Question
Reply
 
Honor Student
Amitavakali
Posts: 3
Member Since: ‎09-11-2011
Message 1 of 2 (527 Views)

firmware rootkits

[ Edited ]

I have hp pavilion dv6 with windows 7 64-bit OS. While scanning with Symantec Endpoint Protection, the following files are shown at %windows% - 9129837.exe , hide_evr2.sys and at %windows%syswow64 - virusremoval.vbs , ntos.exe


How to remove these rootkits?

 

I have restored factory settings after repartitioning but they are still there.

 

Are they resident in firmware in NIC?

Top Student
thomas_symantec
Posts: 5
Member Since: ‎08-25-2011
Message 2 of 2 (483 Views)

Re: firmware rootkits

Hello,

 

I would first try scanning the system in Safe-mode with the latest Rapid Release definitions.

 

If that fails to detect and remove this threat, there are some useful tools that are provided by Symantec for help with finding these hard to detect threats.

1.    The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

 

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

 

 

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

 

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

 

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions –http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

 

Support Tool with Power Eraser Tool included –

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec for analysis. New signatures will be created and included in future definition sets for detection.

 

http://www.symantec.com/business/security_response/submitsamples.jsp

 

Regards,


† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation