symantec.com/docs/TECH122943

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

How to scan in safe mode with Symantec Endpoint Protection 12.1 RU1 MP1 and earlier

http://www.symantec.com/docs/TECH176971

Scanning in Safe Mode is no longer possible with 12.1 RU2 and later

http://www.symantec.com/docs/TECH205872

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Symantec Endpoint Protection – Best Practices

http://www.symantec.com/page.jsp?id=stopping_malware

Hi Moinul Haque,

Is SEP detecting those two files?  As what?  Can you copy the risk report entries here into this thread?

I recommend isolating that computer immediately and getting those files submitted. See the following article for more information:

Best Practices for Troubleshooting Viruses on a Network
http://www.symantec.com/docs/TECH122466

If they are detected but cannot be deleted by a full system scan there are a few tools and trick that can help.  &: )

Many thanks in advance,

Mick

Dear Mick

Thank you for your response.

SEP is detecting those two files but can't clean or quarantine them. These files are sometimes visible in a folder in C Drive but cannot copy or send them to you.

As reviewed all the links provided above and followed the steps to clean the viruses. I tried both NPE and SymHelp, both can detect the viruses as trojan but cannot remove or quarantine them.

After struggling for a weak I had no choice but to format the HDD and reinstall windows to get rid of the viruses.

Now I have very important questions:

The SEP client is again installed in that PC and now running virus free. I checked the protection settings and found ok. I left the default settings which covers all. Do I have to take any other precautions so that the PC is not infected again with same viruses.

Regards,

Moinul

Hi Moinul,

Many thanks for replying and keeping the thread up-to-date!  Yes, sometimes reformatting / reimaging a computer is the swiftest, most certain way to ensure it gets clean.

This article has a lot of good advice- please do make sure that your organization's defenses are in good order.  There are some extremely destructive threats in circulation.

The Day After: Necessary Steps after a Virus Outbreak
https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

Stay safe!!! &: )

Mick

Hi Moinul,

Just checking if there is anythign else needded on this thread?  It is still marked "needs solution."

Please do update, when time allows!

Mick