Endpoint Protection

I've a problem with my internet explorer, I dont think is it a virus or not, Im just wondering why my browser is automatically redirect to other site like bizrumour.com and mainstories.com even though im working in the google.com sometimes even the internet explorer is not open it will execute automatically and the default site is either mainstories and bizrumour. please help

You should do a full system scan in safe mode and see what SEP comes up with. This is usually a sign that you are infected : (

Grant-

I already scan my desktop and still the problem is recurring

after scanning there is no virus detected

Make sure you are running the full scan in safe mode with system restore off. You can also try some free anti-spyware programs to see if they pick it up.

Suggestions:
http://download.cnet.com/Spybot-Search-amp-Destroy/3000-8022_4-10122137.html
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

I tried using the spyware tools still wont help.

in add / remove programs check if that have installed some tools to your internet explorer

if you dont find anything try this.

Hi,

 

Go to C: drive

Click on RECYCLER folder, you will find 6-7 several folders with numbers on it. check every folder and you will find nissan.exe in one of those. Even if you try deleting the file it will not let you.

 

Open up task manager and minimize it ...

Go to run ... type "regedit" and you will enter your registry editor ...

1. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

2. Click on Winlogon and see on the right hand screen ... you will find Shell ...

3. Restore you task manager.

3a. Right click on "explorer.exe" and End Process [your folders and desktop in the background will disappear but dont worry]

4. Come to Registry by pressing Alt+Tab. On the right of "Shell" it will say "explorer.exe, C:\RECYCLER [and the folder which contains nissan.exe]".

you may find others too, just keep explorer delete rest.

5. right click on shell and click modify.

6. Just keep "explorer.exe" and delete the rest.

7. Now restore the task manager and go to Applications.

8. Go to new task and just type "explorer" and press enter

9. Your desktop will re appear etc.

10. Go to C: drive and then RECYCLER folder and find nissan.exe again and just Shift+Delete it

P.S: if you find nissan.exe please upload the file to

https://submit.symantec.com/gold
before you delete it.

 

the solution you gave is not applicable, there is no nissan.exe found in the recycler, any other?

run the sepsupport tool from Symantec (latest tool), this has information about the suspiciosu file. You may need to submit those to SR.

Also check the IE setting  is set to high /medium(atleast).

Edit antivirus and antispyware policy
Go to miscellaneous and in inter net browser option set one URL of your company and try..
You can also refer the below doc 
Using Application and Device Control to stop registry entries added by a threat or risk 

I´ve also had that problem, and I solved!

SAFE MODE:

Run Anti malwareBytes, in safe mode -> Full Scan.

After that always in safe mode, run CCleaner -> Clean the registry, delete the internet temp files and windows system temp files,

Delete All "C:\Recycler" files

Full disk AV scan.

->problem solved!!

Hey!

I had the nissan.exe file, but the site dont allow me to upload it.... it says: "Please enter a valid Contact ID"

Thnx

Delete All "C:\Recycler" files
whats the value of shell in this reg key.
post a scren shot.
Go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

 on the right hand screen ... you will find Shell

Have you checked the URL for your homepage yet?
Some infections change the home page setting in your browser.