Video Screencast Help

all the folder in pendrive become ink or shortcut

Created: 12 Jun 2013 • Updated: 19 Jun 2013 | 9 comments
This issue has been solved. See solution.

all the folder in pendrive become ink or shortcut

 

i blocked autorun.inf from apps and device control policy

when conecting pendrive it showing a notfication that autorun.inf blocked........

but still the problem is there

e1e1,b9b9 this file automatically creatd on pendrive

when opening this folders automatically wscript.exe process generating

plzzzz help me?sad

Operating Systems:

Comments 9 CommentsJump to latest comment

W007's picture

Hello,

Eliminating viruses and security risks

 

Article:HOWTO27280  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27280

 

Check same problem thread

https://www-secure.symantec.com/connect/forums/short-cut-virus

https://www-secure.symantec.com/connect/forums/pen-drive-becoming-shortcut

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
raju123's picture

Check the patches and sep defintion are updated or not.

Scan the full system in Safe Mode with networking.

If not work then

Run the NPE tool

http://security.symantec.com/nbrt/npe.aspx

Symhelp tool to collect log and submit to symantec
https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

raju123's picture

Submit virus to symantec

http://www.symantec.com/security_response/submitsamples.jsp

Temp Solution.

Manually Remove Virus.

Run the System in Safe Mode.

Clean the pen drive

Go the path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Find the file name which is not related to your any application (eg- xxxx.exe)

Remove that registry

remove the file from Sysyem location.

Uncheck from Msconfig Startup and restart system.

After restart connect pen drive and check it come again or not?

W007's picture

Hello,

Check this thread

https://www-secure.symantec.com/connect/forums/pen-drive-becoming-shortcut#comment-8830881

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ambesh_444's picture

Hello,

In your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Reference: https://www-secure.symantec.com/connect/forums/usb-flash-drive-shortcut-virus-0

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Chetan Savade's picture

Hi,

Thanks you for posting your query in Symantec community.

I would be glad to answer your question.

I hope you are using all three SEP features AV/AS, PTP & NTP.

Even after formatting external drive if shortcuts are getting created it means virus is active on the system as well.

Shortcuts are getting created on pen drive but source file might be present on the system.

Need to find out that infection/source file and submit to the Symantec for further analysis.

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

Best Practices for Troubleshooting Viruses on a Network

http://www.symantec.com/docs/TECH122466

Also you can upload this suspicious file to the Symantec Security Response Team on - 

https://submit.symantec.com/essential

OR

http://www.threatexpert.com

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

 

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

mahesh securesolutions's picture

hi all
that problem solved

i removed that by attrib cmd

and i gt 2 script files from pendrive

that file creating this problem

i submit that 2 files to symantec and

i received mail from symantec security response

 

 

thankzz all

 

tnx for the support    heart