Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Repeted same W32.Downadup.B virus on same clients daily.

Updated: 21 May 2010 | 3 comments
kailaspadwale's picture
kailaspadwale
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi,

        In my organization Symantec Server (SEPM 11.0.4000.2295) is used.

        But every day symantec shows W32.Downadup.B virus on same repeted clients (near about 20 clients) & also shows Actual action (taken by SEP) is Cleaned by deletion.
 
        Why SEP shows same virus on same clients every day.

        Plz guide how i can resolve this problem.

And also one another problem is SEP shows W32.Downadup.B & Trojan Horse virus infection in d:/Documents and Settings/All Users/Application Data/Symantec/Symantec Endpoint Protection/xfer/4a5968f1.tmp folder, and shows Actual action (taken by SEP) is Quarantined.

      Plz guide for how to fix this problem.

Thanks,

Kailas

discussion Filed Under:
, , , ,

Comments

Vikram Kumar-SAV to SEP's picture
17
Jul
2009
1 Vote +1
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

2 diffrent issues

These are 2 diffrent issue.
if the detction in Xfer folder you need to delete all TMP folder in that location and everything inside quarantine folder.
For downadup.B are these computer updated with all security patches up to date not just one related to Downadup.
Run a full scan in safe with Rapid Release.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION
pete_4u2002's picture
18
Jul
2009
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

hi, But every day symantec

hi,

But every day symantec shows W32.Downadup.B virus on same repeted clients (near about 20 clients) & also shows Actual action (taken by SEP) is Cleaned by deletion.

SInce the action taken is deleted, I believe these syste,s are protected, there is/are other syste,m which is infected and spreading the threat. YOu may need to look for such system, one way of approaching to find the infected machine is using the risktracer, risttracer will point to the source machine , you may need to repair that system.

And also one another problem is SEP shows W32.Downadup.B & Trojan Horse virus infection in d:/Documents and Settings/All Users/Application Data/Symantec/Symantec Endpoint Protection/xfer/4a5968f1.tmp folder, and shows Actual action (taken by SEP) is Quarantined.
Its safe to remove the tmp files within quranatine folder.

Cheers
Pete

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

Frank019's picture
05
Aug
2009
0 Votes 0
Login to vote
Frank019

You might want to check the

You might want to check the solution at this forum

https://www-secure.symantec.com/connect/forums/w32downadup

" Please read this document from Symantec about Downadup

http://www.symantec.com/security_response/writeup....

Make sure your systems have the latest windows updates especially the Microsoft Security Update for Windows XP (KB958644)

You can also download the removal tool which is stated on the KB (Downadup Removal Tool)

Scan your computer on safe mode and make sure you have the latest virus definition updates."

from Paul Mapacpac

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,880