Endpoint Protection

  • Private Community
 View Only

  • 1.  “c:\windows\system32\drivers\etc” file is empty.

    Posted Apr 15, 2015 08:04 AM

    Hi everyone I need to your help.

     

    Does not turn on when I restart servers. We see operating system disk and “c:\windows\system32\drivers\etc” file is empty.

     

    We doubt that a virus would cause this condition.

     

    Thanks for your response



  • 2.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Posted Apr 15, 2015 08:06 AM

    Have you scanned your system?

    What changes were recently made on this system?



  • 3.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Posted Apr 15, 2015 08:10 AM

    Yes, I do, but sep does not find a virus.

    I don't change anything



  • 4.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Trusted Advisor
    Posted Apr 15, 2015 08:16 AM

    Hello,

    I would suggest you to run a scan via SERT OR Power Eraser Tool.

    Download the Symantec Endpoint Recovery Tool

    http://www.symantec.com/docs/TECH131732

    About Symantec Power Eraser

    http://www.symantec.com/docs/TECH134803

    Symantec Power Eraser using Symantec Help (SymHelp) Tool.

    https://www-secure.symantec.com/connect/articles/symantec-power-eraser-using-symantec-help-symhelp-tool

    Regards,



  • 5.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Posted Apr 15, 2015 08:17 AM

    You can try a threat analysis scan:

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519

    You can also try a different third party scanning tool.

    Very unlikely that a virus would delete this entire directory....



  • 6.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Broadcom Employee
    Posted Apr 15, 2015 08:59 AM

    Hi,

    Thank you for posting in Symantec community.

    I would recommend to run Symhelp tool by Symantec, SymHelp features a utility, the Threat Analysis Scan, that can help to identify suspicious files on a system.

    Use the Threat Analysis Scan when you believe there might be malware on a system but security software is either unable to detect it or to remediate it. The Threat Analysis Scan can help to identify the following types of malware

    •     New variants of existing threats that are not detected by the current definition sets
    •     Fake antivirus applications and other rogueware
    •     Rootkits
    •     System settings that have been tampered with maliciously

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519

    About the Threat Analysis Scan

    http://www.symantec.com/docs/TECH215550

    Also, do you see risk activity under SEP client logs?



  • 7.  RE: “c:\windows\system32\drivers\etc” file is empty.

    Broadcom Employee
    Posted May 08, 2015 08:29 AM

    Is there any update?

    OR

    If query has been resolved mark this thread as a 'Solved' with the best answer that helps you.



  • 8.  RE: “c:\windows\system32\drivers\etc” file is empty.
    Best Answer

    Posted May 08, 2015 08:48 AM
    the new update with the virus it finds.
     
    thank you for response.