The boss has recently returned, after a several month business trip. At some point during this time, his Norton Antivirus was deactivated and his computer was infected with several worms and viruses.
I have since reactivated Norton, but I cannot seem to get rid of these worms, mostly because they disable the Internet on the laptop once Norton has blocked them.
This prevents me from running Windows Update and Norton Update (two things that haven't been done in awhile). I have, however, downloaded the Norton anti-virus definitions on a seperate computer, and used that to update the laptops defintions, though I have no real idea as to whether or not that helped against the worms.
The worms that Norton is blocking are:
- MS PnP QueryResConflist BO
- MS ASN1 Integer Overflow TCP
- MS RPC LSASS DS Oversized Request (TCP)
- MSRPC Malicious LSASS DS Request BO
I have searched the symantec website, and downloaded the subsequent Microsoft updates that are related to these worms, but they still persist. My theory is that these updates from Microsoft are meant to prevent the infection of these worms, and do not actually remove them if the infection has already taken place.
While formatting the laptop is an option, it's going to be a last resort. I have backed up more of the important data located on it to a seperate flash drive (not going to put it on the network), but I'd prefer to avoid the entire re-installation of the programs there if possible.
I've ran a full norton system check twice, and it's found several things (both times) which have subsequently been removed. I've also ran Windows Malicious Software Removal Tool, which reported no malicious software on the machine, though I know that the worms are there.
To cover what happens, if the laptop is not on the Internet, then nothing really happens out of the ordinary. When the laptop is connected to the Internet though, Norton will start popping up indicating that it has blocked an intrusion attempt by the above mentioned worms, and in some cases mentioning the same worm more than once. At this point, the Internet on the computer will stop working completely.
I've searched on the Internet have resulted in nothing useful, and I'm sort of at a loss as to what to do.
Any help would be appreciated.