Video Screencast Help
Search Video Help Close Back
to help

Trojan disabled Teefer2 driver

Created: 19 Oct 2010 | 4 comments
glentc's picture
glentc
0 0 Votes
Login to vote

After identifying and removing a Trojan from a workstation which Endpoint didn't catch, it's support tool still shows that the Teefer2 driver is not functional. It looks like the trojan disabled/broke the Teefer2 driver so it can communciate back to it's C&C site. The Teefer2 is not listed within Device Manager. Here are the steps that I tried so far.

 

* From the Add/Remove Programs, I ran Endpoint's repair.

* I uninstalled Endpoint. I also removed the folder C:\Documents and Settings\All Users\Application Data\Symantec

 

Is there a dedicated support tool just for the removal of the Teefer2 driver?

Discussion Filed Under:
, , ,

Comments 4 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Trojan disabled Teefer2 driver - Comment:19 Oct 2010 : Link

yes, for that you need to conatct Symantec Technical Support team.

else you may follow the manual uninstallation procedure

http://www.symantec.com/business/support/index?page=content&id=TECH96924&locale=en_US

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
  • Actions
AravindKM's picture
AravindKM Trusted Advisor
Trojan disabled Teefer2 driver - Comment:19 Oct 2010 : Link

Install SEP one again and try.Remember that this driver will get installed if you included NTP in the feature list only.....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
  • Actions
Rafeeq's picture
Rafeeq
Trojan disabled Teefer2 driver - Comment:19 Oct 2010 : Link

You can open a case with symantec to get the cleanwipe tool this will remove all the instances or follow this step to remove teefer

 

Remove the Teefer driver

  1. Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
  2. Type pnputil -e to list the Symantec drivers in the driver store.
  3. Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
  4. Type exit to close the command prompt.
  5. In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
  6. Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
  7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
  8. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  9. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
  10. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  11. Close the Windows Registry Editor.
  12. In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
  13. Delete any network adapters to which teefer was attached.
    This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
  14. Restart the computer into normal mode.

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

0
Login to vote
  • Actions
P_K_'s picture
P_K_ Trusted Advisor
Trojan disabled Teefer2 driver - Comment:19 Oct 2010 : Link

 Following steps need to be   followed to confirm teefer is not present

a.Search  for  teefer  in the registry.

b. Checke the Device Manager

c. Query for teefer on the cmd present ( sc queryex teefer2 ):  It should return “The specified service does not exist as an installed service.”

Prachand MCSE-2012 Symantec Technical Specialist (SCTS)

0
Login to vote
  • Actions