Solved

Symantec Antivirus Notification help with Corp Edition

Posted on 2006-07-14
5
680 Views
Last Modified: 2008-01-09
I have a customer using Symantec Corp Edition and they have one virus poping up.

The name is :  kbdFIG.dll and symantec says it can't remove it.

I've started in SAfe mode and Disabled the System restore button and it still does it.

I've checked out Norton/Symantec site but I must be looking in the wrong spot.

Any help thanks!

Paul
0
Comment
Question by:paulbarstool
5 Comments
 
LVL 38

Expert Comment

by:younghv
Comment Utility
Paul,
Are you sure of the spelling "kbdFIG.dll"?
I can't find any reference to it anywhere.
Vic
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
Does Symantec tell you the location of the said file?

Can we look at your hijackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 32

Expert Comment

by:r-k
Comment Utility
I would suggest the following (already mentioned by rpggamergirl above)

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Then, do the following:

First locate the file named kbdFIG.dll (probably in c:\windows or c:\windows\system32)

Then:

(0) If running XP Home, boot in safe mode, if XP Pro or 2000, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot (into normal mode)

After reboot the file(s) will be unable to run (because no one can access them any more). The symptoms should be gone.

At that point I would suggest a full scan with Symantec AV again in case some other files were being masked by the dll.


0
 
LVL 1

Expert Comment

by:PJulius
Comment Utility
You might want to try another antivirus utility as well; often different utilities will disagree on what they find and what they can kill. You might have more luck clearing out the infection with AVG Free or some other antivirus.
0
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
Comment Utility
For 'on-line' scans that don't interfere with your existing AV, you can use:
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/index.php?tab=0
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include tâ€Ĥ

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now