Video Screencast Help

MEMkeymonitorprogram on windows xp pro task bar

Created: 13 Jan 2012 • Updated: 02 Feb 2012 | 3 comments
This issue has been solved. See solution.


We recently purchased Symantec Endpoint Protection SBE for our company and we are now facing what i believe is our first security issue. Now Endpoint Protection has not shown any detection warnings but it has shown a NT Kernel modification warning, asking us if we want to allow it network access. All this sounds like a virus / spyware to me but i found no information on this issue after searching on google.

Our computers are all Windows XP Professional, except the server that is Windows 2003. Because of an ERP software we use, all users are Admins. All security patches have been applied and our Symantec Endpoint Protection SBE is set to full scan every single day. No problems have been detected before this. The affected user reports that he has not installed nor updated anything recently on his computer.

Has anyone faced this issue before? How do we solve it? Would a system restore take care of it?

Thanks for the help.

Comments 3 CommentsJump to latest comment

Thomas K's picture

Hi Rick,

It is very possible you have a new threat or variant of an existing threat on this system.

See this article first -Best practices for troubleshooting viruses on a network

I would start with downloading the latest Rapid Release definitions.

Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc.

Perform a full system scan in safe mode.
If that fails to detect and remove the threats, there are some useful tools that are provided by Symantec for help with finding those hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

Power Eraser tool –

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –

Support Tool with Power Eraser Tool included –
How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files
If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

Keep us posted on the issue.



RickHydro's picture

Hi Thomas,

I ran through the list step by step and the support tool detected corrupted virus definitions. I uninstalled and re-deployed and everything seems to be working fine.

If something comes up i'll post it here.

Thanks for your help.

Thomas K's picture

Hi Rick,

Glad to hear it worked out for you.