Using Symantec endpoint 12.1 which detects "Spyware.Spymail" then deletes it without giving a file name or location. I have been working with Symantec on this and they have come up with nothing.
It is detected on 20+ computers intermittently might go two three days with nothing then its back. I have installed AVG Free, Malwarebyte, spybot, super anti spyware, sophos virus removal and tries spyhunter. none of those show the detection. I have re-imaged, re-installed from scratch blocked the IPs that Symantec shows as the attacking IP's and still pops up.
It only affects Windows 7 Pro machines, I have some XP boxes but they do not show it. The servers do not show it 2008 r2 and 2003. I have run hijack this and it shows nothing. I am at my wits end. I believe its a false positive but dont want to blow it off its not, any ideas???