Endpoint Protection

Suddenly we have started facing one issue with our Windows XP SP3 clients. The issue is, we are not able to login on XP clients with domain user credentials. This results in an error “invalid access to memory location”.

we are getting events

The security package Kerberos generated an exception.  The package is now disabled. The exception information is the data.

The Security System could not establish a secured connection with the server cifs/rsi-dc11.tata.com.  No authentication protocol was available.


The Security System could not establish a secured connection with the server cifs/rsi-dc11.tata.com.  No authentication protocol was available.

there is some virus which is creating this issue ..but SEP is failing to detect it

http://social.answers.microsoft.com/Forums/en-US/xpnetwork/thread/38f7907e-44a3-4987-be9f-585f76593946" href="http://social.answers.microsoft.com/Forums/en-US/xpnetwork/thread/38f7907e-44a3-4987-be9f-585f76593946" class="linkification-ext">http://social.answers.microsoft.com/Forums/en-US/xpnetwork/thread/38f7907e-44a3-4987-be9f-585f76593946

even i faced the similiar issue & uploaded the infected files which was detected in kaspersky & dr web..after removing this I was able to login without any issues.

[TRACKING]: Symantec Security Response Automation: Tracking #14145483

Hi Anil,

Many thanks for spreading awareness of the threat, and sharing your experiences- other forum visitors in silimar circumstances may find the info helpful!

It is excellent that you took the time to submit those files to Symantec - I checked and Symantec Security Response will examine them in due course and create detection and defences, as necessary.  

If faced with a similar circumstance (the malicious files almost certainly identified, updated definitions needed) it is generally best to contact Symantec Technical Support and open a Case.  They can help to identify any additional related files, provide guidence on how to fight the outbreak, and what actions to take until new definitions are available.  The forum, in general, can offer peer-to-peer guidence and assistance but isn't intended to be a place where detection for new files is added.  I'd hate to have seen your proactive work "fall through the cracks" and protection against a new threat not added.

Thanks and best regards,

Mick
 

I think symantec seriously took  about submission, now its treated as infostealer. but still 1 more files needs to be detected in my submission. other files by named yjb.bak was found on other machine which was having same issues. hope so they will release the virus definitions

check the other product details which are detecting my submission as virus..


http://www.virustotal.com/analisis/edb5b23c1029e5c49b77947521876a415ee6e767457101f19e43136cac1267c0-1261049161

http://www.virustotal.com/analisis/bc79daad593df479e116f3c3f77782bd587b8e11f4507f912ae3cc5d0d30d5f7-1261049873

Hi Anil,

Yes, I have checked this morning - those samples are now being detected as Infostealer.Daonol and Infostealer.  Cheers once again for submitting them to Symantec!   Many signatures (like these two) are added to our definitions through the action of users like yourself, increasing the protection availavble to all.

Please let the forum know if this has resolved your issue, and do use the forum or contact Symantec Techncial Support for future assistance!

Thanks and best regards,

Mick

now both are detecting...:-)

is there any ways to get membership account where i can call in technical support without providing any product id..???