Downadup Again
Hi everybody.
I think so i have very good experience about Downadup. But today i have a problem. Friday nigth one friend (who work in IT) said he couldn't see symantec endpoint protection in rigth side. (near clock) Now today he start up his comptuer and we taken downadup attacks like this.
Than i taken his Flash Disk Drive and plug in another computer and we found donwnadup and delete.
My OS is Wİndows 7 and all updates installed. Sep is currently update too. i did these steps.
1- disconnect to infected computers to network area
2- take back users domain admins membership and change password (all IT workers too)
3- start full scan in all computers (IT and all company)
Now i have notification there is a 2 files with infected.
My questions is: In the notification window Computer name is my computer name but user name not. This user working IT and he is member of Domain admins.
It means I have a attach from this user in this computer?
Because my another friend taken same window but User name is mine!!!
Whats happend?
Thanks
Fatih
Comments
Looks this has come from
Looks this has come from External Drive/Flash Drive. [ Unknown Storage]
Once it is detected it says access denied but later if you click next on the notification you see action taken as cleaned or deleted etc.
Best thing would be to first format the Flash drive so that it doesn't infect others.
It also drops tmp files to %temp% directory of logged in user. So make sure to cleanup your temp files in that location.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
you rigth
yes Vikram You rigth. Its came from USB Flash Drive. I scan this Drive and found autorun.inf and delete it. now flash disk not use anymore. but we have taken notifications still. Why this notification come still?
try to connect to another pc's?
Thanks
Everything works better when everything works together.
After taking out the Flash
After taking out the Flash Drive when the notification comes what location does it show...sometimes notifications are delayed as well.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
I found
I am sorry for late reply. But i was busy to find problem. at least I found the problem. there was a 2 computer and we forgot to install sep these 2 machines. and these machines logon with domain admins users. and these two computer infected downadup and use our usernames. Thank you for reply I am happy now :)
Thanks
Fatih.
Everything works better when everything works together.
Great ...in Downadup the most
Great ...in Downadup the most difficult part is find the attacking computers once they are found rest becomes easier..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
How to beat W32.Dowandup infections - Outbreak Scenario
Hi everyone,
I've been solving virus infection problems since a long time, and W32.Downadup has a complete chapter. I've added a new article called (How to beat W32.Dowandup infections - Outbreak Scenario)
https://www-secure.symantec.com/connect/articles/how-beat-w32downadup-infections-outbreak-scenario
If you have any comments/issues you are welcome to speak
Authorized Symantec Consultant - Symantec Certified Specialist - Experts-Exchange Certified Guru
Please don't forget to mark your thread solved
Would you like to reply?
Login or Register to post your comment.