Endpoint Protection

i have virus attack my network that made pc doesn't have ip ,netmask,gateway and Dns although the network connection is active but without ip
i tried to disable and enable network card,put ip manually static,release ip and renew .all this trials are failed.
i use symantec endpoint 11 MR4_Mp1 updated



another problem
some computers have ip ,netmask,gateway,dns and i can ping all servers in my network, lookup for external sites but when i try to open any http traffic there is no page i can open it like page cant be displayed
what can i do  please help if nay one know solution or any removal tool recomended from symantec.

quick reply is highly appreciated

thanks
sameh omer

See the following:

What to do when you suspect that a Symantec antivirus product is not detecting viruses

The 5 Steps of Virus Troubleshooting

i used the symantec support tools to check the engine and it tolds me that the engine is ok and virus definition is ok
?????????
still have the problem

you also want to reset winsock..

1. Open up command line (on Start, Click Run, type: cmd)
2. On the black window, type: netsh (hit return)
                                            type: winsock reset (hit return)
                                            type: exit.
3. Then restart your pc.

what does winsock reset will do?

Winsock is a program handles input/output request for internet applications/network. since the virus attack, it could have been damaged.

netsh reset winsock catalog
Reboot
Well this might help as suggested by Paul.
But I some what do not feel as this is really a virus attack..
Have u check your DHCP..is it working properly ? how can you be so sure that it is a virus attack.

Have you done the RapidRelease and Full Scan in safe mode without network ?

Run sysinternals rootkitrevealer...coz if its a threat then i guess only a rootkit can handle this trick properly..

i run winsock reset the infected pc's take ip address for minutes and i can browse http traffic then the problem back again.
im sure its not dhcp problem coz another computers in the same subnet are working proberly.

Run sysinternals rootkitrevealer...coz if its a threat then i guess only a rootkit can handle this trick properly.????plz could anyone clearify this to me!!!!

thanks

 http://technet.microsoft.com/hi-in/sysinternals/bb897445(en-us).aspx

Run the tool from the link above rootkitrevealer and see if it finds some suspicious entries..

However have you already tried the other steps mentioned Rapidrelease and full scan in safe mode ..

i tried to run endpoint in safe mode but it failed

i used the rootkit revealer and it gives me some suspicious entries whats next?????

Submit those suspecious entries to the security response website.

https://submit.symantec.com/websubmit/gold.cgi 

After submitting to Symantec, you may need to delete the files manually.

Please check your start up items and services

1. Click Start
2. Click Run
3. Type: msconfig
4. Select the Startup Tab (uncheck suspicous programs running)
5.On the Services Tab, select to hide Microsoft Services (uncheck suspicious programs running)

Delete the files manually, and then remove the registry entries for it.

 Well if it is rootkit nothing will help ...best option would be to Symantec Tech Support. So that they can help you submit these files. Also read this article as this might help.
https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer