Endpoint Protection

I have a Windows 2003 SP2 server running Symantec Endpoint Protection 11.0.2010.25.   I am getting a ton of virus alerts from shadowcopy directories.

Trojan Horse found in file: \Device\HardDisk\VolumeShadowCopy9\Documents and settings\m28098\Local Settings\Temp\DWHFF66.tmp.   Quarantine failed: Access Denided.   The file was left unchanged
So I'm getting a ton of these with various temp files.

I'm also getting it in
\Device\Harddisk\VolumeShadowcopy8\documents and settings\all users\application data\ symantec\symantec antivirus corporate edition\7.5\xfer\49e4be7e.tmp.   clean succeeded.
I believe that directory is a shadow copy of the quarantine.   There are tons of detections on various temp files in that directory as well.

I'm not sure how to deal with this.   I've had the user dump the quarantine, but the detections keep coming.  

Hi Mordac, for the first infection, it's access denied because the file is still in use. Can you post a HijackThis Log here so that we can see the running processes?

for the 2nd part, I think these are just quarantine, if it's so many, it means that you have many viruses on you server, you should run a full system scan.

As a matter of fact, It can also be the corrupt virus definitions.
Symantec has a tool by the name rx4defs to resolve the definition corruption issue, Depending upon the platform(x86, x64) you can log a case for it.

You can download the unlocker(http://ccollomb.free.fr/unlocker/) and see what process is using it(By right clicking on the file). If it's Rtvscan.exe then its not the threat.

Nice tool, been looking for this tool, forgot the name..