Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

trojan.maljava keeps coming back?

  • 1.  trojan.maljava keeps coming back?

    Posted Dec 19, 2013 12:44 AM

    Hi all,

    A email will be sent to me when there is a risk/virus detected on a user's computer. 3 days ago, I received a email that Trojan.Maljava was found on a user's computer and was deteled by endpoint. However, I keep receiving this email, saying Trojan.Maljava was found on that user's computer. The path of the file infected is the same in all mails I received.

    Then, I did a full scan on that user's PC but no virus or malware was found.

    I also checked if there is any log or record regarding the risk on the Endpoint server. But sadly no record regarding that user was found.

    Besides checking the logs on the server, I have also checked the logs in the Symantec Endpoint Protection on that user's PC but again, no log was found. And the user said that there was no notification or pop-up window from the endpoint saying a risk or malware was found on his PC.

    Dose anyone know what happened and what should I do?



  • 2.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 12:48 AM

    Does this thread help you.

     

    https://www-secure.symantec.com/connect/forums/trojanmaljava-false-positive



  • 3.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 12:57 AM
    Thanks for your reply. I have seen this thread and tried the methods in this thread. But I still cannot solve my problem.


  • 4.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 01:43 AM
    You can run the symhelp utility and submit the suspicious data to Symantec, they can provide the permanent solution How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility Article:TECH203027 | Created: 2013-02-21 | Updated: 2013-05-23 | Article URL http://www.symantec.com/docs/TECH203027 Symantec Help (SymHelp) Download Article:TECH170752 | Created: 2011-09-29 | Updated: 2013-11-13 | Article URL http://www.symantec.com/docs/TECH170752 Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec


  • 5.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 05:55 AM

    Hi Dev.Jal,

    A email will be sent to me when there is a risk/virus detected on a user's computer. 3 days ago, I received a email that Trojan.Maljava was found on a user's computer and was deteled by endpoint. However, I keep receiving this email, saying Trojan.Maljava was found on that user's computer. The path of the file infected is the same in all mails I received.

    Then, I did a full scan on that user's PC but no virus or malware was found.

    Which version of SEP are you runing on the SEPM and SEP client-?

    Is the time different in all of the notification mails, or is it sending notifications about the same old detection again and again?



  • 6.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 08:31 AM

    Run the Symantec Power Eraser

    How to run Symantec Power Eraser with the SymHelp utility

    http://www.symantec.com/docs/TECH203683

    How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

    http://www.symantec.com/docs/TECH203027



  • 7.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 09:51 AM

    Hi Mick,

    The version of SEP running on SEPM is v 12.1.2 and the SEP client on that user's PC is v12.

    The time of all notification mails are different. Also, the action taken varies. Sometime is "Cleaned by deletion" and sometime is "Details pending". But I cannot find the infected file on the location specified in the mail when the action taken is "Details pending"

    Thanks



  • 8.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 09:53 AM

    Hi Brian,

    I tried this tool and the result is "no risk was found".

    I can run it again and submit the report to symantec if it can help me to solve the problem.



  • 9.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 09:55 AM

    Hi AJ_01,

    I tried this tool but no suspicious file was found.



  • 10.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 10:08 AM

    Cheers Dev!

    If the notifications were duplicates, that would have sounded like a defect fixed in SEP 12.1 RU2. 

    (It is a good idea to update to SEP 12.1 RU4 regardless, as that has the ability to deliver faster notifications....)

    New fixes and features in Symantec Endpoint Protection 12.1.4
    http://www.symantec.com/docs/TECH211972

    ....
    Faster alerting and notification for priority events

    SEP 12.1.4 Windows clients can quickly send priority events to SEPM without waiting for the next heartbeat. You can create notifications without a damper for critical events. Priority events include malware detections and IPS alerts.

    I recommend running a Risk Report from the SEPM for the past week.  Does that show the detections for which you are receiving alerts?   (And what other intersting entires does it show-?)

    Many thanks,

    Mick
     



  • 11.  RE: trojan.maljava keeps coming back?

    Posted Dec 19, 2013 10:36 AM

    Thanks Mick, I will try to upgrade the client SEP to v12.1.2 to see if the problem can be fixed. I cannot upgrade it to v12.1.4 without my supervisor's permission.

    For the risk report, I cannot find any records related to the alert.



  • 12.  RE: trojan.maljava keeps coming back?

    Posted Feb 22, 2014 09:13 PM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post.

    Thanks and take care,
    Brian