Endpoint Protection

Hi,

I am having problem of Backdoor.Trojan virus . Symantec gives pop up everytime system reboots win.exe file is found in my system 32 . Please help me  to remove this virus i have tried all attempts full scan in safe mode including .

Have you submitted the file(s) to Symantec?
If not, please do so. And I want to add: the sooner you do, the sooner they have a removal for it.

 This is already documented and stuuf at

http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99

Hope this helps you

Hi,

Ya i submitted the files  to symantec jst waiting for the reply .I tried the page but that removal solution doesnt work

Some other suggestions will help

What is the name of the trojan being identified by Symantec? 
Have you tried restarting the machine in Safe Mode and than running the scan?
Sounds like the trojan is being loaded into memory and simply removng the file will prove futile, as it is in a process, most likely svchost.exe and thus, whenever the system is restarted it will recreate the file.  It probably also has a registry entry in HKLM/Software/Microsoft/Windows/CurrentVersion/Run or Runonce or RunOnceEx

Verify that nothing is in those registry keys that should not be there....

Hi Rishi, please post HiJackTHis Logs here, we might see suspicious programs running on startup.

Not Really, Let's not go the HJT way. That is not the approach taken here irrespective of the fact how good it is. There are lot of other forums where the HJT is studied but I am sure this will be controversial again for obvious reasons. So, Let's take the regular way.

Support have a tool by the name LPDU, You can ask them for it and it will generate a good HTML for the current state of the system.

Ok Sandeep, please provide a link.. =)

It's a support tool and can be obtained by calling them up or creating an online case at Mysupport

http://service1.symantec.com/SUPPORT/ent-security.nsf/0/8f90ab8cfbbae5d688257459006a7f9f?OpenDocument