Endpoint Protection

hi all!

Computers' My company are  using antivirus software Symantec  Endpint Protection. And now the company is a new virus-infected files.exe. For example ltzqai.exe, cfdrive32.exe, msdrv32.exe. ipz.exe, 11.exe 12.exe PC .... We don't have access to the internet and the computer starts very slowly. but Symantec has not kill viruses.

I look forward to your help. Thank you so much.

Hello,

I would start with downloading the latest Rapid Release definitions,

then boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in safe mode.

If that fails to detect and remove the threats,

there are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Support Tool with Power Eraser Tool included –

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec for analysis. New signatures will be created and included in future definition sets for detection.

http://www.symantec.com/business/security_response/submitsamples.jsp

Moving this thread to the Endpopint Forum for better visibility.

Best,

Thomas

You should submit these files to Security Response:

https://submit.symantec.com/websubmit/gold.cgi

You can use a program such as Process Hacker or Process Explorer to tell you where the file is located.

Submitting them to get definitions would be your best bet.

Thank for your idea!

I have sent virus samples to Symantec techsupport. I look forward to receiving support from their.

You can PM your submission number and I will check it for you.

The following document contains details on the 5 steps to take during an outbreak:

Security Best Practices for Protecting a Business Environment from Common Threats (http://www.symantec.com/docs/TECH105236)

I definitely recommend isolating the infected computers from teh rest of the network until AV definitions agianst this variant are in place.

Please keep the forum up-to-date on your progress!

Thanks and best regards,

Mick

Hello Pawel Lakomski,

    A lots of thanks for your comment. I'm a Vietnamese so my english is not good . Could you tell me what "PM submission number" is? This problem is very urgent to me, you can please contact me via email huyenntt.aits@vietnamair.com.vn

    I look forward to receiving a reply from you soon. Thank you very much!

Send Pawel a private message (PM) with your submission number you received from Symantec so he can look into it for you

Oh! Thanks Brian81

This is great information. I am considering exploring and using these tools.

Thanks for this helpful information.