Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
I'm running Endpoint Protection and Symantec continually pops up that it has quarantined the file downloader.swif.c. I've updated the virus definitions, run a full scan several times, run Windows Defender and Ad aware but the problem continues. It seems to recreate itself ever couple seconds and the only temporary relief is a reboot.
Went to chat support yesterday but was only offered another $99 service with no advice on getting rid of this virus.
Thanks,
I posted here because Symantec offered no help. I was hoping that someone here could.
Thanks anyway
it sounds like somethings working if it keeps quarantining downloader.swif.c but it sounds like you are already infected with something else.........
if you haven't already boot to safe mode and run a full scan..... i don't know how endpoint distributes its definitions... or how to tell you if they are up-to-date... or if the intelegent updater would be of use to you... i think endpoint protection is the corporate version of antivirus but its unclear to me which if any of the norton tools would work with it....
have you tried the forum the moderator told you to go to?
The file definitions were updated yesterday. I've booted up in safe mode and ran the antivirus program, and posted on the Symantec forum.
Last night I ran a system restore but still have the virus.
I would recommend that you follow the steps laid out in the Downloader.swif.c removal page as they are listed. From your post, it is clear that you’ve done some of the steps, but possibly not all together. Please let me know if I’m mistaken. Thanks!
I did not disable system restore prior to running a full scan. From what I read on the instructions, that step pertained to Windows ME/XP and not Vista. However, I will try it and see what happens.
robren wrote:
I did not disable system restore prior to running a full scan. From what I read on the instructions, that step pertained to Windows ME/XP and not Vista. However, I will try it and see what happens.
I think you will find that system restore functions in VISTA also (maybe even more so) works to in effect stop you from changing system files by immediately restoring them from its "reserve store" so if malware damages that then the malware is restored too -- which fits in whih what you describe.
Do try again doing exactly what the document says then if that does not work someone can help you knowing exactly what you have done.
Good luck.
I am having problem completely removing this downloader.swif.c Trojan. My symantic virus scanner detects about 20-30 downloader.swif.c files around the same time everyday in the morning and says it has been quaranteened successfully. I followed the instructions on the symantic website exactly. After I disabled the systems restore and after full scan, my virus scanner detected additional 400 downloader.swif.c files the it quaranteened successfully and deleted. But this was all no use as it keeps detecting new downloaser.swif.c files the next morning around the same time. What else can I do to completely remove this Trojan file? Please help!
I still haven't gotten rid of it completely. I'm having the same symptoms.
For no apparent reason, I'll receive a notification that the virus has been quarantined...repeatedly for several minutes or until I reboot. Usually only a couple instances appear on a reboot.
The files being quarantined are .TMPs, and I think (I'm at work and don't have the path in front of me) they are located at C:\users\Bre....\appdata\local\temp.
I had about 4500 .TMP files in that directory at one time and couldn't delete them. I think Symantec finally recognized them all as the Downloader.Swif.C virus and quarantined them as they are no longer there.
Frustrating isn't it?
I would also recommend that you follow the steps listed in the How To Troubleshoot a Suspected Malware Infection announcement. There are some great steps on identifying and removing malware from your system. Thanks!
Thanks Tony,
I also found some great communication about the specific problem here:
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&thread.id=2671
Unfortunately, there doesn't seem to be a fix.
And you also tried the steps in How To Troubleshoot…? That seems odd. Are you able to submit it to Symantec?
Copied from Symantec Enterprise (STN) forums....
Hi All,
for all those folks who are facing the DWH* files being reported as a trojan, if you have any support cases open for the same, I'd advise that you ask the support engineer(s) working with you to provide you with a new tool we just came out with. Its called "SymDelTemp". You can run this tool on the affected systems to resolve the trojan warnings, and also to delete the excess temp folders / files.
If you dont have a support case open, I'd recommend that you create one using the http://www.symantec.com/norton/support/index.jsp portal, or call and get a new case created, and get this tool to fix the issue.
I havent been able to see this false positive being created again on my test systems post execution of the tool.Would appreciate any inputs from all users if the issue is being re-created post successful execution of this tool. PLease note that this tool currently supports ONLY SAV 10.x and SEP 11.x
Abhishek Pradhan, MCT
Symantec Corporation
Link to original STN Enterprise forum post
Moved to its own thread for better exposure.
I know this doesnt help but using POP3 email like Outlook will always be unsafe. I stopped using it years ago and I only use web based. My Yahoo email works fine which comes with my AT&T account.
Endpoint Protection is one of Symantec's enterprise products.
The Norton community is here is targeted for Norton Consumer Products. Symantec does have an enterprise community located at:
With the specific endpoint area you are seeking located here.