Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Virus ? How to fix ?

Created: 30 Oct 2012 • Updated: 31 Oct 2012 | 3 comments

Symantec Endpoint show that my computer infected in Oracle and windows:

Is that infected ? How to fix ?

Because I saw that my website (config with IIS and Oracle) run slowly.

Info: Windows server 2008, oracle 11g, newest update

Comments 3 CommentsJump to latest comment

Brɨan's picture

What do you have your actions set to do when your SEP clients finds a virus?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Have you created Exclusions for Oracle related files?

Check this Best Practice Article - 

What scan exclusions could be applied to an Oracle database server running Symantec Antivirus or Symantec Endpoint Protection

http://www.symantec.com/docs/TECH134383

Secondly, "oravssw.exe", "oraclragnt.exe" and "nmesrvc.exe" are Executable files.

I would suggest you to submitting these Files to the Symantec Security Response Team by - 

https://submit.symantec.com/essential

and 

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is owned by Symantec.

Also, check these Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

A Quick Note: 

W32.Morto.B is a worm that spreads through removable drives and by using Remote Desktop Protocol (RDP) connections. It also infects executable files found on the compromised computer.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-071013-3812-99

Check these BLOG's on W32.Morto.B:

W32.Morto.B – Morto Adds File Infection to its Arsenal

https://www-secure.symantec.com/connect/blogs/w32mortob-morto-adds-file-infection-its-arsenal

Morto worm sets a (DNS) record

https://www-secure.symantec.com/connect/blogs/morto-worm-sets-dns-record

Hope that helps!!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.