All,
This keeps popping up on one of our work PC's, yet Symantec reports no issues detected and I've run a full system scan.
It keeps showing every 30secs to 1 minute and I have no idea why. Does anybody have any suggestions?
TIA
Scott
Hello,
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Check this -
System Infected: Trojan.Cridex Activity 5
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28567
Trojan.Cridex
https://www.symantec.com/security_response/writeup.jsp?docid=2015-012314-0117-99
In this case, check the network logs for the source of the attack. (This may only work when you have Risk tracer enabled)
Secondly, this attack is currently being blocked by Symantec Endpoint Protection on your machine.
Hope that helps!!
I checked the write ups when it started and I cannot find any trace of it in the listed locations.
I'll dig deeper in the network logs.
Have you tried running a threat analysis scan with the symhelp tool?
How to run the Threat Analysis Scan in Symantec Help (SymHelp)'
Or Norton Power Eraser:
https://security.symantec.com/nbrt/npe.aspx
If SEP is not detecting anything, you need to move to a third party removal tool.
Hi Scotteh85,
That computer is infected with Cridex/Dridex. Isolate that machine straight away- Dridex is a dangerous trojan that steals financial data. Do not let that computer access your network or the Internet.
Cridex/Dridex arrives often from malicious spam documents that have macros. Read this and follow the recommendations:
Support Perspective: W97M.Downloader Battle Plan https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan
Here is an article about Dridex itself:
DRIDEX and how to overcome it. http://www.symantec.com/connect/blogs/dridex-and-how-overcome-it