Symantec EndPoint Protection v11

our SEP Manager Console detects numerous file infections with:

W32.Sality.AE- C:\Program Files\NetInst\NiAiServ.exe
W32.Downadup.B- c:\windows\system32\bffjbu.dll
W32.Mydoom.A@mm- C:\WINDOWS\system32\CcEvtSvc.exe
Trojan.Gen- ****SUMMARIZED DATA****
W32.SillyDC- ****SUMMARIZED DATA****
Backdoor.Hupigeon- ****SUMMARIZED DATA****  
Trojan Horse- C:\Documents and Settings\jagadesh\Local Settings\Temp\DWH*.tmp (too mannyyyy!!) of these.

All clients computer have SEP client installed.. maybe around 3 are having this issue. Appreciate your help in removing these viruses. Thank you.

-Charles
LVL 3
charles_lawrenceAsked:
Who is Participating?
 
vvladaConnect With a Mentor Commented:
1. Turn off system restore on those computers (you should have their backup, before)
2. Go to the safe mode
3. Run SEP and do a full scan (be sure that SEP has most recent av defs)

Best regards,
Vladimir
0
 
Hutch_77Connect With a Mentor Commented:
You need to disinfect the machines in question.  SEP is not a  real removal tool it is more for prevention of infection, and detection post infection when new db updates are added.  
Combofix should remove all of these infections, but just about any of solution will require you to touch each machine.
0
 
kadafitcdConnect With a Mentor Commented:
If you can't delete the files manually then they are probably running in memory or they have hooked themselves to a system file which will deny deletion.

Couple options for your are.  

1. Manually go in and try and delete the files.  Also just delete everything within the TEMP Folder where you say there are too many of those.  Just delete the whole folder and there will be a couple files in use that won't let you delete them but overall most of this can be deleted.  Or you could download a program to each computer called ccleaner it will clean the temp folder for you.

2. If manual deletion doesn't work you can try using killbox to delete them.

3. If neither of the above work may I suggest using another scanner on the system to see if it can help in the removal.  Malwarebytes is a great tool that has to be manually run(no real time or scheduling in the free version).

Good Luck HTH.
0
 
charles_lawrenceAuthor Commented:
Been busy for a while.

I need to give points to the experts
0
 
charles_lawrenceAuthor Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.