Video Screencast Help

Cannot detect USB Flash Drive Shortcut Virus

Created: 20 Jun 2013 | 9 comments

Hi, 

My company is using SEP ver 12.1.2100 but it cannot detect and delete the virus and now spread it to few PCs.

Does any one encountered the same problem because of SEP not check and protect our system?

 

thanks. 

Operating Systems:

Comments 9 CommentsJump to latest comment

raju123's picture

Have you antivirus update with lates defintion?

Microsoft Security Patches Updated?

Check thread

https://www-secure.symantec.com/connect/forums/shortcut-folders-creating-virusworm

Update patches

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution
 
Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution
 
Edit---
 
If virus still running then submit the virus file tosymantec secuirty team
pete_4u2002's picture

is teh machine updated with the latest signature?

submit suspicious file to Security Response.

W007's picture

hello,

Eliminating viruses and security risks

 

Article:HOWTO27280  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27280

 

Check same problem thread

https://www-secure.symantec.com/connect/forums/pen-drive-becoming-shortcut#comment-8830881

https://www-secure.symantec.com/connect/forums/all-folder-pendrive-become-ink-or-shortcut

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ambesh_444's picture

Hi,

Please submit the suspicious file to Symantec security response team.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Chetan Savade's picture

Hi,

I hope you are using all three SEP features AV/AS, PTP & NTP.

You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user..

Best Practices for Troubleshooting Viruses on a Network
 
 
Follow the best practices:
 
1) Install all the SEP features i.e. AV/AS, PTP & NTP.
 
1) System should be updated with Service packs and windows patches.
 
2) Make sure the machines are installed with the latest third party applications.
 
3) Disable the Autorun Feature if not using SEP 12.1.

Similar thread:https://www-secure.symantec.com/connect/forums/virus-issue-chinese-language-corrupted-files-and-folders-pen-drive

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Swapnil khare's picture

  1. Remove those machine from network which you think are infected
  2. Apply Virus defs on these machines and run full system scan first with latest defs
  3. Find the root machine as it may be still in the network
  4. Disable all USB connections through Group policy or through SEPM
  5. Make sure all MS patches are installed
  6. Lastly call Support submit logs for them to analyse and then submit the files to Security response team for them to provide you the defs .

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

 

raju123's picture

Please update the current status in thread or mark as Solved with the helpful one.