Endpoint Protection

I just got infected with the Security Shield virus. The Symantic scan does not pick it up. What should I do?

Hello,

If you are using SEP or SAV, I would start with downloading the latest Rapid Release definitions.

If using any other AV, make sure you have the latest definitions as well.

One you have the new defs, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.

If that fails to detect and remove the threats,

there are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Support Tool with Power Eraser Tool included –

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec for analysis. New signatures will be created and included in future definition sets for detection.

http://www.symantec.com/business/security_response/submitsamples.jsp

Moving this thread to the Endpoint Forum for better visibility.

Please keep us updated on your situation.

Best,

Thomas

What is the definitions date on sep client on your computer? What exactly is the Virus doing, so that you think that your computer is infected?

Try downloading rapidrelease definitions, and then execute them, and run a full scan.

To manually update a SEP client

1. Go to the rapid release virus definition website
2. Download the appropriate .exe file for your SEP version and Operating System
   • symrapidreleasedefsv5i32.exe for SEP installed on 32 bits OS
   • symrapidreleasedefsv5i64.exe for SEP installed on 64 bits OS
3. Run the file on the clients you whish to update and follow the instructions on the screen.
4. After a successful update you should see the following message:
   •  
5. Open the SEP client and observe that the definitions date for the "Antivirus and Antispyware protection" has changed

If you still continue to have same issue, then download and run sep support tool-loadpoint, utility, and upload the logs to me..

Hi Hoopdidu,

If the load point analysis tools, mentioned above, indicate that any files are suspicious, please submit them to Symantec Secureity Response fro analysis!  We will be able to examine them and add AV signatures against them, if appropriate.

Thanks and best regards,

Mick