Endpoint Protection

Hello guys,
I have virus or worm in my network that prevent users from browsing internet and local network .it also disable windows firewall.
i tried winsock repair tool it fix the problem for few minutes but the problem back again
i tried another antivirus it detects it as w32.IRCbot.
any help guys im in big problem.

Hi,

Please let us know, what is the version of SEP client you are using. Do you have the latest definitions on the client? Please run a full scan in normal mode as well as in Safe Mode with networking.

You can follow the following document:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/59ced4261979d3e78825725f007bfde5?OpenDocument

Best,
Aniket

Be sure to delete the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"winapii" = "%Windir%\Winapii\Winapii.exe"

See http://www.symantec.com/security_response/writeup.jsp?docid=2002-070818-0630-99&tabid=3 for complete removal instructions.

Cheers,
Thomas

im using sep MR4MP2 version and im sure the virus definition is updated .
i run full system scan and nothing new.

 https://www-secure.symantec.com/connect/forums/trying-get-rid-trojanfakeavalert-and-need-help-desperately

https://www-secure.symantec.com/connect/downloads/lsp-fix

A definition was released for w32.IRCBot  in the last rapid Release today.

http://www.symantec.com/business/security_response/definitions/rapidrelease/index.jsp

Install the latest RR definitions and scan your system again.

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Let us know how it goes.

regards,
thomas