Hello,
I'm running windows xp sp2.
I have symantic endpoint protection.
I recently got the Trojan.gen.2 and trojan.zeroaccess.c and trojan.zeroaccess.b.
i keep getting this endpoint notification every minute abt the trojan.
here is the the csv export from endpoint.
Risk | Filename | Original Location | Status | Date |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:29 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:29 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:30 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:30 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:32 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:19 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:20 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:21 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:21 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:10 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:10 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:11 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 17:11 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:30 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:30 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:30 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:31 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:32 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:32 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:33 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:33 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:37 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:37 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:37 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:38 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:41 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:41 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:42 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:42 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:45 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:45 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:45 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:46 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:49 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:49 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:50 |
Trojan.Gen | 00000008.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:50 |
Trojan.Zeroaccess.C | 000000cb.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:54 |
Trojan.Gen.2 | 00000004.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:54 |
Trojan.Zeroaccess.C | 80000032.@ | C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\ | Infected | 10/24/2012 16:54 |
Here is the pop msg from endpoint:
Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U\00000004.@
Location: C:\RECYCLER\S-1-5-21-527237240-776561741-682003330-192037\$4ee1bee635b6cd0545a0230fbca94677\U
Computer: CASSKRRADHAK1
User: RRadhak
Action taken: Pending Side Effects Analysis : Access denied
Date found: Wednesday, October 24, 2012 6:01:35 PM
I have tried the 'filezeroaccess.exe' and 'norton power eraser' with no help.
Any suggestions would be GREATLY appreciated.