I got this symantec Endpoint system version 11.0.2000.1567 with the latest update. But I still got countless of w32.Downadup infecting my computer. I have install (MS08-067WindowsXP-KB958644-x86-ENU.exe), (chktrust.exe) and (D.exe). All show no virus but the endpoint keeps popping up the virus. What else can I do?
I think if you installed MS08-067 patch properly, your account/password may be weak then re-infected.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=2
Hi Master_m:
I don't know if you will be able to run the scans unless you are able to do so as administrator since you have the corporate version. If not, you will have to take it to the IT's.
Please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.
Choose report or log, check all the boxes and scan.
You will be able to post the log here using the "add attachments" link just below the orange post button.
http://homepages.slingshot.co.nz/~crutches/SysProt
Hi master_m,
Since you are using Symantec Endpoint protection (Corporate edition), you may have to post the same in Symantec Enterprise forum (http://forums.symantec.com) for getting more information on problems related to Enterprise product- Symantec AntiVirus. This forum is only for Symantec Consumer Products(Norton Internet Security, Norton AntiVirus, Norton 360 etc).
However, I would suggest you to try the fix tool mentioned at the end of this document for Enterprise Users:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009033012483648
Let us know if it worked for you
Yogesh
Hi,
Did you try running the W32.downadup removal tools? If not, please try that.
You need to disable Windows System Restore first. You can find the steps in the following Knowledge Base Article.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
Then download the W32.downadup removal tool from the following link.
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/D.exe.
Save it to your Desktop.
Close all the running programs and disconnect from Internet or any network.
Run the tool from desktop (I think the downloaded file name will be D.exe)
Restart the computer and then run the tool one more time.
Let us know how that goes..
Vineeth--
These are just some of many infected files.
I did a scan when I off the auto-protection. No virus found. I did a scan using D.exe and no virus found. But my NA will pop up virus detected now and then. Anymore sugguestions? I have not try disabling system restore. Keep you guys update.
[edit: resized image.]
Message Edited by MikeLee on 07-29-2009 10:52 PM
Master_m:
As per my prior post, please run a SysProt log for us so we can check your system for rootkit activity. You will need to disable Norton auto-protect while you run the scan.
Choose report or log, check all the boxes and scan.
You will be able to post the log here using the "add attachments" link just below the orange post button.
http://homepages.slingshot.co.nz/~crutches/SysProt
master_m,
It's really important you follow all the instructions given here, as W32.Downadup is one of the nasty Threats out there, as am sure you've heard about. I would suggest you check out the Web Link (below).
Summary for W32.Downadup.B: http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99.