Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with 10.x
Showing posts in English
Backdoor Trojan Removal
Rishi Bhaskar | 26 May 2009 | 3 comments

The following activities were performed:-
1.I observed that backdoor.trojan was infecting the files win.exe and dod.exe and Symantec was protecting them in this time of protection Symantec gave a popup of autoprotect . Also observed that this virus was causing the volume drives not to be opened by double clicking instead by rightclick >explore.
2.Now I tried to folder options and tried to unhide but folder options was not working so now by command prompt run >c:autorun.inf to check for exe file so it came as e:winfile.jpg
3.Now in run >cmd>I typed attrib -r –s –h autorun.inf to unhide it and attrib -r –s –h winfile.jpg .The file would appear and disappear so to solve this follow steps below.
a)DOWNLOAD LATEST RAPID RELEASE and deploy it on the client pc or if rapid release does not deploy download .xdb file and rename it from .zip to .xdb and paste it at c:documnetsandsettings/all users/ .Then turn off system restore and...

Read more
Live Update number which Will help you determine what exactly the LUXXXX Means.
Nirav Mistry | 14 May 2009 | 2 comments

When ever there is problem with the liveudpate not downloading the defnintions and you come across the error codes (e.g LU1835) which might not mean any thing to you, well below is the information which will help you to determine what exactly those numbers means.

1800 The operation was successful or the patch installed successful
1801 The user pressed the Cancel button or some other process (callback) told LiveUpdate to Cancel.
1802 COM Initialization failed (CoInitialize() function comes back as failed.) - We display a Windows Message Box at the start of LiveUpdate processing, before we create LuComServer.exe and before we create the normal UI.
1803 Our generic error code that we use when we don't know what happened or we don't try to get any extended error information.
1804 We didn't have enough system memory available to declare some object.
1805 There are no registered products in the Product Catalog.
1806 All downloaded patches...

Read more
Checking the Temporary Internet Files folder for better security
mon_raralio | 06 May 2009 | 13 comments

Monitoring for virus coming from the Internet would really help in preventing infections, at least on the entry-point where a client accesses a malicious website.
My first step would be to get the reports from the SAV or SEP reporter. The file would contain information on the infection particularly the path where the infection was detected.
Internet files would be stored in C:\Documents and Settings\username\Local Settings\Temporary Internet Files

Take note of the computer name, the username, and the time of infection.

I'm using Internet Explorer History Viewer and checking the remote PCs visited sites (assuming that the user hasn't yet deleted the history) and cross checking the sites visited at the time of infection.
The application shows the history in html table format so it's easy to see the sites visited.

I also use Norton Safe Web to get additional details on the website that was visited....

Read more
2003 Domain Controller problems
CharliePeek | 01 May 2009 | 2 comments

I have a 2003 domain controller and installed Symantec 10.1 antivirus. At this point everything seems to be fine. As soon as I do a live update on antivirus I can no longer access active directory because it cannot find the domain controller. I have an image of the box so I can get back to this point in a matter of minutes. Once I can no longer get into active directory I acn no longer get into the configuration of Symantec. I have even excluded all files on the hard drive from being scanned ie. active directory. This is driving me crazy. Any one have any ideas.

Read more
LiveUpdate issues
skjordansk | 30 Apr 2009 | 8 comments

I would believe that the first step to resolving a LiveUpdate issue is to upgrade it to the latest version using this link:

http://service1.symantec.com/Support/sharedtech.ns...

I would like to know people's thoughts on this. The idea is to not spend 15 minutes troubleshooting the issue, since the update may resolve it to being with. Besides, having the latest version of LiveUpdate will prevent any future errors from occuring.

Read more
virus Attack
PRUDENCE | 30 Apr 2009 | 10 comments

we have antivrus on our network and we are still experiencing infestation in our network can anyone help with any information on how to stop them from coming into the network.

Read more
Universal Antivirus Uninstaller
riva11 | 30 Apr 2009 | 9 comments

I'd like to share an interesting application that allows to uninstall dozens of different antivirus programs from a computer system.
It can help for example in case you have to remove an antivirus applications in case of errors during removal or when you need to replace a security application with another .

The AppRemover program is a portable software , free for your personal, non-commercial, use.

Supported Operating Systems :
Windows 2000, 2003, XP (32 / 64 bit), Vista (32 / 64 bit), 2008, Windows 7 beta

Antivirus & Antispyware Applications removed : Support Charts 

Link : AppRemover

Read more
Preparing for the Inevitable
Nel Ramos | 26 Apr 2009 | 7 comments

Let’s face it team, all of us know that we shall be facing with a virus infection/ outbreak in the near future. Preparation is the key to be resilient on pending virus attacks. In order for us to be prepared, we need to be informed with accurate, intelligent and factual data coming from a reliable source. With these things put together, the chances for us to be pillaged by unknown destructive elements would be minimal.

One good example was when we got information that CNN.com had word on a possible outbreak of the computer worm CONFLICKER.C a.k.a. W32.Downadup.C on April fool’s Day. Since the site was legitimate, we then geared on how we could deflect a possible breach. We also verified this with other reliable sources with the same positive information. Good thing, Symantec already had posted multiple articles on this worm. We then started to monitor virus definitions updates in all our branches and initiated/ follow up the manual...

Read more
A live scenario on "How W32.Sality infects uses machine"
SAM_SHAIKH | 23 Apr 2009 | 3 comments

W32.Sality

Overview
W32.Sality is a parasitic virus which infects shared drives and Windows executable files by putting its code to host files. It contains downloader functionality to further install Trojan or key logger components. Sality opens a backdoor that allow the remote attacker to get the full control over the infected computer and in turn the confidential information, representing a serious security risk.

Aliases
Microsoft - Virus: Win32/sality.am
Kaspersky - Virus.Win32.Sality.aa

Symptoms
W32.Sality has the following symptoms:

• Modifies System.ini files (Check for the modified date)
• Services listening on the network port(s).
• Unexpected network trafic to one or more of the domain(s).
• No access to File Monitor.
• Disables Safe mode boot
• Disables regedit and taskmanager
• Disables Antivirus

Characteristics
Upon execution, it starts...

Read more
svchost process consuming a lot of space in Ram
Peter_007 | 21 Apr 2009 | 7 comments

svchost a windows process which used to take about 1200k of ram space now takes 7000k space .
I have not installed any third party software.
Kindly suggest any remedy.

Read more