Endpoint Protection

 View Only

  • 1.  sid29228 system infected downloader.dromedan

    Posted May 22, 2017 05:35 AM

    How to resolve this issue ? 

    What could be the possible isolation steps to remediate this infections and locate the infected file ? 



  • 2.  RE: sid29228 system infected downloader.dromedan
    Best Answer

    Posted May 22, 2017 10:52 AM

    Remove the host from the network and run a full scan on the machine. In addition you can try the Norton Power Eraser:

    https://security.symantec.com/nbrt/npe.aspx

    If this does not resolve it than re-image the PC.

    Symantec has a write-up here on it:

    https://www.symantec.com/security_response/writeup.jsp?docid=2011-101915-4058-99&tabid=3



  • 3.  RE: sid29228 system infected downloader.dromedan
    Best Answer

    Broadcom Employee
    Posted May 22, 2017 11:00 AM

    https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=29228

    apart from above mentioned, if any suspicious found on the system, submit to Security response.

    Response

    You may wish to perform some of the following actions as a precautionary measure.
    Run the Norton Power Eraser. (home users)
    Run the Symantec Power Eraser. (business users)
    Update your product definitions and perform a full system scan.
    Submit suspicious files to Symantec for analysis.


  • 4.  RE: sid29228 system infected downloader.dromedan

    Posted May 23, 2017 05:41 AM

    HI @Kathir,

    The first step is to isolate that computer from others to prevent any future download or spread of the threat.

    Download the latest Rapid Release definitions and apply them, then run a full system scan.

    If nothign was found or removed, perform a search with SymDiag's Threat Analysis Scan to look for any suspicious files.

    Using Today's SymDiag to Combat Today's Threats
    https://www.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats

    Please do keep this thread up-to-date with your progress!