Hi

We have SEP 12.1 and one of clinet we getting following balloon notification about backdoor Houdini, is this machine infected with this virus and in quorantine we do not see any entry, how we can remove and confirm that this virus is not in client

Thanks

System Infected: Backdoor Houdini Activity

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27071

See same thread

https://www-secure.symantec.com/connect/forums/sid-27071-system-infected-backdoor-houdini-activity-detected

Check the article

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

http://www.symantec.com/docs/TECH203027

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

You can scan the system for Virus with SymHelp Utility and clean it.

How to run Symantec Power Eraser with the SymHelp utility

Hi Golani,

Take these notifications seriously.  Examine the IPS logs to see which .exe is responsible for the traffic: it is most likely wscript.exe, which will be running a .vbs file somewhere on the system.  Locate that and submit it to Security Response for examination!

Here’s an excellent illustrated guide, with video:

How to Run Load Point Analysis for Symantec Support

Article URL http://www.symantec.com/docs/TECH203028

All the best,

Mick

Post your security log here if you need help reviewing.

Do you need more help here ?

If not please update your thread (Mark as Solution).If multiple post help you please select "Request split solution" option.