Endpoint Protection

Hi guys, I recently posted a thread asking how to get rid of this, but I wanted to send a sample of the virus to symantec but it turns out neither of the files seem to even exist on my computer...I tried deleting it with DOS..nothing, tried doing the system restore on and off...nothing, I tried going into safe mode and doing a disk cleanup before I did another scan in safe mode....nada. Why is is that this file doesn't seem to show up anywhere?

Path: c:\users\*****\AppData\Local\Temp\csonwxmrae.exe
and c:\users\*****\AppData\Local\Temp\wxnocesmra.exe

There are no symptoms of a virus existing on my computer either....
 

I use malwarebytes. SEP just seems to overlook the processes that cause it to install.

If the files are not shown they must be super hidden files.

The super hidden files will now be visible in Explorer. This can be viewed by directly editing the registry

1. Start the registry editor (regedit.exe)
2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer if using Server (or Advanced Server) or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced if using Professional (Workstation)
3. If the value does not exist create a value named ShowSuperHidden of type DWORD
4. Set to 1. Click OK
5. Close the registry editor.

Note: Do not forget to take a backup of the registry before following these steps.

Thanks Arshad,

I'll try that...I don't completely get all of the stuff you said there because I'm a complete newbie when it comes to fixing computers, but I'll definitely give it a try once I'm done finishing some school work. Hope you'll be back to help me out if I screw up. :P

One more thing! When I scan it in safe mode and in normal mode, symantec will detect the virus...it just will say "no repair currently available"...so I was trying to remove it manually..but obviously since I can't find the actual file it gets kinda difficult. Basically, symantec can detect it...just not visible in my computer system.

If you get such an message then check the virus definition dates.

If dates are right download the rapid release and then run the scan,

Symantec has updated it definition for Trojan.Gen and Trojan.Gen.2 on 28 May 2011.

So merely downloading the latest definitions and running a scan must fix it. If not try the rapid release.

Rapid Release:-

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

It looks like a Rootkit to me..It wont be visible from user mode try GMER or Icesword to manually remove it.

Hello,

Please Follow this steps in the Article:

How to block known virus executables that run from %UserProfile% using Application and Device Control

Trojan.Gen.2 is a generic detection. If Endpoint detects any file, it either deletes the file or moves it to quarantine. In your case, you said no repair currently available. Hence please follow below document to submit the file it that was quarantined.

How to submit suspicious files via the online submission form that have been quarantined by Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV)

http://www.symantec.com/business/support/index?page=content&id=TECH97449&actp=search&viewlocale=en_US&searchid=1306780255836

See this statement regarding the "No Repair Available" message.

https://www-secure.symantec.com/connect/forums/no-repair-available-virus-detections#comment-5628701

Hi there,

I DID download the definition...it doesn't seem as though it's done anything to fix the situation...unless after I've downloaded it I'm supposed to move the definition to a specific file or something. Also, I can't really contact technical support because I don't have a support ID, I got this antivirus from my university so I don't believe that I have a support ID.

Did you run a full scan after downloading the Rapid Release definitions? If you have done that, then run the Power Eraser tool, and lets see if something is detected and removed.

About Power Eraser - http://www.symantec.com/business/support/index?page=content&id=TECH134803&locale=en_US

SEP support tool - http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

Okay Mohammed,

So I did everything you said....what do I do now? Should the files be shown now or something?

Funny thing,

I actually did both of those..and nothing. Nothing was solved...

Run the "Load Point Analysis" tool (found in the SEP support tool), and attach the output back here for analysis.

About the Load Point Analysis tool - http://www.symantec.com/business/support/index?page=content&id=TECH96291&locale=en_US

Right click the c drive and in windows utilities, run the disk cleanup.

Aslo remove the unused system restore point folders using disk cleanup.

this should resolve the problem...

There was a bug in the program due to some recent updates. It was fixed on the definitions sent on 6 June '11.

Try the scan now. It must be fixed.