Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Problem with W32/Conficker.EV

Updated: 04 Nov 2010 | 3 comments
Rodrigo Benedik's picture
Rodrigo Benedik
0 0 Votes
Login to vote

Hi all,

I'm look for any idea because I've tryed everything every day i get infected by conficker.
I'm running SEP Ru5 on all machines and the SEP are not catching the virus, I've looked all machines service packs and patchs are fine and the antivirus defenitions as well. The problem i'm having when i get infected is that I can not open any microsoft websites and symantec, and the only way a found is to use a tool from another antivirus brand to remove but after remove i reboot the server and i can open microsoft and symantec website, however after one hour the virus came back.
I don't know why the sep is not blocking becuse I run SEP+NTP on the servers and on the workstations i run with all features also I've looked all my policy for me everything is looking fine.
On the localhost files don't have nothing at all.

That is the path where the tool find the virus C:\WINDOWS\system32\pxgpg.mo (Infected with W32/Conficker.EV)

Thanks
 

discussion Filed Under:
, ,

Comments

VKalani's picture
09
Sep
2010
0 Votes 0
Login to vote
VKalani

Hi, You have at least  one 

Hi,

You have at least  one  computer in your  network, that  does not  have SEP installed, or has outdated definitions. Please make sure  ALL computers have SEP installed.

Also, if you have  SEP installed, with latest definitions, it is capable of detecting and deleting any conflickerfile. Make sure you are running latest definitions.

Also, since you said, you have  NTP installed. one one  computer, go to SEP-View  logs, and under  client  management look for  security  log. That would show you the  remote  host that tried attacking the computer. Look for that  ip address. If you recognize it then, install SEP on it, make sure you have  latest  windows  updates, and patches.

You could use the  Microsoft Baseline Security  analyzer tool( available on google search), to know, if you have all patches installed or  not.

-VKalani

Mahesh Roja's picture
09
Sep
2010
0 Votes 0
Login to vote
Mahesh Roja

HI

Download the removal tool from the link and scan and fix it

http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99

If this Info helps to resolve the issue please Mark as Solution

Thanks

Narendran K's picture
10
Sep
2010
0 Votes 0
Login to vote
Narendran K
Symantec Employee

Mate, A conflicker aka

Mate,

A conflicker aka w32.downadup is a network infection which tries to spread itself from other machines and once your machine is infected, it spreads the infection to other machine from your machine.

Tell me these details and we'll help you in removing the infection.

1. How many machines are there in the network :

2. Is the KB KB958644 patched on this machine??

Thanks,
Narendran K

Thanks,
Narendran K

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,683