Endpoint Protection

 View Only

  • 1.  SEP cant remove Trojan.ADH

    Posted Oct 27, 2010 11:06 PM
      |   view attached

    Hi All,

    I need  the solution on how to remove Trojan.ADH.  The logs file generated by SEP taking up C drive space in my PC.

     

     

    Regards,

    othman

    Attachment(s)

    doc
    quaritine file.doc   122 KB 1 version


  • 2.  RE: SEP cant remove Trojan.ADH

    Posted Oct 27, 2010 11:39 PM

    Follow this

    Trojan.ADH - Removal

    http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99&tabid=3



  • 3.  RE: SEP cant remove Trojan.ADH

    Broadcom Employee
    Posted Oct 27, 2010 11:46 PM

    scan the system in safe mode. if you find any suspicious file submit it to SYmantec for analysis.



  • 4.  RE: SEP cant remove Trojan.ADH

    Posted Oct 28, 2010 12:05 AM

    It looks like SEP is detecting Trojan.ADH, and quarantining it.

    What are the full file names, and the original locations of the files?  The columns for those are very narrow, so the full path is not visible.  In the Risk or Scan logs, how were these files detected (for example, Auto-Protect, Full System Scan)?

    What version of SEP do you have?  Are logs filling up your drive, or is it the contents of the Quarantine itself?

    From the Security Response write-up:

    "Trojan.ADH is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers."

    (Emphasis mine.)  I would also double-check that all Windows Critical Updates are applied, and third party programs/plug-ins such as Adobe Reader / Flash / Shockwave, Java etc. are all at the latest version.  If these are all really malware files on your machine, you may need to patch a vulnerability.

    You can also use the SEP Support Tool's Load Point Analysis and Power Eraser for further identification (in order to submit) and eradication of suspicious files.

    sandra



  • 5.  RE: SEP cant remove Trojan.ADH

    Posted Oct 28, 2010 12:20 AM

    Please export the risk log and attach it here.

    However from the screenshot, it is possibly a false positive issue which you will need to open a Support ticket to iron it for good.



  • 6.  RE: SEP cant remove Trojan.ADH

    Posted Oct 28, 2010 10:22 AM

    If the above removal instructions fail to do the job, try using the Norton Power Eraser Tool.

    To use Symantec Power Eraser, check the Symantec Power Eraser box when you run the Support Tool.

    http://www.symantec.com/business/support/index?page=content&id=TECH134803&locale=en_US

     

    Video - https://www-secure.symantec.com/connect/videos/power-eraser-overview

     

    Regards,

    Thomas



  • 7.  RE: SEP cant remove Trojan.ADH

    Posted Nov 21, 2010 10:57 PM

    Thanks Pete,

    I have solved my problem.

     

    regards,

    oyajid



  • 8.  RE: SEP cant remove Trojan.ADH

    Posted Nov 22, 2010 10:23 AM

    I would highly recommend using the Symantec Endpoint Recovery Tool (SERT). It is a boot CD that can be updated with the latest defs. This is important because anytime you can have an enviroment where Windows services and files are not in use makes removing stubborn infections that much easier!

    You can download SERT via fileconnect (it is an ISO, so you will need to burn the CD).

     

    SERT Video:

    https://www-secure.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert

     

    How to update defs on the SERT tool:

    http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US