Endpoint Protection

Hi Everyone,

Recently, I have the users that infected with virus which causing the computer start up with 15 minutes, computer slowness, host file change to system file and everytime open internet explorer will open 30 other websites. Using SEP11 scan nothing. In safe mode, cannot remove the host file also. In registry, startup and system process, there are no any kind of suspected process/file.

Please advise on this.

check this document first

http://service1.symantec.com/support/ent-security.nsf/docid/2001060517115206

Download and run support tool and do a load point analysis......

Today is the offday I need Monday just only can get check again at the registry. However for the support tool, I have download the tool already but base on load point result, how can I further know which is the suspected file that I can submit to the Symantec for checking? Please advise.

Hello,
You can upload your files in this site. https://submit.symantec.com/websubmit/retail.cgi

By the way please check startup config with Sysinternals autoruns. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Best Regards.
Fatih

About the Symantec Endpoint Protection Support Tool

Try the tool fist.
If you are still confused log a call with symantec
 How to Contact Customer Care and Technical Support

Hi,

Thank you for everyone advise. I will log a case to Symantec and run the SEP Support Tool to get the data and send for analysis. Meanwhile, still have anything that I can do for preventation or further checknig to get more information or detecting the virus,

Have a look at this thread.You will get a lot of informations
SEP secret sauce for better protection

Use application & device policy to block modification to registry and host file.

First what you need to do is replace the host file from a working machine.