Endpoint Protection

 View Only

  • 1.  win32sta.dll

    Posted May 30, 2011 06:59 PM

    hi

    i found virus in my pc called win32sta.dll in windows dir and user dir and created Registry Value :
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Bindows]
    AppInit_DLLs = "%System%\win32sta.dll"
    DeviceNotSelectedTimeout = "15"
    GDIProcessHandleQuota = 0x00002710
    Spooler = "yes"
    swapdisk = ""
    TransmissionRetryTimeout = "90"
    USERProcessHandleQuota = 0x00002710
    LoadAppInit_DLLs = 0x00000001

    and he prevent me to enter to any anti virus we by changing host file at win\system32\drive\etc\host

    also pevent windows update

     

    But sep didn't founded

    so i run at safe mode and deleted from my pc

    and deleted the reg



  • 2.  RE: win32sta.dll
    Best Answer

    Posted May 31, 2011 02:57 AM

    If SEP is not detecting the threat then make sure you submit the Suspicious/Infected files to Symantec Security response so that they can create a definitions for it.

    It was 1 machine so you deleted it and now you are ok , however if it had been 100 machines you can't do that and if you are infected with same threat again you cannot repeat the steps again and again.

    So its just a 1 time pain do submit the files to Symantec

    http://www.symantec.com/business/security_response/submitsamples.jsp



  • 3.  RE: win32sta.dll

    Posted May 31, 2011 07:06 AM

    Thanks Vikram

    Yes it only on 1 machine

    I didn't know about this procedure

    But if I infected with same threat again or any unknown threat I will submit the files to Symantec



  • 4.  RE: win32sta.dll

    Trusted Advisor
    Posted May 31, 2011 08:05 AM

    Hello,

    Follow these Steps:

     

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 
     
     

    What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

    http://bit.ly/lnTdf5