Video Screencast Help
Search Video Help Close Back
to help

Symantec showing up lot of viruses cleaned by deletion

Created: 23 Nov 2012 | 13 comments
Anishk's picture
Anishk
0 0 Votes
Login to vote

Hi,

 

From some 2-3 days, we are seeing lot of messages from symantec that it has found virus and cleaned by deletion. It comes continuously and the sytem goes very slow. tried using Norton power eraser but it din't catch any virus. Please help.....

 

 

Regards,

Anish

Discussion Filed Under:
, ,

Comments 13 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

try scanning in safe mode.

are the threat on the system or from network system?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
Anishk's picture
Anishk
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

Hi,

 

It is from the network.

 

Regards,

Anish

0
Login to vote
pete_4u2002's picture
pete_4u2002 Symantec Employee
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

identify the machine, scam the machine in safe mode using lates definition.

all all software updates to the machine.

whats the threat name?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

+1
Login to vote
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

Hello,

Could you please provide us a Screenshot OR probably upload us the Risk Logs, which would assist us in understand the Threat and root cause?

Which version of SEP 12.1 are you running?

Secondly, could you please Disable the System Restore, and run the Full scan again.

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

+1
Login to vote
Anishk's picture
Anishk
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hi,

 

Attached the screeb shot... The same issue is now seen in almost all the machines...!!!!

 

 

Regards,

Anish

Symantec.jpeg
0
Login to vote
Mick2009's picture
Mick2009 Symantec Employee
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hi Anish,

  • Are you isolating all the infected computers from the network?
  • Are you using IPS?
  • Are you using strong passwords throughout your network?
  • Are these computers fully patched?
  • Do you have a mail security product on your Exchange server/mail server?
  • Are you running a full system scan with the latest defintiions?
  • Are you using Threat Tracer to find the origin of the attack?

With these best practices, it is possible to bring almost any outbreak under control.

If professional recommendations / analysis of your logs would be of assistance, please do contact Symantec's Technical Support.

Hope this helps!  &: )

 

 

 

With thanks and best regards,

Mick

+1
Login to vote
Anishk's picture
Anishk
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hi,

 

No, we have not isolated the infected machine but we are using IPS and also performing a Full scan.

 

Regards,

Anish

0
Login to vote
Mick2009's picture
Mick2009 Symantec Employee
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

Hi Anish,

Chances are there is a computer on your network which is infected and attempting to infect those it can reach (including this one).

Make sure you are following all of these recommendations:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

If you are not using IPS, please add this component- incredibly powerful when it comes to stopping threat-related traffic.

Hope this helps!!
 

With thanks and best regards,

Mick

+1
Login to vote
Anishk's picture
Anishk
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hi,

 

We have disabled all the shares and still the threats keep on coming.. pop up saying W32.Rontokbro@mm threat detected and cleaned by deletion. It is making the system very slow. We are even facing dificulties unnstalling Symantec as we thought this would at least stop the threat detection...!!! but we are even unable to uninstall it as while uninstalltion , message comes "to close the threat detection" which we are not able to close.  Now, after long try, we have now been able to uninstall the product..

Please help....!!!!!

 

 

Regards,

Anish

0
Login to vote
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hello,

It is not suggested to uninstall Symantec Endpoint Protection OR any Security Product when the machine on the network is infected by a Threat.

Could you please upload us the Risk Logs, which could assist us with understanding of the Threats.

Secondly, you may like to check this Thread which may assist you as well - 

https://www-secure.symantec.com/connect/forums/how-delete-0

I would also request you to create a Case with Symantec Technical Support Team for a Faster Assistance on your issue - 

To create a Case, check these - 

How to Create and Validate a MySymantec (previously MySupport) Account

How to create a new case in MySymantec (formerly MySupport)

OR

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

+1
Login to vote
Ashish-Sharma's picture
Ashish-Sharma
Symantec showing up lot of viruses cleaned by deletion - Comment:23 Nov 2012 : Link

HI,

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

Best practices for responding to active threats on a network

http://www.symantec.com/docs/TECH122466

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

http://www.symantec.com/docs/TECH98360

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Check this thread

http://www.symantec.com/connect/forums/virus-cleanup-exercise

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

+1
Login to vote
Mick2009's picture
Mick2009 Symantec Employee
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

W32.Rontokbro@mm is a serious threat.  Here's the write-up on it:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99&tabid=3

Are you using IPS?  There's a specific signature against it that is quite effective.

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22453

With thanks and best regards,

Mick

+2
Login to vote
guwy's picture
guwy Partner Accredited
Symantec showing up lot of viruses cleaned by deletion - Comment:26 Nov 2012 : Link

Hello!

 

Try to run a Top sources attack report, with the help of that you can identify the source computer of infection.

On that computer made the steps find on the posts before.

 

Br

Arpad

+1
Login to vote