Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Virus ? How to fix ?

Created: 30 Oct 2012 • Updated: 31 Oct 2012 | 3 comments

Symantec Endpoint show that my computer infected in Oracle and windows:

Is that infected ? How to fix ?

Because I saw that my website (config with IIS and Oracle) run slowly.

Info: Windows server 2008, oracle 11g, newest update

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture


Is your system infected? Symantec tools to help clear an infection

Thanks In Advance

Ashish Sharma



.Brian's picture

What do you have your actions set to do when your SEP clients finds a virus?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


Have you created Exclusions for Oracle related files?

Check this Best Practice Article - 

What scan exclusions could be applied to an Oracle database server running Symantec Antivirus or Symantec Endpoint Protection

Secondly, "oravssw.exe", "oraclragnt.exe" and "nmesrvc.exe" are Executable files.

I would suggest you to submitting these Files to the Symantec Security Response Team by -


Note: ThreatExpert is owned by Symantec.

Also, check these Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.


A Quick Note: 

W32.Morto.B is a worm that spreads through removable drives and by using Remote Desktop Protocol (RDP) connections. It also infects executable files found on the compromised computer.

Check these BLOG's on W32.Morto.B:

W32.Morto.B – Morto Adds File Infection to its Arsenal

Morto worm sets a (DNS) record

Hope that helps!!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.