Video Screencast Help

trojan.maljava keeps coming back?

Created: 18 Dec 2013 | 11 comments

Hi all,

A email will be sent to me when there is a risk/virus detected on a user's computer. 3 days ago, I received a email that Trojan.Maljava was found on a user's computer and was deteled by endpoint. However, I keep receiving this email, saying Trojan.Maljava was found on that user's computer. The path of the file infected is the same in all mails I received.

Then, I did a full scan on that user's PC but no virus or malware was found.

I also checked if there is any log or record regarding the risk on the Endpoint server. But sadly no record regarding that user was found.

Besides checking the logs on the server, I have also checked the logs in the Symantec Endpoint Protection on that user's PC but again, no log was found. And the user said that there was no notification or pop-up window from the endpoint saying a risk or malware was found on his PC.

Dose anyone know what happened and what should I do?

Operating Systems:

Comments 11 CommentsJump to latest comment

Dev.Jal's picture

Thanks for your reply.

I have seen this thread and tried the methods in this thread. But I still cannot solve my problem.

AJ_01's picture

You can run the symhelp utility and submit the suspicious data to Symantec, they can provide the permanent solution

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility
Article:TECH203027 | Created: 2013-02-21 | Updated: 2013-05-23 | Article URL http://www.symantec.com/docs/TECH203027

Symantec Help (SymHelp) Download
Article:TECH170752 | Created: 2011-09-29 | Updated: 2013-11-13 | Article URL http://www.symantec.com/docs/TECH170752

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Regard

AJ

Dev.Jal's picture

Hi AJ_01,

I tried this tool but no suspicious file was found.

Mick2009's picture

Hi Dev.Jal,

A email will be sent to me when there is a risk/virus detected on a user's computer. 3 days ago, I received a email that Trojan.Maljava was found on a user's computer and was deteled by endpoint. However, I keep receiving this email, saying Trojan.Maljava was found on that user's computer. The path of the file infected is the same in all mails I received.

Then, I did a full scan on that user's PC but no virus or malware was found.

Which version of SEP are you runing on the SEPM and SEP client-?

Is the time different in all of the notification mails, or is it sending notifications about the same old detection again and again?

With thanks and best regards,

Mick

Dev.Jal's picture

Hi Mick,

The version of SEP running on SEPM is v 12.1.2 and the SEP client on that user's PC is v12.

The time of all notification mails are different. Also, the action taken varies. Sometime is "Cleaned by deletion" and sometime is "Details pending". But I cannot find the infected file on the location specified in the mail when the action taken is "Details pending"

Thanks

Mick2009's picture

Cheers Dev!

If the notifications were duplicates, that would have sounded like a defect fixed in SEP 12.1 RU2. 

(It is a good idea to update to SEP 12.1 RU4 regardless, as that has the ability to deliver faster notifications....)

New fixes and features in Symantec Endpoint Protection 12.1.4
http://www.symantec.com/docs/TECH211972

....
Faster alerting and notification for priority events

SEP 12.1.4 Windows clients can quickly send priority events to SEPM without waiting for the next heartbeat. You can create notifications without a damper for critical events. Priority events include malware detections and IPS alerts.

I recommend running a Risk Report from the SEPM for the past week.  Does that show the detections for which you are receiving alerts?   (And what other intersting entires does it show-?)

Many thanks,

Mick
 

With thanks and best regards,

Mick

Dev.Jal's picture

Thanks Mick, I will try to upgrade the client SEP to v12.1.2 to see if the problem can be fixed. I cannot upgrade it to v12.1.4 without my supervisor's permission.

For the risk report, I cannot find any records related to the alert.

.Brian's picture

Run the Symantec Power Eraser

How to run Symantec Power Eraser with the SymHelp utility

http://www.symantec.com/docs/TECH203683

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

http://www.symantec.com/docs/TECH203027

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Dev.Jal's picture

Hi Brian,

I tried this tool and the result is "no risk was found".

I can run it again and submit the report to symantec if it can help me to solve the problem.

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.