Is your system infected? Symantec tools to help clear an infection

Created: 20 Apr 2012 • Updated: 11 Dec 2012
Login to vote
+25 25 Votes

This is a general help document to help you get started on finding and clearing a PC infection.

 

There are many types of infections in the wild today. Some require different steps for removal, while some of the more dangerous threats may need specific tools to be completely cleaned from your system. The “Best practices for troubleshooting viruses on a network” is a great document to start with.

If you are fighting a single infection, following the steps and links below should be helpful in detecting and removing most threats.

 

As with any AV product, make sure you have the latest Antivirus signatures. For Symantec products, start with downloading the latest Rapid Release definitions.

Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc.  Perform a full system scan in Safe Mode.

If your AV fails to detect and remove the infection, there are useful tools provided by Symantec for help with finding those hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common load points where threats can live.

4. If you are running Symantec Endpoint Protection, you can use the Network Activity Tool to identify suspicious processes.

5. There are several Threat-Specific Removal Tools provided by Security Response. These tools are designed to detect and remove the most pervasive threats seen in the current landscape. Note, these Threat-Specific tools are not updated, and may prove less helpful as new variants of threats are released in the wild.

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.

 

To help prevent future infections please follow our Security Best Practice Recommendations and our “Must Do, Should Do, Can Do” best practices.

Make sure your OS and all software is up-to-date and fully patched. Add Norton Safe Web Lite to your browsers. Norton Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.

Add web filtering to help protect, use Norton ConnectSafe (AKA Norton DNS) in your environment. Many times inappropriate sites are the source of malware and driveby downloads. ConnectSafe blocks inappropriate content in 23 different languages. 

 

Here are some other articles that will be helpful.

Cleaning an infected system with no or a damaged install of Symantec Endpoint Protection/Symantec AntiVirus

Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003

How to find Suspected Threats on your computer

I hope you find this information useful.

 

TK

Filed Under

Comments

P_K_
Trusted Advisor
26
Apr
2012

Great Article

Great Article

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

26
Apr
2012

very good Article tools

very good Article tools details

Muhammad Ejaz
Partner
Accredited
18
May
2012

Excellent document.

Excellent document.

Mithun Sanghavi
Symantec Employee
Accredited
22
May
2012

Additional Best Practices

Hello,

Adding to Thomas's Best Practices above,

As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches. For additional information on this and any other recent advisories, please visit the Symantec Advisory page at:

http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=security_advisory

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

27
May
2012

Useful information!

Useful information!

29
May
2012

good job.....

good job.....

NMG
21
Jun
2012

Great ARticle

Great ARticle

cemilebaşak
Partner
Accredited
22
Jun
2012

Thanks. This is a very

Thanks. This is a very usefull article.

Regards;

Cemile Denerel BAŞAK

Note: Please mark as solution if its help you.

28
Jun
2012

Excellent Document. Very Good

Excellent Document.

Very Good Article.

 

13
Jul
2012

Hello, are users supposed to

Hello, are users supposed to download all of the individual files on the Rapid Release page linked from this article?  I've been downloading them one by one, but am having trouble with some of them.  For example, several times I've gotten a message that says the file(s) can't be opened because I'm out of disk space or they're read only.  Now, there are two WIN-RAR self-extracting archive windows open which say there's a problem: one says "cannot create intiupdater.exe" and the other one says, "cannot create VIRSCAN.zip".  I'm not sure what to do next.  Is there a way to know which of these files I need, or should I just continue to try to download all of them?  Are there any recommended solutions to the downloading/opening of files I mentioned?

Thank you!

Thomas K
Accredited
17
Jul
2012

@Mentos44, You only need one

@Mentos44, You only need one Rapid Release file. Pick the latest one that applies to your product and download it to your computer.

Ooyala - Check us out!

03
Sep
2012

yeah.........very nice

yeah.........very nice article

23
Sep
2012

It's really the helpful

It's really the helpful information. Thanks to sharing such a good article.

Thanks.

26
Sep
2012

Very help full

Very help full

30
Sep
2012

Good thread all of Symantec

Good thread all of Symantec tool Available .. :)

04
Oct
2012

Thanks for sharing such a

Thanks for sharing such a useful information, I will be checking your blog for further information and updates.

Logo Design

17
Oct
2012

Any tool available for a

Any tool available for a virus/adware/spyware that has disabled literally everything? Unable to pull up task manager, or open any .exe files without getting a message to "pay to update my virus scanner"

04
Nov
2012

Good information............

Good information............

ragenkagen
Certified
28
Nov
2012

thanks for posting!

thanks for posting!

zafar1907
Accredited
08
Dec
2012

nice artical ,really

nice artical ,really helpfull.

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....

GarthGZA
Partner
Accredited
10
Dec
2012

Very usefull, Thank you

Very usefull, Thank you

Ambesh_444
Partner
Accredited
22
Jan
2013

Good one team, Even it,s help

Good one team,

Even it,s help me..

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

zafar1907
Partner
Accredited
29
Apr
2013

Nice artical....

Nice artical....

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....