Endpoint Protection

One of one sep manage client got below Issue . Intrusion Prevention

System Infected: Backdoor.Adwind Activity attack blocked. Traffic has been blocked for this application: C:\USERS\ALSHEIKH\APPDATA\ROAMING\ORACLE\BIN\JAVAW.EXE

Kindly help me out, I already run full scan and also run symantec power eraser but still getting same message.

any SID ? and did the power eraser detect any suspicious files  on the machine ?

no file detected by Power eraser

hmm what about SID ?

I have power eraser report also

this is what I have found.

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28846

can you share the SDBZ log I'll analyze it for you.

Hi mfareed,

IPS is protecing that computer at the moment, but I recommend locating and removing any malware present.

Are you sure that this is a legitimate Oracle file?  Submit it to Security Response if in doubt!

C:\USERS\ALSHEIKH\APPDATA\ROAMING\ORACLE\BIN\JAVAW.EXE

These articles may help:

Using Today's SymHelp to Combat Today's Threats
https://www-secure.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats

Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

Please keep this thread up-to-date with your progress!

With thanks and best regards,

Mick

Have you tried just deleting the file that was identified as the problem?