Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Folder name .exe virus

Created: 24 Jun 2009 • Updated: 07 Jul 2010 | 5 comments

We have symantec endpoint protection Security antivirus. From last 3 months we are having problem with one virus which creates folder name with .exe files when double click on any folder.
Around 30 machines infected due to this. Our antivirus definition is updated up to date.

Please suggest how to clear this virus.

Regards
Sayaji
System Administrator
Minda Stoneridge Instruments Ltd

Comments 5 CommentsJump to latest comment

Abhishek Pradhan's picture

Sounds like W32.SillyFDC / W32.SillyDC to me.

Run a scan in safe mode only to remove the virus.

Also, disable System restore before you do this as the virus alse creates entries in the System Restore Points store volumes.

Additionally, disable Autoplay for ALL DRIVES Via a GPO (If you're on a domain), and also disable SImple File Sharing if it's enabled to prevent the infection from propogating itself by binding to files.

Abhishek Pradhan, PMP, MCT
Blog: http://blog.abhishekpradhan.net | SIG Lead - Pune IT Pro (Microsoft Pune User Group) | http://www.puneusergroup.org

jbmtl's picture

hi,

If this .exe virus infected in you computer, It will Disable the following …

Task Manager, Registry Editor, Folder Options, Run in start menu

And it will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor

Download following tools to remove new folder.exe virus follow the link below to downlaod the tool

http://download.bleepingcomputer.com/sUBs/ComboFix.exe ( run tools In safe mode )

Manually remove it (new folder.exe Fix)

Delete File named svichossst.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe “

kokwai's picture

where can Delete File named  " svichossst.exe " ?
and i already follow the step but also cant delete the virus,so any solution for me ,
Thank

Grant_Hall's picture

 Hi Kokwai,

You should make a new thread on this subject. This post that you replied to is very old and will most likely be ignored by most users in this forum. In your new post please provide the following information.

What version of SEP you have
How many clients are affected
More detailed information about this "svichossst.exe" such as its location and how many of them are being created ect ect

Thanks
Grant

Please don't forget to mark your thread solved with whatever answer helped you : )

kokwai's picture

Hi Grant
i'm using
SEP Client Version 11.0.5002.333
SEPM Version 11.0.5002.333
around 10 user are effected ,i try to format all pc can ,but
when folder is sharing will automatic create the new foder.exe is share folder,so how ?

thank
 kok wai