Can Symantec rid my computer of the key-finder trojan horse and if so, how do I use it. On the first deep scan, it found this trojan. I tried to purge it, but it was still on my computer, but Symantec never found it again. Really need some help. ;-(

What exact sepm version are you using ?

Run the Threat Analysis Scan in Symantec Help (SymHelp)

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

what was the action take on it? by default trojon will be deleted..thats why it did not find on the second time, have you tried running malware bytes?

What's the SEP version that you're using?

I would first start with the threat analysis scan to see if it catches anything.

It is version 11.0.5002.333. I will try what you said and see if it helps after I have run Malware Bytes again and then c cleaner.

Thank you,

I followed your suggestion and only one fle was found to be bad, but Symantec could not remove it. This did not resolve my issue. Any new suggestions?

You can submit you submit suspicious files in symantec respoance Team.

First you can check your file are virus related or not you can submit virus total site.

For Retail License Holders

https://submit.symantec.com/retail

For Essential License Holders

https://submit.symantec.com/essential

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

I have version 11.0.5002.333.

I ran the threat analysis and it found only one problem, but it was unable to remove it. Do you have any other suggestions? I have run Malwar Bytes and CCleaner to no avail.

First you can check your file are virus related or not you can submit virus total site.

For Retail License Holders

https://submit.symantec.com/retail

For Essential License Holders

https://submit.symantec.com/essential

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Hi,

There are few advice you can glance through

-Can you upgarde your SEP client from version 11 to version 12.1 as it had more function to detect threat and remove threat. Insight was a great component that added in.

-The file exist, but does the file size is zero, if it zero, mean SEP and removed the malicious code from the file, therefore the file you seen is not harmful.

-The malwarebytes that you run was it had the latest definition? if you don't had the latest version, there is no point to run the scan.

-Did you run check on the windows system files/ registry to check for any malicious registry.

Hi NCUSN,

Can you check your SEP risk logs?  What exact file did SEP detect, and what action did it report?  And is it a subsequent tool that is calling a remnant by that name? "Key-Finder.Com Trojan Horse" is not a Symantec threat name, though "Trojan.Horse" is.

An internet search shows that Key-Finder.Com is some sort of adware program.  Did you submit the file associated with it to Security Response?  They can determine if this is a file malicious enough to warrant detection by SEP.

Please do update this thread, when time allows!

All the best,

Mick

PS  Definitely upgrade away from SEP 11.0.5002.333- that is a very old release of the product.

Hi NCUSN,

Just a ping to check for an update?

Many thanks,

Mick

Did manual removal work?

How about booting into safemode to attempt removal?

I tried, but it was still there. I ended up wiping the drive completely. It is working fine now.

Nothing worked that was suggested. I ended up wiping the drive.

I ran the update software for SEP and this is the one that downloaded.

Many thanks for the update!

I ran the update software for SEP and this is the one that downloaded.

Definitions and content can be updated by running LiveUpdate.  Upgrading from one release of SEP to another involves downloading and installing the new software- definitely do look into that!  SEP 11's clock is ticking down. SEP 12.1 is the receommended version.

The Day After: Necessary Steps after a Virus Outbreak
https://www-secure.symantec.com/connect/articles/day-after-necessary-steps-after-virus-outbreak

Symantec Endpoint Protection – Best Practices
http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Cheers again!

Mick