Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Disk anti virus fake Av

Created: 02 Feb 2013 • Updated: 16 Feb 2013 | 7 comments
This issue has been solved. See solution.

Looks like a new fake AV variant.

http://www.bleepingcomputer.com/virus-removal/disk-antivirus-professional-removal

 

Does Symantec has the detection and cure for this variant ?

 

Cheers

Prakash

Comments 7 CommentsJump to latest comment

.Brian's picture

Submit it to security response
Https://submit.symantec.com/websubmit/essential.cgi

Also upload at virustotal.com to see if defs are available.

Check here
https://www-secure.symantec.com/connect/forums/you...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Prakash8's picture

Hi Biran,

 

Currently i dont have the sample file to submit. In the process of collecting it from the end user machine.

Will Submit it once i have the file. But in parallel, i just want to know below points.

1. Does Symantec aware of this new threat ?

2. If yes, does Symantec has the detection ?

 

Thanks,

Prakash

 

.Brian's picture

You would need to submit to have it verified. If your SEP client did not detect it than it may not have had a signature yet.

FakeAV changes many times per day so it may have went undetected which is why you meds to submit so they can create a signature for it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

cus000's picture

As Brian mentioned there's always issue with new undetected/unknown variant... most of the time user need to capture & submit it manually

 

take note also on different naming convention for each vendor...

pete_4u2002's picture

run the symhelp tool to know the suspicious file to be submitted.

Prakash8's picture

Samples were collected and Submited. Signature will be available soon.

pete_4u2002's picture

thats good to know. may be the SR team would have given the RR definition in the closing of the tracking number.