Trojan Vundo Packaged Generic
This issue has been solved. See solution.
hrsand
November 6th, 2009
All week I've been fighting with a persistant pop up that's been accompanying repeated "Packaged Generic 214" and "Trojan Vundo" blocks by my SEP. I've enabled multiple pop-up blockers, tried Firefox and IE 8, and have scanned numerous times in safe mode, in regular mode, with system restore turned on and turned off (per advice from link at SEP Antivirus Protection Log PDF attached). Anyone else have this experience? Any advice how to resolve? TIA!
Contact support for our load point diagnostic tool
I suspect the files are already on the system in a file we're not detecting. Our load point diagnostic tool details out what's in the loading points and helps us determine files that might be suspicious.
I'd recommend that you contact support so we can get this tool to you, then review the data it provides.
It is also possible that this could be coming over the network. Depending on how often the alerts happen, and if you can afford the time off the network, you might want to try unplugging the network cable and see if the alerts stop. if they stop, it's a good bet they're coming across the network...try a packet capture program and look for unexpected connections, usually over the default shares (like C$ and Admin$).
If the alerts don't stop when off the network, we need to get a better look at the machine (via load point diag) to see if we can get to the root of the issue, get those files submitted and deal with the threat(s).
Thanks for the insight Chris.
Thanks for the insight Chris. How do I contact support? Can you give me a priority number so they don't charge me $100 for calling? Alternatively, can you point me to a link where I can just download the Load Point Diagnostic Tool? Thanks!
Is this message appears when
Is this message appears when you open Internet explorer or any browser.
Both IE 8 and Firefox 3.5
Both IE 8 and Firefox 3.5
There might be some
There might be some exploited or Malicious Add-Ons loaded on your browsers.
For IE go to internet options -advanced -Reset.
for firefox
Celebrating 2 years as a community member....
This has been a fun one
We had to battle this one recently. When we were battleling this everytime new definitions came down we detected more machines. We eventually pulled the latest rapid release definitions and then did a full scan of all machines. That helped greatly in removing it from the network.
Thanks for the feedback Rick.
Thanks for the feedback Rick. This is a standalone machine (small office, no network, just a firewalled hub). I've done the latest Live Update, but is a rapid release definition different?
rapid release
Yes rapid release are not certified yet and released several times an hour from what I can tell.
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/sequence
Like was said though you may need to get the Load Point Diag to get the right files to Symantec for them to build definitions. When I called they were telling me this threat updates its self rapidly hence is is easy for it to stay ahead of definition sets. That was why I resorted to doing rapid release definitions and then scanning quickly after getting them.
Thanks Vikram. I found a
Thanks Vikram. I found a couple of add-ons in Firefox and IE that I disabled. Hopefully that shuts down the pop-ups. So far the SEP protection hasn't found anything yet this morning, but that comes and goes and it's still early in the day here. Appreciate the idea! :-)
Would you like to reply?
Login or Register to post your comment.