?
Solved

Symantec Antivirus Notification help with Corp Edition

Posted on 2006-07-14
5
Medium Priority
?
692 Views
Last Modified: 2008-01-09
I have a customer using Symantec Corp Edition and they have one virus poping up.

The name is :  kbdFIG.dll and symantec says it can't remove it.

I've started in SAfe mode and Disabled the System restore button and it still does it.

I've checked out Norton/Symantec site but I must be looking in the wrong spot.

Any help thanks!

Paul
0
Comment
Question by:paulbarstool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 17109181
Paul,
Are you sure of the spelling "kbdFIG.dll"?
I can't find any reference to it anywhere.
Vic
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17112814
Does Symantec tell you the location of the said file?

Can we look at your hijackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17113507
I would suggest the following (already mentioned by rpggamergirl above)

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Then, do the following:

First locate the file named kbdFIG.dll (probably in c:\windows or c:\windows\system32)

Then:

(0) If running XP Home, boot in safe mode, if XP Pro or 2000, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot (into normal mode)

After reboot the file(s) will be unable to run (because no one can access them any more). The symptoms should be gone.

At that point I would suggest a full scan with Symantec AV again in case some other files were being masked by the dll.


0
 
LVL 1

Expert Comment

by:PJulius
ID: 17125673
You might want to try another antivirus utility as well; often different utilities will disagree on what they find and what they can kill. You might have more luck clearing out the infection with AVG Free or some other antivirus.
0
 
LVL 38

Accepted Solution

by:
younghv earned 750 total points
ID: 17126693
For 'on-line' scans that don't interfere with your existing AV, you can use:
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/index.php?tab=0
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question