Endpoint Protection

NIS won't detect or remove a program I hvae called Personal Antivirues.  I can't find, detect, or remove this.

I can't get help on  the internet on that computer (I'm writing from a different uninfected computer) because every page I try to go to is blocked by a web page that pops up and says that the page I'm trying to get to is infected and the "warning" suggests I download their program to continue.... nothing I do gets me around this "warning"

I used another program recommended on another site called SpyHunter 3

This was able to find the PAV.exe and related files, and one called msxmlm.dll associated to Trojan.FraudPack
I can't uninstall with that program because I need to purchase it (and I've already paid money for your program NIS ) and I can't access the internet to compete an online purchase on that computer anyway.

please help.. not too impressed with Norton right now

as of this writing, my Live Update was up to date as of 11 seconds ago

Try to boot the computer into safe mode with system restore off. Then do a full system scan, and come back with the results. This is the 1st thing to do when you get an outbreak.

Grant-

Also would advise to delete PAV.EXE manually and then Run Full scan in Safe Mode after Disabling System Restore.

See this link there are helpful procedures provided by symantec technical support

https://www-secure.symantec.com/connect/forums/trojanwin32agentazsy-personal-antivirus-trojan-computer-running-symantec-endpoint-date-defini


You should submit this threat
You should submit this threat to the Symantec Security Response team for analysis.

https://submit.symantec.com/websubmit/basic.cgi
https://submit.symantec.com/websubmit/gold.cgi
https://submit.symantec.com/websubmit/essential.cgi

Make sure that it is not spread to other computers on your network.

http://service1.symantec.com/SUPPORT/ent-security....

Once the malware is wiped out, It is recommended that you upgrade your Endpoint Protection to the latest version which is MR4 MP2. Most of the bugs have been addressed in this version and the malware detection is more efficient.

Migrating to Symantec Endpoint Protection 11.0.4202 (MR4 MP2)
http://service1.symantec.com/SUPPORT/ent-security....

Question have you submitted the virus to security response?thanks

Go into the Host file under

C:\Wndows\System 32\Drivers\Etc  and check if its edited, you can compare it with the one that is on your clean machine. & if its different then please delete the unwanted entry over there. & also make sure that you submit the infected file to the Security response lab.

if the virus is still active, even if we restore the hosts fie, it will still be replace. better to submit the infected file to Symantec, and also for the users reference can you run Loadpoint diagnostic logs here, then we will try to analyze.

I agree to what paul says.please see my message up for to know how to submit the virus.You can also try to raise to symantec support.
Thanks

Just tried to searched the file into registry editor if found please delete it, then go to run type msconfig > start up then disable unnecessary start up. then reboot your pc

visit antivirus.com , which is a official web site of Trend Micro and download the following file in folder .

1. sysclean.com(http://www.trendmicro.com/download/sysclean.asp)
2. latest pattern file( lpt$vpn)(http://www.trendmicro.com/download/apac/pattern.asp)
3. latest spyware pattern file (http://www.trendmicro.com/download/apac/pattern.asp)

Start the system in safe mode and run sysclean.com and let the system perform fu
ll scanning.

We should support SEP here not other AV. I believe SEP is capable though there are some reason why we get infected.Thanks