Endpoint Protection

I am running Symantec Endpoint Protection 11.0.6100.645 with the latest updates on Windows 7. 

I keep getting a message that "HTTP Nukesploit P4ck activity detected."

I wend to the attack signatures and have disabled system restore, updated the virus definitions and ran a full system scan.  No problems were found. 

I do not understand the "delete any values added to the registry" task and need some further explination. 

What else can I do to stop this issue.

Todd

The IPS is blocking this exploit

Is there anything I can do to stop this type of attack? 

Is there a way to turn it off?

Make sure your System is patched up with latest security patches for IE,..
Remove Un-necessary IE Add-Ons.
Delete Temporary Internet files and clean up your Temp Start - Run -%temp%

If you are using Microsoft Internet Explorer 6.0 SP2 ..is possible upgrade it to atleast IE 7..

All patches are up to date on WIN 7 and Nortons.  Have deleted Temp Internet Files.  I am using IE 8.0.7600.16385.

Still having the issues.  My wife's account on the same computer is not having this issue. 

Have you cleared out your accounts temp Start - Run - % temp%

Yes, I have cleared out my account temp file and even went to another account on my computer to delete files that were in use. 

I logged back into my account and first thing up was the alert.

Frustrating.

Go to Start--run--msconfig --Startup
and disable or unwanted programs in startup..specially the ones in the lower end on that list

Found this file in the start up, but can't find it in the directory. Is this the file causing the issue?

A google search for this file only point to anitvirus and spyware blogs..Disable it from starup..
then try restarting your computer..

Finally found the bugger in safe mode.  Removed it and rebooted.  Nortons did not come up at first and then rebooted again with no issue currently.  Thank you for the assistance.

Todd

That sounds good..atleast Symantec was blocking it in some way ( IPS )

Dear Todd,

Could you explain in detail how do you clear that popups

Thanks
Shri !!

There was a Threat on his machine that was there in startup..it was not getting detected by sep in normal mode..however it got detected in safe mode and the issue got resolved.

So you mean to say, after running in safe mode & he scan again & then he remvoed ?

Thanks
Shri !!

All,

The file was found using the MSCONFIG going to the STARTUP TAB.  The file was from an "unknown" source and the file name was SYSRDA32.exe. 

When you uncheck the block and reboot, you will find that it "re-checks" itself when you click apply or ok.  I had multiple restarts until I figured that little point out.

Had to go into SAFE MODE and search for the file there.  You will have to "unhide" system files to be able to locate the SYSRDA32.exe file. 

The file was located in  C:\Users\---your user name here----AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.

Make sure your NORTONs does not get shut off.  Had to reload my software to make sure nothing was funny with it.

Thanks again for all the assistance in fixing the problem.

Todd