I thought of something that is always the first reminder I try to give someone that calls me to say that Symantec AntiVirus has detected a virus on their PC, and ask what they should do next. This is important because alot of people don't follow these little steps and they end up getting frustrated because they get alerted over and over again that Symantec detected the virus.
Provided the virus is one that does not require a removal tool from Symantec to remove. The following steps are highly recommended for users to do, after they have received a notification that Symantec detected a virus on the PC.
1. Disable System Restore (if it is a Windows Me/XP client). Temporarily turn off system restore which is enabled by default. This feature may backup the virus, worm, or trojan and you may accidently restore the virus you thought you cleaned from the PC. Also, Symantec AntiVirus cannot remove the virus (access denied) if indeed it does try to remove it from the system restore, when enabled.
2. Update Virus Definition files (if you are a managed SAV client, you will not need to do this since the campus SAV servers push out the latest definition files daily)
3. Restart the computer in Safe Mode
4. Run a full system scan and delete all the detected files Symantec AntiVirus has detected and quarantined as the virus.
Hope this works.
Eli Shubin
Network Services/CSULB
(562)985-8608 eshubin@csulb.edu
