Endpoint Protection

I ran Symantec Power Eraser on a Windows 7 machine that has the Trojan.Zeroaccess risk. The affected file is the windows/system32/services.exe file. When I try to select the file in PE to fix, I get the following message:

Symantec Power Eraser is unable to safely remove this file. Removing this file may cause system instability. This file will not be selected for removal.

The machine doesn't appear to have previous versions of the file to replace it. Any ideas on how I can proceed from here?

Thanks.

jerpguy

Because it's a core Windows system file.

You can run your Windows CD and do a repair or replace on the file.

http://windows.microsoft.com/en-us/windows7/help/system-repair-recovery

can you submit the file to security response?

Hello,

You could submit the file to Symantec Security Response by submitting on :

https://submit.symantec.com/websubmit/essential.cgi

Could you try Running the Scan in Safe mode with Networking and check if that helps.

Secondly, you could try running the SERT utility as well:

Check this Articles:

How to make the Symantec Endpoint Recovery Tool boot from a USB memory stick

http://www.symantec.com/docs/TECH131578

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

http://www.symantec.com/docs/TECH131732

Symantec Endpoint Recovery Tool (SERT) download comes as an ISO (disk image). How do I use this?

http://www.symantec.com/docs/TECH131685

What does the full scan from the Symantec Endpoint Recovery Tool (SERT) CD scan ?

http://www.symantec.com/docs/TECH150491

You'll need to kill the 'real' process manually...

You may capture the sample using SEP Support Tool then submit as adviced above