Hi,
We had two users within our work place who clicked the same link in a email that was malicious. We ran a full scan on both PCs and one of the PCs showed it was still infected with the backdoor.necurs!kmem ntos virus. The other pc showed that it was ok after a full scan. I disconnected it from the network and called symantec. The person i talked to had me check within symantec and it seemed the virus had been deleted, so she web ex in had me check the logs and run the health scan. the health scan didnt show anything serious just things to look into that maybe suspicious. she had me reboot the pc and start a full scan again, so i did and the full scan only took about 5 minutes to complete, which before took about 2 hours which was odd, but it didn't show th virus. however, I noticed symantec was disabled. I also looked on the symantec managment console and noticed it showed the pc was still infected with a virus. I got the symantec engineer to log into the management console and she had me look at more logs which showed backdoor.necurs!kmem with the action left alone. So, we have removed the pc and we will wipe the pc but my concern is that sensitive info may have been gotten. How would I know if someone was allowed access to get info to the PC? Are there any tools i can use on the pc to find this out?