virus attack
Updated: 21 May 2010 | 13 comments
i have virus attack my network that made pc doesn't have ip ,netmask,gateway and Dns although the network connection is active but without ip
i tried to disable and enable network card,put ip manually static,release ip and renew .all this trials are failed.
i use symantec endpoint 11 MR4_Mp1 updated
another problem
some computers have ip ,netmask,gateway,dns and i can ping all servers in my network, lookup for external sites but when i try to open any http traffic there is no page i can open it like page cant be displayed
what can i do please help if nay one know solution or any removal tool recomended from symantec.
quick reply is highly appreciated
thanks
sameh omer
Discussion Filed Under:
Comments
See the following: What to do
See the following:
What to do when you suspect that a Symantec antivirus product is not detecting viruses
The 5 Steps of Virus Troubleshooting
Cass Averill
Install and Migration Docs for SEP 12.1
Install and Migration Docs for SEP 11
i used the symantec support
i used the symantec support tools to check the engine and it tolds me that the engine is ok and virus definition is ok
?????????
still have the problem
Re
you also want to reset winsock..
1. Open up command line (on Start, Click Run, type: cmd)
2. On the black window, type: netsh (hit return)
type: winsock reset (hit return)
type: exit.
3. Then restart your pc.
what does winsock reset will
what does winsock reset will do?
Re
Winsock is a program handles input/output request for internet applications/network. since the virus attack, it could have been damaged.
netsh reset winsock
netsh reset winsock catalog
Reboot
Well this might help as suggested by Paul.
But I some what do not feel as this is really a virus attack..
Have u check your DHCP..is it working properly ? how can you be so sure that it is a virus attack.
Have you done the RapidRelease and Full Scan in safe mode without network ?
Run sysinternals rootkitrevealer...coz if its a threat then i guess only a rootkit can handle this trick properly..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
i run winsock reset the
i run winsock reset the infected pc's take ip address for minutes and i can browse http traffic then the problem back again.
im sure its not dhcp problem coz another computers in the same subnet are working proberly.
Run sysinternals rootkitrevealer...coz if its a threat then i guess only a rootkit can handle this trick properly.????plz could anyone clearify this to me!!!!
thanks
http://technet.microsoft.com
http://technet.microsoft.com/hi-in/sysinternals/bb897445(en-us).aspx
Run the tool from the link above rootkitrevealer and see if it finds some suspicious entries..
However have you already tried the other steps mentioned Rapidrelease and full scan in safe mode ..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
i tried to run endpoint in
i tried to run endpoint in safe mode but it failed
i used the rootkit revealer
i used the rootkit revealer and it gives me some suspicious entries whats next?????
Submit those suspecious
Submit those suspecious entries to the security response website.
https://submit.symantec.com/websubmit/gold.cgi
Re
After submitting to Symantec, you may need to delete the files manually.
Please check your start up items and services
1. Click Start
2. Click Run
3. Type: msconfig
4. Select the Startup Tab (uncheck suspicous programs running)
5.On the Services Tab, select to hide Microsoft Services (uncheck suspicious programs running)
Delete the files manually, and then remove the registry entries for it.
Well if it is rootkit
Well if it is rootkit nothing will help ...best option would be to Symantec Tech Support. So that they can help you submit these files. Also read this article as this might help.
https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Would you like to reply?
Login or Register to post your comment.