I think if you installed MS08-067 patch properly, your account/password may be weak then re-infected.

http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=2 

Hi Master_m:

I don't know if you will be able to run the scans unless you are able to do so as administrator since you have the corporate version.  If not, you will have to take it to the IT's.

Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Choose report or log, check all the boxes and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

Hi master_m,

Since you are using Symantec Endpoint protection (Corporate edition), you may have to post the same in Symantec Enterprise forum (http://forums.symantec.com) for getting more information on problems related to Enterprise product- Symantec AntiVirus. This forum is only for Symantec Consumer Products(Norton Internet Security, Norton AntiVirus, Norton 360 etc).

However, I would suggest you to try the fix tool mentioned at the end of this document for Enterprise Users:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009033012483648

Let us know if it worked for you

Yogesh

Hi,

Did you try running the W32.downadup removal tools? If not, please try that.

You need to disable Windows System Restore first. You can find the steps in the following Knowledge Base Article.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Then download the W32.downadup removal tool from the following link.

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/D.exe.

Save it to your Desktop.

Close all the running programs and disconnect from Internet or any network.

Run the tool from desktop (I think the downloaded file name will be D.exe)

Restart the computer and then run the tool one more time.

Let us know how that goes..

Vineeth--

 These are just some of many infected files.

I did a scan when I off the auto-protection. No virus found. I did a scan using D.exe and no virus found. But my NA will pop up virus detected now and then. Anymore sugguestions? I have not try disabling system restore. Keep you guys update.

[edit: resized image.]

Master_m:

As per my prior post, please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.

Choose report or log, check all the boxes and scan.

You will be able to post the log here using the "add attachments" link just below the orange post button.

http://homepages.slingshot.co.nz/~crutches/SysProt

master_m,

It's really important you follow all the instructions given here, as W32.Downadup is one of the nasty Threats out there, as am sure you've heard about. I would suggest you check out the Web Link (below).

Summary for W32.Downadup.B: http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99.