Video Screencast Help

Is your system infected? Symantec tools to help clear an infection

Created: 20 Apr 2012 • Updated: 11 Dec 2012 | 23 comments
Thomas K's picture

This is a general help document to help you get started on finding and clearing a PC infection.

 

There are many types of infections in the wild today. Some require different steps for removal, while some of the more dangerous threats may need specific tools to be completely cleaned from your system. The “Best practices for troubleshooting viruses on a network” is a great document to start with.

If you are fighting a single infection, following the steps and links below should be helpful in detecting and removing most threats.

 

As with any AV product, make sure you have the latest Antivirus signatures. For Symantec products, start with downloading the latest Rapid Release definitions.

Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc.  Perform a full system scan in Safe Mode.

If your AV fails to detect and remove the infection, there are useful tools provided by Symantec for help with finding those hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common load points where threats can live.

4. If you are running Symantec Endpoint Protection, you can use the Network Activity Tool to identify suspicious processes.

5. There are several Threat-Specific Removal Tools provided by Security Response. These tools are designed to detect and remove the most pervasive threats seen in the current landscape. Note, these Threat-Specific tools are not updated, and may prove less helpful as new variants of threats are released in the wild.

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.

 

To help prevent future infections please follow our Security Best Practice Recommendations and our “Must Do, Should Do, Can Do” best practices.

Make sure your OS and all software is up-to-date and fully patched. Add Norton Safe Web Lite to your browsers. Norton Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.

Add web filtering to help protect, use Norton ConnectSafe (AKA Norton DNS) in your environment. Many times inappropriate sites are the source of malware and driveby downloads. ConnectSafe blocks inappropriate content in 23 different languages. 

 

Here are some other articles that will be helpful.

Cleaning an infected system with no or a damaged install of Symantec Endpoint Protection/Symantec AntiVirus

Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003

How to find Suspected Threats on your computer

I hope you find this information useful.

 

TK

Comments 23 CommentsJump to latest comment

P_K_'s picture

Great Article

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Mithun Sanghavi's picture

Hello,

Adding to Thomas's Best Practices above,

As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches. For additional information on this and any other recent advisories, please visit the Symantec Advisory page at:

http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=security_advisory

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cemilebaşak's picture

Thanks. This is a very usefull article.

Regards;

Cemile Denerel BAŞAK

Note: Please mark as solution if its help you.

mentos44's picture

Hello, are users supposed to download all of the individual files on the Rapid Release page linked from this article?  I've been downloading them one by one, but am having trouble with some of them.  For example, several times I've gotten a message that says the file(s) can't be opened because I'm out of disk space or they're read only.  Now, there are two WIN-RAR self-extracting archive windows open which say there's a problem: one says "cannot create intiupdater.exe" and the other one says, "cannot create VIRSCAN.zip".  I'm not sure what to do next.  Is there a way to know which of these files I need, or should I just continue to try to download all of them?  Are there any recommended solutions to the downloading/opening of files I mentioned?

Thank you!

Thomas K's picture

@Mentos44, You only need one Rapid Release file. Pick the latest one that applies to your product and download it to your computer.

Ooyala - Check us out!

consoleadmin's picture

It's really the helpful information. Thanks to sharing such a good article.

Thanks.

Richard David's picture

Thanks for sharing such a useful information, I will be checking your blog for further information and updates.

Logo Design

rudyCNP's picture

Any tool available for a virus/adware/spyware that has disabled literally everything? Unable to pull up task manager, or open any .exe files without getting a message to "pay to update my virus scanner"

zafar1907's picture

nice artical ,really helpfull.

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....

Ambesh_444's picture

Good one team,

Even it,s help me..

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

zafar1907's picture

Nice artical....

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....