Endpoint Protection

Hello friends:

 

I hope you are fine, I wonder if some of you could tell me please how I can to remove this trojan, I can not update virus definition database, I can not get access to symantec web sites and malware removal tools. It happens that trojan knows this sites and other antivirus companies web sites.

 

Thank you so much, for your help!

 

Regards!

This should be moved to the SEP forums

Moved to SEP forums.

Thanks!
Cheryl

Hi, search in this forum for Symantec Endpoint Recovery Tool to burn a bootable disc and scan the system. Another option is the Power Eraser coming with the SEP Support Tool. Of course you have to get them from another PC.

Hi gmar,

Could you please share how long definitions are not updated on the infected machine ? 

Isolate the system from the network.

Download SEP support tool, select the option power eraser & scan the infected system.

Here is the location of the Symantec Endpoint Protection Support Tool.

http://www.symantec.com/business/support/index?page=content&id=TECH105414

if did not help use SERT tool

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Always follow best Practice:

http://www.symantec.com/docs/TECH105236 

 

Hello,

Win32/Dorkbot.D!generic (eTrust) aka. WS.Reputation.1 (Symantec) is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. 

In your case, when you could not update definitions files, you could perform a manual Installation of Virus definitions on the SEPM / SEP clients.

Check these Articles:

How to update definitions for Symantec Endpoint Protection Manager using a JDB file

http://www.symantec.com/docs/TECH102607

How to update definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606

Once, the Symantec Endpoint Protection Manager is updated with Latest Definitions, it would update the Manager SEP clients as well.

Once all the clients are updated, you can run a full scan on all the machines.

I would also insist you to create a Case with Symantec Technical Support so that the Technical Support Team could look into the same.

Hope that helps!!

 

Hi Gmar,

"Thumbs up" to the advice, above, about using SERT.

I also recommend running a SEP Support Tool on the infected computer to identify any suspicious files which may be involved.

Symantec Support Tool: How to collect suspicious files and submit the samples to the Symantec Security Response Team.
Article: TECH147870   |  Created: 2011-01-11   |  Updated: 2012-05-01   | 
Article URL http://www.symantec.com/docs/TECH147870

Be sure that this computer is completely clean before re-joining it to your network!

Hope this helps!  Please keep this thread up-to-date with your progress.
 

 

Any update on your issue?

You can use SERT or use intelligent updater as suggested, try run scan in safe mode.

 

anyway can you share what are the impact of this threat to your host/pc? (mass pop-ups, slow pc etc)