Endpoint Protection

 View Only

  • 1.  scanning weird behavior

    Posted May 20, 2013 03:02 PM
    hi Few days ago my Vista laptop was getting sluggish. the mouse pointer would freeze for a second or two en continue moving. to be in safe side i run full system scan. Then i noticed that while running it will show that its scanning following files, will freeze for about 10 or 20 seconds then continue without reporting any errors or threats. 9129837.exe hide_evr.sys virusremoval.vbs zwangi.exe i browsed to those file locations but could not find them. i downloaded gmer rootkit tool and run it without finding them. what shall i do now? nothing seems to be working. cannot confirm whether my computer is infected or not. please help


  • 2.  RE: scanning weird behavior

    Posted May 20, 2013 03:17 PM

    Review this thread and run the tools mentioned

    https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

    What other symptoms are you experiencing. This may not be virus related.



  • 3.  RE: scanning weird behavior

    Trusted Advisor
    Posted May 20, 2013 03:36 PM

    Hello,

    Personally, I do not think these files are Threats.

    However, you may like to run the SymHelp on the client machine and scan the machine.

    Incase, you find any suspicious files, please submit them to the Symantec Securoty Response Team.

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Secondly, check these Threads with similar issue - 

    https://www-secure.symantec.com/connect/forums/sep-daily-scanning-non-existent-fileis-it-looking-known-bad

    https://www-secure.symantec.com/connect/forums/sep-scanning-possible-rootkit

    https://www-secure.symantec.com/connect/forums/cwindowssystem32virusremovalvbs

    Hope that helps!!



  • 4.  RE: scanning weird behavior

    Posted May 20, 2013 04:12 PM

    Hi Brian,

    My main observation as I said is that while doing anything on the computer, the mouse cursor would stop moving for a second or two then continue moving. as if the whole pc did a hic up. 

    This started only two days ago. The only things I remember changing in the computer recently are:

    1- Disabling google Chrome built-in flash plugin and forcing it to use the separte Adobe Flash plugin (google's flash version kept crashing all the time)

     

    2- Deleting some quarantined items from symantec. They've been there for a year or two quarantined with no solutions.

     

    I did a safemode scan, nothing found. 

    I searched for mentioned files (that symantec scan would stop at their name for a while then continue) and tried to browse into them, even using command prompt. No luck

     

     



  • 5.  RE: scanning weird behavior

    Posted May 20, 2013 04:23 PM

    Hi Mithun,

    So others are having the same observation and yet I couldn't find a FIRM answer from Symantec, when the scan freezes for few seconds at the mentioned files, does that mean that those files exist somewhere on my computer? or it is just in the symantec virus database? and the freeze is just normal scanning behavior?

     

    I do hope that you are right and that there is no threat on my computer. But is there another way to investigate why the computer freezes for two seconds every few minutes?

    As I said, i did make a full scan, another full scan in Safe Mode. I downloaded and run SuperAntiSpyware in normal and in safe mode. It detected and cleared many tracking cookies that keep accumlating. And deleted few threats that were in Symantec definitions folder with a .tmp extenstion.

    Yet still the computer freezes for a second every few minutes.

     

     

     

     



  • 6.  RE: scanning weird behavior

    Trusted Advisor
    Posted May 23, 2013 02:56 PM

    Hello,

    Could you check what is the number of levels of nesting scans supported by SEPM "Number of levels to expand if there are compressed files within compressed files" ??

    This option Specifies the number of levels of nesting scans should support.

    The client supports a maximum depth of ten levels of nested compressed files for Windows computers. The default setting is three levels.
     
    This option enables the scanning of containers, such as Files.zip, and the contents of the containers, which are the individual compressed files.
     
    Symantec Endpoint Protection scans compressed files during on-demand, email, and scheduled scans. When this option is enabled and you use the Extensions dialog to include only specified file extensions, Symantec Endpoint Protection continues to scan container files and their contents even if you do not specify the container file extensions. You can disable the Scan files inside compressed files option or create exceptions for specific container file extensions so that scans do not scan them.
     
    Because of the significant processing overhead, Auto-Protect does not scan the files that are within compressed files on Windows computers. However, the files are scanned when they are extracted from compressed files.
     
    Note:  You cannot stop a scan that is in progress on a compressed file. If you choose to stop the scan, the Symantec Endpoint Protection client stops the scan only after it has finished scanning the compressed file. 
     
    Scan_advance.JPG

     

    Secondly, What version of SEP are you running? Is that SEP 11.0.7300 OR 12.1.2015?

    Make sure you have either of the above Latest versions.

    Secondly, in case if you do have the above Latest versions installed, I would request you to Create a case with with Symantec Technical Support Team.

    How to create a new case in MySupport

    http://www.symantec.com/docs/TECH58873

    Phone numbers to contact Tech Support:-

    Regional Support Telephone Numbers:

    • United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    • United Kingdom: +44 (0) 870 606 6000

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

    Hope that helps!!