Endpoint Protection

Hi,

My computer came under anti-virus protection from Symantec Endpoint Protection (SEP) since Aug 2012.  However, recently, about two weeks ago, whenever I used internet search engines (e.g. Google and Bing), my intenet browswers started to automatically re-direct me to www.bts.scour.com and other dubious websites.  Despite conducting regular scans on my computer (both before the current spate of redirections, and after the redirections started happening), the problem persists -- it seems that SEP is either not detecting, or failing to remove whatever malicious software is causing the re-direction.

Should I change any of the settings in my SEP in order for it to detect and remove the malware?  Or do I need to purchase some other Symantec product? Thanks.

open a support ticket and ask for analysis of load point logs for suspicious file.

is the system updated with latest definition?

hi pete, how do i open a support ticket?

my virus definitions are updated as of 5 oct 2012, r18.

Please raised support ticket..

Please contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp   India: Toll-Free 000 800 4401 456 directly                                                                                                       

Contact Symantec Customer Care on 

http://www.symantec.com/support/assistance_care.jsp

OR 

Technical Support

http://www.symantec.com/business/support/contact_techsupp_static.jsp

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Check this thread:

https://www-secure.symantec.com/connect/forums/virus-cleanup-exercise

Thanks, Aishish!

I'm running the SEP support tool now. when the data collection is complete, do i post the results directly in this forum, or should i email it separately to symantec?  The reason I'm asking this is because I don't know if the data search will disclose any sensitive private info that should not be posted in a public forum like this?

do you have a support id? if yes that needs to be mentione dwhen you call toll free no.

Hi Pete,

i'm afraid I don't know what's the support ID for my SEP. I would have to ask my IT department for it when the working week resumes on Monday.

may be you can check this registry entry

HKey_Current_User\Software\Microsoft\Internet Explorer\Main\start page and if it has suspicious entry delete it.

Hi,

Check this thread

https://www-secure.symantec.com/connect/forums/browser-redirected-unwanted-site

Unwanted web sites display

http://support.mozilla.org/en-US/questions/697610

Thanks, Pete, but I'm afraid I'm not really an expert with computers, and I don't know where to look for registry entries.

Should I just ask my IT department for help if Symantec cannot help at this stage?

Hello,

Plan of Action - 

1) Disable the System Restore http://support.microsoft.com/kb/283073

2) Disable the Browser Helper Objects on all Installed Browsers

3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.

4) Login to the machine as a Different User and check if this issue is occurying?

If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.

5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also, Check these Threads with similar issue - 

https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page

https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus

Hope that helps!!

If you're using a router, make sure that the router settings for DNS are correct for your ISP. I have seen this happen, where the DNS entry was changed to one in a (shall we say) distant land and redirecting in the manner you describe. Nothing malicious was actually on the affected computer.

If the DNS entries are incorrect, change them to the correct ones... and then change the password on your router.

sandra