This is a general help document to help you get started on finding and clearing a PC infection.
There are many types of infections in the wild today. Some require different steps for removal, while some of the more dangerous threats may need specific tools to be completely cleaned from your system. The “Best practices for troubleshooting viruses on a network” is a great document to start with.
If you are fighting a single infection, following the steps and links below should be helpful in detecting and removing most threats.
As with any AV product, make sure you have the latest Antivirus signatures. For Symantec products, start with downloading the latest Rapid Release definitions.
Next, boot into safe mode and running a Disk Cleanup (right-click the C drive, Properties, Disk Cleanup) - that will delete all the files that are in these temporary locations, as well as IE's temporary files, etc. Perform a full system scan in Safe Mode.
If your AV fails to detect and remove the infection, there are useful tools provided by Symantec for help with finding those hard to detect threats.
1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.
2. If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool. The tool is free, so there is no need for a Fileconnect account to download the software.
3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common load points where threats can live.
4. If you are running Symantec Endpoint Protection, you can use the Network Activity Tool to identify suspicious processes.
5. There are several Threat-Specific Removal Tools provided by Security Response. These tools are designed to detect and remove the most pervasive threats seen in the current landscape. Note, these Threat-Specific tools are not updated, and may prove less helpful as new variants of threats are released in the wild.
If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec Security Response or ThreatExpert for analysis. New signatures will be created, and included in future definition sets for detection.
To help prevent future infections please follow our Security Best Practice Recommendations and our “Must Do, Should Do, Can Do” best practices.
Make sure your OS and all software is up-to-date and fully patched. Add Norton Safe Web Lite to your browsers. Norton Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.
Add web filtering to help protect, use Norton ConnectSafe (AKA Norton DNS) in your environment. Many times inappropriate sites are the source of malware and driveby downloads. ConnectSafe blocks inappropriate content in 23 different languages.
Here are some other articles that will be helpful.
Cleaning an infected system with no or a damaged install of Symantec Endpoint Protection/Symantec AntiVirus
Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003
How to find Suspected Threats on your computer
I hope you find this information useful.
TK