Video Screencast Help

Folder.exe gets created and quarantined by Symantec time and again

Created: 04 Nov 2012 | 3 comments

Hi,

 

One of the machines in our office always gets a pop up that folder.exe has been found and then quarintined. The symantec aantivirus is updated on that machine and it is showing secuirty status is good. Can you help me with this. The symantec version is 12.1.671....

 

 

Regards,

Anish

Comments 3 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Update your system latest Defination.

https://www-secure.symantec.com/connect/forums/need-virus-removal-tool

If not, there are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitionshttp://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Support Tool with Power Eraser Tool included –

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

http://www.symantec.com/business/security_response/submitsamples.jsp

http://www.threatexpert.com/submit.aspx

Check this thread

http://www.symantec.com/connect/forums/symantec-endpoint-protection-could-not-catch-newfolderexe-virus

 

Check this thread Also

https://www-secure.symantec.com/connect/forums/folder-getting-created-folderexe

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Are running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

The symptoms sounds like W32.SillyFDC to me.

Plan of Action:

1) Make sure you have Latest Microsoft updates and security patches on the machine.

2) Run a scan in safe mode with networking to remove the virus.

3) Disable System Restore before you do this as the virus alse creates entries in the System Restore Points store volumes.

4) Disable Autoplay for ALL DRIVES Via a GPO (If you're on a domain), and

5) Disable Simple File Sharing if it's enabled to prevent the infection from propogating itself by binding to files.

Secondly, Submit these files to the Symantec Security Response and they will get detected.

https://submit.symantec.com/essential

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Check these articles as well:

How to Manage Quarantined files.

http://www.symantec.com/docs/TECH106443

How to delete Quarantined items from the Symantec Endpoint Protection Manager.

http://www.symantec.com/docs/TECH106444

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<