Endpoint Protection

The antivirus detection results window has been up and running for over 24 hours. It is continuously deleting the same risk with the following name:

Backdoor.Graybird!gen

The system spent the first 8 hours detecting it and the last 16 deleting it, updating every 3 seconds or so. How can i complete this action? Every time i close the box it reopens, sometimes two window for every one i delete.

Are these all Auto-Protect detections?  If so, something may be trying really hard to get onto your computer.

http://www.symantec.com/security_response/writeup.jsp?docid=2007-051115-2423-99

sandra

they are all auto-protect detections. But if it is a program trying to get into my computer, why would it still be continuously detected and deleted after i disconnect the internet connection. Im not very computer savvy, but that doesnt make sense to me. So it leads me to believe it is a Symantec issue and not a virus. Of course i may be wrong. Any advice on how to proceed from here will be greatly appreciated.

Hi Dane82,

I recommend that you disconnect that computer from your network at once and read this article: Best practices for responding to active threats on a network

It sounds like there is eitehr something on the network which is constantly trying to infect the computer, or something currently undetected on the computer which is creating a Graybird which is detected.

Get Rapid Release definitions onto the computer and perform a full system scan in safe mode: that's where I'd start.

Please kepe the forum up-to-date with your progress!

Thanks and best regards,

Mick

I am agreeing with Mick.You can use Risk tracer also for finding the PC which is attacking your server.Refer this article.
Worms and threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker