Video Screencast Help

ZeroAccess problem

Created: 23 Sep 2011 • Updated: 24 Sep 2011 | 5 comments

what Endpoint is not blocking the ZeroAccess trojan ?
in this situation a Sonar should react but there is no reaction and SEP is damaged

 <edited by Paul Murgatroyd, removed attachment, please do not post malicious files to Connect.  They should be submitted using https://submit.symantec.com >

Comments 5 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

Please do not Upload Malwares on Connect websites it is againt the Rule of Connect. Upload it to https:submit.symantec.com/esssential

or whatever support contract you have with symantec.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Coyote's picture

I already a long time ago sent but files aren't being added to bases after 2 days is detecting 1 from 2...

sent files for analysis probably aren't being analysed often I sent several dozen dangerous files and after a few days was detected some 20% from them

Vikram Kumar-SAV to SEP's picture

if any file is not detected as threat and other Av's are detecting as threat you can open a Support case after submitting the file. With the Tracking Number.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Mick2009's picture

Symantec does have definitions which protect against Trojan.Zeroaccess.  Details on this threat can be found at http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99

If you believe you have discovered a new, undetected variant, please do submit the suspicious files to Security Response as described above and contact Technical Support.  Until new deinitions are available, the steps in the following article will help:

Best practices for troubleshooting viruses on a network
Article: TECH122466 | Created: 2010-01-15 | Updated: 2011-08-02 |
Article URL http://www.symantec.com/docs/TECH122466

Thanks and best regards,

Mick
 

With thanks and best regards,

Mick

Mick2009's picture

There is a removal tool for trojan.zeroaccess- see details at the following link: https://www-secure.symantec.com/connect/forums/trojanzeroaccess-removal-tool

Also, Symantec has IDS signatures against the traffic involved with this threat.  Do make sure that all the protection components (AV, NTP, IPS, etc) are in place.

With thanks and best regards,

Mick