Endpoint Protection

 View Only
  • 1.  How to delete

    Posted Apr 01, 2011 07:21 AM
      |   view attached

    Hi,

     

    A firus was affected my system. How to delete that one. Is there any particular available?. How have to solve this..what do i do?

     



  • 2.  RE: How to delete

    Broadcom Employee
    Posted Apr 01, 2011 07:38 AM

    Hi,

    Symantec has detected infection W32.Rontokbro@mm.

    Check what action Symantec has taken place.

    If it's quarantine & you want to remove it then I would suggest scan the machine in safe mode & check.

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99&tabid=2



  • 3.  RE: How to delete
    Best Answer

    Trusted Advisor
    Posted Apr 01, 2011 12:15 PM

    Hello,

    What version of SEP are you carrying?

    Checking it carefully, found this:

     

    Your Symptoms looks very similar to these as below:

    You run a scan multiple times and it continually finds threats previously quarantined in C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine. A full system scan will find the files and claim that it successfully quarantined the file but will be found my another full system scan in the same location.

    Cause: Unknown. It is suspected that the SRTSP is a middle point for the main quarantine typically located in C:\Documents and Settings\All Users\Application data\Symantec Endpoint Protection\Quarantine 
     
    Solution:

    Disable the System Restore from the Machine.

    When trying to access C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine you will probably get an access denied.

    1. Right click on the folder, go to Properties then Security.
    2. Add the user who is currently logged on with Full Control.
    3. Open command window (Start > Run > cmd).
    4. At command prompt, navigate to the directory (cd "C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine")
    5. Delete all files by typing the command del *.* and hit enter.
    6. Restore the default privileges by removing the user added with Full Control.
    7. Initiate a full system scan.


  • 4.  RE: How to delete

    Trusted Advisor
    Posted Apr 04, 2011 06:52 AM

    Hello,

    Once you have worked on the Above Steps, I would recommend you to follow the steps provided int he article below:

     

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 
     
    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
     
    By following this above steps, we are ensuring that there should not be any Files left away which symantec is not detecting. And if there is any, the same should be submitted to the Symantec Security Response Team.


  • 5.  RE: How to delete

    Posted Apr 08, 2011 02:03 AM

    hi mithun,

     

    in vista, how to access the SRTSP location. and why should we stop the system  restore point. because, everyone says , to stop system restore point and do full scan in safe mode. thats why i am asking



  • 6.  RE: How to delete

    Broadcom Employee
    Posted Apr 08, 2011 02:58 AM

    open the regedit and browse to the path to know the

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\SRTSP\Parameters

     

    And regarding the system restore, the AV does not scan system restore.