Endpoint Protection

Hello,

Does Symantec have instructions for removing the rogue antispyware program.

I have remoted into the client's machine at a higher level. When I attempt to install SEP 11, the installation rolls back. Just now I downloaded 3rd party software and running am scan. Will upload the results to Symantec.

Name of rogue antispyware is Smart Internet Protection 2011. Or is there a way I can disable it in MSCONFIG, then download, install, and run SEP 11?

If you don't have SEP or any other AV installed for that matter, try the SEP Power Eraser to see if that catches it.

http://www.symantec.com/business/support/index?page=content&id=TECH134803&actp=search&viewlocale=en_US&searchid=1297695448984

If not, then try Hitman Pro or Malwarebytes.

There will not be a removal guide for this FakeAV or any others because file/file locations change so frequently. These things are re-coded multiple time per day.

I ran Malware Bytes and it turned up with false positives.

Will run SEP Power Eraser right now.

You may also try using the SERT utility to remove this threat.

http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Video - https://www-secure.symantec.com/connect/videos/symantec-endpoint-recovery-tool-sert

If you don not have access to SERT, then run the Norton Security Scan.

http://security.symantec.com/sscv6/DownloadInstructions.asp

I ran Power Eraser, uploaded three threats (they look really harmless though).

Will try the SERT tool.

I am not onsite to run SERT, can I do this remotely?

Not possible, as the SERT boots off a cd or dvd in the local system.

Ok, because I tried Norton Security Scan, it says I have SEP on my system already, even thought it is "Symantec Management Agent". I am still unable to install SEP 11.

Is there a way to disable this rogue program in MSCONFIG? Want to do whatever I can remotely before involving an onsite user.

It's likely set to run on startup so check the programs that startup and disable any that look like they shouldn't be there.

Just an idea, but try installing the free version of PC Tools AV (Owned by Symantec). Then boot to safe-mode and run a full scan.

Also run a Disk Cleanup before running the scan (right-click the C drive, Properties, Disk Cleanup) -  delete all the files that are in these temporary locations, as well as IE's temporary files.

http://www.pctools.com/free-antivirus/

Disable Unwated apps from MSCONFIG --Startup

Delete everything under %temp% , C:\Windows\Temp and Temporary Internet Folders

Then try running Sysinterals Autoruns to find out what unwanted programs are loaded or use Sysinternals Process explorer and remove Suspicious files running .

There is already a tech onsite...

However these are really great procedures for future use, i.e. PC Tools AV, and Sysinternals Autoruns