Endpoint Protection

Hi There,

Can anyone help me with a recurring item W32.Downanup.B - uzxthlq.awr. Every day this is found on most of my Windows 2003 STD servers. I am running SEP 11.0.5, and this file has been around for a while now. I thought that Symantec had gotten rid of it but it just keeps coming back. I went into the View Quarantine box and saw the risk item. I double clicked on the infected file (line item) and from what I can make out, this virus is trying to run a scheudle job called at1.job. SEP then removes the task and the infected file from windows\system32\ and then tomorrow I am back to square one with the same infection.

I have now set SEP to run every night on my servers to try and stop this file but annoyingly it keeps coming back. Is there anything else I can try to get to the root of this infection. I am not to sure on checking for rootkits as i would on a normal laptop/desktop, but being a server im not 100% sure on the procedure, that is if there is any different procedure.

Anyway If someone could point me in the right direction that would be great, thanx.

It is possible that some of the system in your network having virus and it is causing re infection.

Assure that all the PC in your network having KB 958644 patch installed....

You may use this article for finding out which are clients creating problem

Wormsand threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker

We need to vahe all the computers fully updated with Microsoft Patches and Antivirus Definitions to be up to date. Below are articles those you can refer.

Title: W32.Downadup
Web URL: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99

Title: 'Security Tip: How to Determine if a Specific Microsoft Hotfix Has been Installed?'
Web URL: http://www.symantec.com/docs/TECH94284

Title: 'Simple steps to protect yourself from the Conficker Worm'
Web URL: http://www.symantec.com/docs/TECH93179