Endpoint Protection

hi

anyone help me to clean trojan.gen virus from my network. affected system 4-5. virus count is high.

What is the current version of SEPM in your N/W?

If it lower than 11.7 then need to upgrade, This issue  is fixed in RU7MP2

https://www-secure.symantec.com/connect/forums/virus-name-trojangen

Latest SE version is 110-ru7-mp3

https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru2-and-sep-110-ru7-mp3

upgrade with the above mention version

Sep version is 11.0.6300.

HI,

What sep are you using ?

If you are running an older version of SEP, the conversation in the link below may apply to your situation.

http://www.symantec.com/connect/forums/trojangen2#...

BTW, the latest version of SEP 11 is RU7 MP2.

Hi,

Please update the system with latest anti virus definition and do a full scan of the system and then 

Run the Symantec NPE (Nortan power eraser) tool on the system.

Even you can manually remove the same.

Go through the below link..

http://blog.yoocare.com/how-to-get-rid-of-trojan-gen-2-completely-trojan-gen-2-removal-guide/

Removal Tool

• Run Norton Power Eraser (NPE)

You can run as well following tools:

- Symantec Power Eraser:

http://www.symantec.com/business/support/index?page=content&id=TECH134803

- bootable SERT tool:

http://www.symantec.com/business/support/index?page=content&id=TECH131732

Hello,

Are you able to detect the infection source?

Hello,

Have you done the above things,

Please let me know if problem is resolved..

This a generic name. Is it occurring on one or multiple PCs?

I have already mention the SEP version nd it is lower than RU7 MP2. I have read the attach link and will try the mention.

Best practice to troubleshoot virus on the network

http://www.symantec.com/docs/TECH122466

When i scanned the system not of any virus detected. On server detected virus extension is file "dwh.tmp".

I have read your links and update to my superior as per the link. We are going to plan the upgrade with Latest version.

Latest defintion is already updated. This virus detect with .tmp fextension and path is also as temp folder wheniam going to scan no detection. So as per above comment we are going to upgrade to fix it.

It's a known issue. You need to upgrade to the latest version of SEP.

To stop this from happening, the quarantine scan on virus definition update can be disabled: edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".

Have you upgrade with latest version or your issue fixed or not?

If it fixed then please mark the helpful comment as a solution.

Hi Vipin,

Please let me know if problem is resolved?

Thank you vipin for the update,

Please let me know if i can help you.??

K Vipin. If you will not get any issue on Monday then will mark the solution to helpful comment.

Hi

Please send the infected file to the Symantec Security Response, so they will analyse the same and revert back with the definitions set which should be used for scanning

https://submit.symantec.com/websubmit/retail.cgi

Regards