This is a general help document to help you get started on finding and clearing a PC infection.
There are many types of infections in the wild today. Some require different steps for removal, while some of the more dangerous threats may need specific tools to be completely cleaned from your system. The “Best practices for troubleshooting viruses on a network” is a great document to start with.
If you are fighting a single infection, following the steps and links below should be helpful in detecting and removing most threats.
As with any AV product, make sure you have the latest Antivirus signatures. For Symantec products, start with downloading the latest Rapid Release definitions.
Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in Safe Mode.
If your AV fails to detect and remove the infection, there are useful tools provided by Symantec for help with finding those hard to detect threats.
1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.
2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool. The tool is free, so there is no need for a Fileconnect account to download the software.
3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common load points where threats can live.
4. If you are running Symantec Endpoint Protection, you can use the Network Activity Tool to identify suspicious processes.
5. There are several Threat-Specific Removal Tools provided by Security Response. These tools are designed to detect and remove the most pervasive threats seen in the current landscape. Note, these Threat-Specific tools are not updated, and may prove less helpful as new variants of threats are released in the wild.
If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.
To help prevent future infections please follow our Security Best Practice Recommendations and our “Must Do, Should Do, Can Do” best practices.
Make sure your OS and all software is up-to-date and fully patched. Add Norton Safe Web Lite to your browsers. Norton Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.
Add web filtering to help protect, use Norton ConnectSafe (AKA Norton DNS) in your environment. Many times inappropriate sites are the source of malware and driveby downloads. ConnectSafe blocks inappropriate content in 23 different languages.
Here are some other articles that will be helpful.
Cleaning an infected system with no or a damaged install of Symantec Endpoint Protection/Symantec AntiVirus
Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003
How to find Suspected Threats on your computer
I hope you find this information useful.
very good Article tools details
Adding to Thomas's Best Practices above,
As part of normal best practices, Symantec strongly recommends keeping all operating systems and applications updated with the latest vendor patches. For additional information on this and any other recent advisories, please visit the Symantec Advisory page at:
Hope that helps!!
Thanks. This is a very usefull article.
Very Good Article.
Hello, are users supposed to download all of the individual files on the Rapid Release page linked from this article? I've been downloading them one by one, but am having trouble with some of them. For example, several times I've gotten a message that says the file(s) can't be opened because I'm out of disk space or they're read only. Now, there are two WIN-RAR self-extracting archive windows open which say there's a problem: one says "cannot create intiupdater.exe" and the other one says, "cannot create VIRSCAN.zip". I'm not sure what to do next. Is there a way to know which of these files I need, or should I just continue to try to download all of them? Are there any recommended solutions to the downloading/opening of files I mentioned?
@Mentos44, You only need one Rapid Release file. Pick the latest one that applies to your product and download it to your computer.
yeah.........very nice article
It's really the helpful information. Thanks to sharing such a good article.
Very help full
Good thread all of Symantec tool Available .. :)
Thanks for sharing such a useful information, I will be checking your blog for further information and updates.
Any tool available for a virus/adware/spyware that has disabled literally everything? Unable to pull up task manager, or open any .exe files without getting a message to "pay to update my virus scanner"
thanks for posting!
nice artical ,really helpfull.
Very usefull, Thank you
Good one team,
Even it,s help me..