Endpoint Protection

 View Only

  • 1.  Non detection of trojan's

    Posted Apr 08, 2009 11:42 AM
    Just installed SEP after my computer took a nose dive from some nasty viruses and had to reformat my computer. I thought that they were all cleaned out, but keep getting error messages on startup. afisicx.exe, mabidwe.exe, sopidkc.exe keep reappering on my system even though I've gone and deleted them from my hard drive and the registry. SEP keeps saying there are no threats detected when I run a full scan of the computer or those files. Any ideas?


  • 2.  RE: Non detection of trojan's

    Posted Apr 08, 2009 11:58 AM
    you have probably deleted them from the harddrive but there are probably few places that are referencing them like shorcuts or registry entries. check the system with Autoruns from sysinternal/microsoft


  • 3.  RE: Non detection of trojan's

    Posted Apr 08, 2009 12:16 PM
    Re-format and restore from backup.  No AV product advertises clean up after-the-installation of AV with 100 percent assuridity.   It's just not worth your time getting back to a "clean" state.


  • 4.  RE: Non detection of trojan's

    Posted Apr 08, 2009 02:17 PM
    Most executables on their own, pose little threat, unless they have been coded in such a way as to be independant.  Sometimes, those same executables rely on DLL files to point to certain locations or for referencing of comands.  It is possible, that although the registry entry and the executables have been removed the entries in said DLLs still exist.

    What about "run" or "runonce" in the registry?  Did you clean those aswell?
    Not all files will be identifed by their exact name in the registry, some can be identified by a string {abcde-fghijkl-12345-...} and thus not removed/found when manunally cleaning the registry.

    Try opening up Microsoft's System configuration utility (msconfig) and in the "startup tab" look for or identify any "missing entries".  An entry with no name, pointing to a registry entry nonetheless, chances are that's your culprit. 

    Other times, some of these buggers load up into a higher level of memory and rewrite themselves.  Those are harder to get rid of. 

    You said, you identified them as Trojans, could they actually be malware?  Have you tried a malware scanner or registry cleaner?


  • 5.  RE: Non detection of trojan's

    Posted Apr 11, 2009 07:10 AM
    If you found and suspicious files so you have to submit to Symantec Security Response Team for Creating a new Definition.