Question

Locked

Norton Corp Client Disabling itself.

By Dumphrey ·
I had a client computer get infected with several trojans. I think this computer had been infected by another cumputer upstream in the workflow. That computer got infected from MySpace while the operator was in working on a Saturday. By Monday afternoon, I had his computer cleaned up. Now, this second computer is cleaned, I think, as I can find no more evidence of virii/trojans with trend Housecall, calm av, asquared, hijackthis, or the local Nortan Corporate client. But, the Norton clien keeps diableing the auto-protect feature. I uninstalled the client and reinstalled it, thinking that one of the trojans may have damaged the cliet, and the auto-protect stayed up for about 48 hours. When I attempt to go in and manually turn on "Enable auto-protect" there is a big (Disabled) beside the option, no matter how many times you check or uncheck the selection box. This is version 10.1.5 for the Symantec client. Any suggestions on fixing the AV and/or confiming I actually am virii free, as wiping the computer is not an option im afraid.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

We had the same

by XT John In reply to Norton Corp Client Disabl ...

thing a month ago in our office. It affected 3 machines, the culprit being one used by part-time staff that infected 2 others. I'll be honest, we worked on them for 2 solid days. Googled like mad, 3 of us working hard; more than anything to try and find out WHAT had infected them and how to clean it/ prevent it. We also run Symantec Corporate Edition 10.1 We looked for root kits, spyware, you name it. Nada. Symantec would find stuff, say it was cleaned, and the first hint of a problem was loss of internet. Then, when the computer was logged on, it would throw up an error trying to connect to the Domain server. We wound up rebuilding all three. Thankfully, we all had our important stuff on the server.

Collapse -

Only

by Dumphrey In reply to We had the same

symptom I have on it atm is that the norton client will not enable auto-protect. I guess I will keep googleing and hope to get lucky.

Collapse -

That was

by XT John In reply to Only

another of our symptoms; Symantec being disabled, and not being able to update the definitions. The updates would fail, we even tried updates downloaded directly from Symantec. Tried to install them/run scans in Safe Mode. No luck... hope yours goes alot smoother...:)

Collapse -

Well

by Dumphrey In reply to That was

so much for clean. I installed antivir personal, rebooted, and found another trojan. I had to boot off of knoppix to delete the files from system32, it refused to release access even in safe mode. I guess Ill try another brand of scanner tomorrow, I have other stuff to get done atm. Eventually, I will make this work.

Collapse -

i had the same

by abhijeet.mcain In reply to Norton Corp Client Disabl ...

i had also faced the problem
and i had to format my hard disk and reinstall.

virus name : "Data Administrator"

Collapse -

We also

by XT John In reply to i had the same

ran 'online' antivirus scans (such as HouseCall from Trend Micro). We tried to clean up using Linux discs, we pulled the infected hard drive out, placed it in a known good system, scanned from the clean drive... in every instance the scans turned up something, removed it, but it stil lcame back.

Collapse -

That seems to be

by Dumphrey In reply to We also

where this si headed. We are going over his machine to find out what is essential, what we have, what we need to get, etc. I am preparing to do a wioe/reload, but it just chaps my *** to have to.

Collapse -

I hear ya...

by XT John In reply to That seems to be

we had three out of 70 in our LAN that this happened to (we had to rebuild). The most troubling part is in not knowing what it was, how to get rid of it, and how to PREVENT it! I was hoping there would have been more of a response to your question, especially a known fix/prevention.

Collapse -

Just thought I

by Dumphrey In reply to I hear ya...

would update this. Okay, short story: virii gone, Norton works, no format/reloading windows. What I did: 1) Full scan with local Symantec AV Client. It found and deleted several items. 2)Safe Mode no Networking Scan with local client. 3) Trend On-Line scan, found and removed several items. 4) Antivir personal edition installed and updated. Scaned and found/removed several NEW trojans. Note: Box has been offline this whole time. Except to go to Trend Online direct.(Portable firefox on a flash drive.) 5) Rescaned with trend Online. Clean report. 6) Uninstalled and reinstalled Symantec client and ran update. Auto protect would not stay running. 7) Ran another antivir scan (uninstalled symantec first) and found several files (evil dlls in system32), had to boot off a knoppix cd to delete them from the disk. Reinstalled service pack 2 to attempt to fix damage to explorer from dlls removed/deleted by trojans/virii. 9)Reinstalled Symantec client, updated, and all Golden.
I know, this process took nearly 2 days to complete because of waiting on full scans on a slow computer, as well as manaing my time, but, I was in a position of not being able to loose the information on that machine. Needless to say, I have sat down with the user and figured out what is actually important and made backups of that data, and am tracking down install copies of some old software. Next time I see this problem on any machine, I will aim for the delete and wipe from the work go.

Collapse -

Currently Having this same problem

by ekolb In reply to Just thought I

would you say that the removal of SAV and the running of an alternate AV while it was off was what did the trick?

In reading through your description that is what it sounds like.

Back to Social Networking Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums