We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Virus within symantec

fnbgppl
fnbgppl asked
on
Medium Priority
1,109 Views
Last Modified: 2013-12-04
I had computers that began to reboot when they ran a certain function of a program.  I ran clamwin on one of the client computers and it came up with the folowing:

ERROR: Can't open file C:\Program Files\Symantec AntiVirus\SAVRT\0927NAV~.TMP
ERROR: Can't open file C:\WINDOWS\system32\config\default
ERROR: Can't open file C:\WINDOWS\system32\config\SAM
ERROR: Can't open file C:\WINDOWS\system32\config\SECURITY
ERROR: Can't open file C:\WINDOWS\system32\config\software
ERROR: Can't open file C:\WINDOWS\system32\config\system

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\vd20d603.vdb: Trojan.Aavirus FOUND
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\vd20e404.vdb: Trojan.Aavirus FOUND
-- summary --
Known viruses: 46717
Engine version: 0.88
Scanned directories: 3388
Scanned files: 37672
Infected files: 2

Has anyone ever had this?  This comes up after I uninstall/install symantec as well.  symantec 10 enterprise.  I am running clamwin on the server right now.  Is this just in the quarantine file?  If not why when I uninstall symantec will the program work?  How do you go about tracing how a virus got into the system?   Any help would be appreciated.

FNBGPPL
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
Hi fnbgppl,

i would say anything in the symanted folder that it picks up will be quarrantined items. when you uninstall symantec it doesnt delete a lot of files, you have to manually do it yourself or do a google search for norton removal tools and take your pick..

permissions errors on the other folders i think, you can tryin running the scan in safe mode

also make sure you turn off system restore as it harbours malware....

Cheers!

Author

Commented:
These ended up being false positives from clamwin

fnbgppl
CERTIFIED EXPERT
Top Expert 2006

Commented:
ah i c    so all good now?

Author

Commented:
Yes, but have you ever heard of symantec virus 10 enterprise causing problems with some interaction with ethernet cards.  Specifically amdtek an983 10/100?
CERTIFIED EXPERT
Top Expert 2006

Commented:
no i havent, norton shouldnt be touching anything to do with hardware    whats it doing
Commented:
sending me a bsod and reboot on some machines and just logging the user off on others.  I ended up having to reinstall an older version of the driver which fixed the problem, but touching 100 computers was not a joy.  I was just wondering if you had any idea of how it could have even occurred.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2006

Commented:
not with symantec no, but then they have been known to do some stupid things to machines in the past, unless it detected the new driver as an issue, you may want to plug the driver name into the web site and see if there is any issues with it...

Author

Commented:
I'll do that thanks alot
CERTIFIED EXPERT
Top Expert 2006

Commented:
no worries mate

cheers
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.