Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Virus ? How to fix ?

Created: 30 Oct 2012 • Updated: 31 Oct 2012 | 3 comments

Symantec Endpoint show that my computer infected in Oracle and windows:

Is that infected ? How to fix ?

Because I saw that my website (config with IIS and Oracle) run slowly.

Info: Windows server 2008, oracle 11g, newest update

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture

Hi,

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

What do you have your actions set to do when your SEP clients finds a virus?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Have you created Exclusions for Oracle related files?

Check this Best Practice Article - 

What scan exclusions could be applied to an Oracle database server running Symantec Antivirus or Symantec Endpoint Protection

http://www.symantec.com/docs/TECH134383

Secondly, "oravssw.exe", "oraclragnt.exe" and "nmesrvc.exe" are Executable files.

I would suggest you to submitting these Files to the Symantec Security Response Team by - 

https://submit.symantec.com/essential

and 

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is owned by Symantec.

Also, check these Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

 

A Quick Note: 

W32.Morto.B is a worm that spreads through removable drives and by using Remote Desktop Protocol (RDP) connections. It also infects executable files found on the compromised computer.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-071013-3812-99

Check these BLOG's on W32.Morto.B:

W32.Morto.B – Morto Adds File Infection to its Arsenal

https://www-secure.symantec.com/connect/blogs/w32mortob-morto-adds-file-infection-its-arsenal

Morto worm sets a (DNS) record

https://www-secure.symantec.com/connect/blogs/morto-worm-sets-dns-record

Hope that helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.