Symantec EndPoint Protection v11

our SEP Manager Console detects numerous file infections with:

W32.Sality.AE- C:\Program Files\NetInst\NiAiServ.exe
W32.Downadup.B- c:\windows\system32\bffjbu.dll
W32.Mydoom.A@mm- C:\WINDOWS\system32\CcEvtSvc.exe
Trojan.Gen- ****SUMMARIZED DATA****
W32.SillyDC- ****SUMMARIZED DATA****
Backdoor.Hupigeon- ****SUMMARIZED DATA****  
Trojan Horse- C:\Documents and Settings\jagadesh\Local Settings\Temp\DWH*.tmp (too mannyyyy!!) of these.

All clients computer have SEP client installed.. maybe around 3 are having this issue. Appreciate your help in removing these viruses. Thank you.

-Charles
LVL 3
charles_lawrenceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hutch_77Commented:
You need to disinfect the machines in question.  SEP is not a  real removal tool it is more for prevention of infection, and detection post infection when new db updates are added.  
Combofix should remove all of these infections, but just about any of solution will require you to touch each machine.
0
kadafitcdCommented:
If you can't delete the files manually then they are probably running in memory or they have hooked themselves to a system file which will deny deletion.

Couple options for your are.  

1. Manually go in and try and delete the files.  Also just delete everything within the TEMP Folder where you say there are too many of those.  Just delete the whole folder and there will be a couple files in use that won't let you delete them but overall most of this can be deleted.  Or you could download a program to each computer called ccleaner it will clean the temp folder for you.

2. If manual deletion doesn't work you can try using killbox to delete them.

3. If neither of the above work may I suggest using another scanner on the system to see if it can help in the removal.  Malwarebytes is a great tool that has to be manually run(no real time or scheduling in the free version).

Good Luck HTH.
0
vvladaCommented:
1. Turn off system restore on those computers (you should have their backup, before)
2. Go to the safe mode
3. Run SEP and do a full scan (be sure that SEP has most recent av defs)

Best regards,
Vladimir
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
charles_lawrenceAuthor Commented:
Been busy for a while.

I need to give points to the experts
0
charles_lawrenceAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.