Solved

Symantec Antivirus Notification help with Corp Edition

Posted on 2006-07-14
5
690 Views
Last Modified: 2008-01-09
I have a customer using Symantec Corp Edition and they have one virus poping up.

The name is :  kbdFIG.dll and symantec says it can't remove it.

I've started in SAfe mode and Disabled the System restore button and it still does it.

I've checked out Norton/Symantec site but I must be looking in the wrong spot.

Any help thanks!

Paul
0
Comment
Question by:paulbarstool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 17109181
Paul,
Are you sure of the spelling "kbdFIG.dll"?
I can't find any reference to it anywhere.
Vic
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17112814
Does Symantec tell you the location of the said file?

Can we look at your hijackthis log?
Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 32

Expert Comment

by:r-k
ID: 17113507
I would suggest the following (already mentioned by rpggamergirl above)

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

Then, do the following:

First locate the file named kbdFIG.dll (probably in c:\windows or c:\windows\system32)

Then:

(0) If running XP Home, boot in safe mode, if XP Pro or 2000, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot (into normal mode)

After reboot the file(s) will be unable to run (because no one can access them any more). The symptoms should be gone.

At that point I would suggest a full scan with Symantec AV again in case some other files were being masked by the dll.


0
 
LVL 1

Expert Comment

by:PJulius
ID: 17125673
You might want to try another antivirus utility as well; often different utilities will disagree on what they find and what they can kill. You might have more luck clearing out the infection with AVG Free or some other antivirus.
0
 
LVL 38

Accepted Solution

by:
younghv earned 250 total points
ID: 17126693
For 'on-line' scans that don't interfere with your existing AV, you can use:
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://www.bitdefender.com/index.php?tab=0
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question