Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

EXE generate automatically

Created: 11 Mar 2013 • Updated: 11 Mar 2013 | 9 comments

We have symantec endpoint protection 11.In the some system New folder .exe file generated.plz help

Operating Systems:

Comments 9 CommentsJump to latest comment

pete_4u2002's picture

run symhelp with loadpoint and upload the suspicious file to Security Response.

.Brian's picture

Submit the file to security response for analysis

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

You can as well open a case with Symantec and provide them with the Symhelp log with the Loadpoint analysis - they will check it against the Symantec Reputation database.

Sachin Sawant's picture

Download following tools to remove new folder.exe virus follow the link below to downlaod the tool

http://download.bleepingcomputer.com/sUBs/ComboFix.exe ( run tools In safe mode )

Manually remove it (new folder.exe Fix)

Delete File named svichossst.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe “

Cameron_W's picture

Why are you recommending combofix and deleting folders/exe's/registry locations that we don't even know if they exist on the users machines?

Please follow the steps listed 14 days ago by Pete, Brian and Sebastian.

If I was able to help resolve your issue please mark my post as solution.

SameerU's picture

Hi

Please submit the file to Symantec Security Response Team for analsying

Regards

Mick2009's picture

"Thumbs up" to the advice, above.

I also recommend ensuring that your network is following these Best Practices from Security Response:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

And that you check your SEPM logs to see if there are any suspicious files that SEP is heuristically detecting.

Using SEPM Alerts and Reports to Combat a Malware Outbreak

https://www-secure.symantec.com/connect/articles/using-sepm-alerts-and-reports-combat-malware-outbreak

Please do keep this thread up-to-date with your progress!

With thanks and best regards,

Mick

Mithun Sanghavi's picture

Hello,

I completely agree with Cameron and Mick.

I would suggest you to scan the machine with SymHelp / Support Tool and submit the files to the Symantec Security Response Team:

Using SymHelp, how do we collect the Load Point Analysis Logs and Submit the same to Symantec Technical Support Team.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AjinBabu's picture

HI,

Scan with SymHelp, and submit the files to Symantec Security Response Team.

Regards

Ajin