Solved

Symantec Antivirus Notification help with Corp Edition

Posted on 2006-07-14
5
687 Views
Last Modified: 2008-01-09
I have a customer using Symantec Corp Edition and they have one virus poping up.

The name is :  kbdFIG.dll and symantec says it can't remove it.

I've started in SAfe mode and Disabled the System restore button and it still does it.

I've checked out Norton/Symantec site but I must be looking in the wrong spot.

Any help thanks!

Paul
0
Comment
Question by:paulbarstool
5 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 17109181
Paul,
Are you sure of the spelling "kbdFIG.dll"?
I can't find any reference to it anywhere.
Vic
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17112814
Does Symantec tell you the location of the said file?

Can we look at your hijackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17113507
I would suggest the following (already mentioned by rpggamergirl above)

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Then, do the following:

First locate the file named kbdFIG.dll (probably in c:\windows or c:\windows\system32)

Then:

(0) If running XP Home, boot in safe mode, if XP Pro or 2000, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot (into normal mode)

After reboot the file(s) will be unable to run (because no one can access them any more). The symptoms should be gone.

At that point I would suggest a full scan with Symantec AV again in case some other files were being masked by the dll.


0
 
LVL 1

Expert Comment

by:PJulius
ID: 17125673
You might want to try another antivirus utility as well; often different utilities will disagree on what they find and what they can kill. You might have more luck clearing out the infection with AVG Free or some other antivirus.
0
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17126693
For 'on-line' scans that don't interfere with your existing AV, you can use:
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/index.php?tab=0
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
As a business owner, there are many things that keep you up at night. Profit margins, employee retention, human resource protocols, whether your product or service will remain competitive. When you own or manage a technology company that operates la…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question