Endpoint Protection

I have the above virus detected by SEP. When SEP attemts to clean it it cannot clean c:/system volume information/Microsoft/services.exe and smss.exe, as these are in use.

I have tried turning system restore on & off in both noramll and safe mose. I have tried using the unlocker sotware reccommneded in athore symatec forum. But I still have them. I cannot delete them as winlogon.exe uses these services.

So far SEP has failed to clean this virus. Any ideas?

I would try removing the threat with the SERT tool. See

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/750ab70cd21259ae88257706004bafc9?OpenDocument

Go to 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Check the vale of Userinit 
Change i back to C:\WINDOWS\system32\userinit.exe,
If anything else is present

Try deleting the files in Safe Mode.
Use Systinternals Autoruns and find what all places it is hooked and remove\Delete those entries.