Video Screencast Help

Virus ? How to fix ?

Created: 30 Oct 2012 • Updated: 31 Oct 2012 | 3 comments

Symantec Endpoint show that my computer infected in Oracle and windows:

Is that infected ? How to fix ?

Because I saw that my website (config with IIS and Oracle) run slowly.

Info: Windows server 2008, oracle 11g, newest update

Comments 3 CommentsJump to latest comment

ᗺrian's picture

What do you have your actions set to do when your SEP clients finds a virus?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


Have you created Exclusions for Oracle related files?

Check this Best Practice Article - 

What scan exclusions could be applied to an Oracle database server running Symantec Antivirus or Symantec Endpoint Protection

Secondly, "oravssw.exe", "oraclragnt.exe" and "nmesrvc.exe" are Executable files.

I would suggest you to submitting these Files to the Symantec Security Response Team by -


Note: ThreatExpert is owned by Symantec.

Also, check these Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

A Quick Note: 

W32.Morto.B is a worm that spreads through removable drives and by using Remote Desktop Protocol (RDP) connections. It also infects executable files found on the compromised computer.

Check these BLOG's on W32.Morto.B:

W32.Morto.B – Morto Adds File Infection to its Arsenal

Morto worm sets a (DNS) record

Hope that helps!!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.