Thank you Mithun, the advice regarding autorun is a good one (it's disabled with GPO) but it doesn't really answer my main question. Way isn't the virus discovered before I changes the attribute? And how can i make SEP find the viruses without manualy finding the virus and change the attributs?
Finding the virus manualy and changing the attributes isn't a very effective way to combat the virus ;)
The virus was uploaded to the symantec securety responce team (#27467347) 21.12.12 and 24.12.12 they concluded that the file was the above mentioned virus.
That wasn't a suprise as Trend AV (protecting our servers) have stopped 4166 infections (worm_verst.sm trend name for the same virus) since 6.11.12
So how do I make SEP 12.1 detect the file without doing anyting manually with the file?