Endpoint Protection

 View Only
  • 1.  Virus detection failure?

    Posted Dec 20, 2009 06:47 PM
    I've created a ticket for the following.  Just trying to find out if I'm alone on this one.
     
    The virus goes by the name win32.Agent.aazf.  It is a trojan that I believe has been around since beginning of 2008.
     
    The computer symptoms was basically loss of internet (but not network).  Windows diagnostics report a corrupt winsock catalog.  Restart of computer brings everything back.  Perfect all day.  Problem returns when user comes back next morning. I thought at first it was a windows update gone bad....but wait....
     
    Nothing much on the internet brought me to any conclusions, but for whatever reason, I downloaded Windows defender, ran a scan, and the trojan was detected and removed.  I work at a school where many workstations are now exhibiting the same characteristics.  On one infected machine, I downloaded AVG's free product.  Found the virus and deleted it.  No more symptoms.  Norton scan shows nothing.
     
    Before you ask:
     
    The problem occurs on computers running Norton Corporate 10.2 or Endpoint.  OS is Windows XP.
    Yes, the live update shows the latest rev's and the most available definitions.
    I went to http://security.symantec.com and ran their online virus scan (which should have nothing to do with what norton product I have installed).  It found nothing in a computer which had the symptoms and showed the virus present using one of the software products mentioned above.  This is the most baffling piece of information to me.  I fully expected the online scan to find this trojan.  It didn't
     
    I will certainly post any followup I have with the open case.  Not looking forward to sitting on hold tomorrow waiting for a tech.  If anyone has any clues, or has the same problem, I'd really like to know.
     
    jmj


  • 2.  RE: Virus detection failure?
    Best Answer

    Posted Dec 20, 2009 09:49 PM
    You can use the article below for repairing the winsock:

    https://www-secure.symantec.com/connect/articles/how-repair-winsock-if-it-gets-corrupt

    Aniket


  • 3.  RE: Virus detection failure?

    Posted Dec 21, 2009 02:44 AM
    Hi Jmj,

    Just to confirm: have you submitted the file to Symantec Security Response?  They will examine the suspicious files that are sent to them and create protection, if necessary.  If the suspicious file is not being detected by SEP or SAV then chances are no one has sent Security Response a sample yet.

    Finally, just a plug: you've taken good steps in fighting the threat so far. If you have not already done so, I recommend ensuring MS patch levels are up-to-date and updating third-party software programs like Adobe and VNC which have vulnerabilities in their older versions.  Many threats are designed to exploit specific vulnerabilities and patches machines won't be affected.  It's also a good idea to ensure a strong password policy is in place, network shares are locked down and autorun is not enabled.

    Let the forum know how you get on!

    Thanks and best regards,

    Mick