asked on

Need help removing a virus.

Have isolated a computer (XP pro w/ w SP3) that the Symantec Endpoint Protection (SEP) is constantly quaranting a virus - trojan horse, trojan ascesso. But this has gone on for days...the virus remains and the SEP constantly quarantines. If run a full scan and now it finds the risk (hundreds of them) in the c:\docs_setts\allusers\app_data\symnatec\srtsp\quarantine folder. Tried to follow the removal instructions but there is no registry keys mentioned - (http://www.symantec.com/security_response/writeup.jsp?docid=2007-082818-0250-99&tabid=3). Any advice on removing this permanately? Thx.

dmwynne

In my experience Symantec is very good at detection but not removal of viruses...I would download and install malwarebytes and run a scan with that.

xav1963

ASKER

Did the malwarebytes already and no success...

ASKER CERTIFIED SOLUTION

dmwynne

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

xav1963

ASKER

i dont rrember... i tried it yesterday... if I understand where you're going, I should uninstall SEP (along with its quarantine folder)...run malwarebytes again... then if/when cleaned, reinstall SEP ... is that what you mean?

dmwynne

Yes.

systemmanagement

HI,

Scan using the Microsoft Malicious removal tool which will help.

Thanks

matiasl

Perhaps combofix could help you ?

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

xav1963

ASKER

Did it and seems to have eliminated issue this time.