Endpoint Protection

 View Only

  • 1.  Headache with virus create tun of exe and cmd file

    Posted Oct 30, 2010 09:40 AM

    Hello,

     

    I have headache with virus that create many tun of exe and cmd and no extension file as below.

     

    I don't know how to get rid of these virus file. I can't delete or move it and can't see it in save mode because in capture that I post to you I can see When browse from another server to this share drive!!!!

     

    Please guide me to clean it. it don't work on save mode and I tried it already.

     

    and another problem is when I scan virus then If I stop it, My Server will Hang immediately. I think it's because of virus.

    I try to kill that virus file by use attrib command for -S -H -R and del that file but after I try to del that file my server is hang too.



  • 2.  RE: Headache with virus create tun of exe and cmd file

    Broadcom Employee
    Posted Oct 30, 2010 11:16 AM

    did you check if any suspicious process is there? if yes submit, did you run the latest Rapid Release definition.

     

    If not, open a support case and provide the team Load point tool results, the Support team will analyze and provide you the files which needs to be submitted.



  • 3.  RE: Headache with virus create tun of exe and cmd file

    Posted Oct 30, 2010 12:15 PM

    I don't think symantec support won't remote to support server that have virus.



  • 4.  RE: Headache with virus create tun of exe and cmd file

    Posted Oct 30, 2010 12:26 PM

    Symantec support has webex with which they can remote to infected machines without getting infected.

    However you should submit all suspicious/virus files to

    http://www.symantec.com/business/security_response/submitsamples.jsp

     

    Also use Autoruns to find out the suspicious files check the article in my signature



  • 5.  RE: Headache with virus create tun of exe and cmd file

    Posted Oct 31, 2010 01:02 AM

    Disable auto-play feature on all the computers  as  soon as possible. Make sure you  SEP AV/AS definitions are  latest.

    If SEP still could not detect anything, please  submit the files to security response. Please  contact technical support, ASAP.



  • 6.  RE: Headache with virus create tun of exe and cmd file

    Posted Oct 31, 2010 09:07 AM

    Thanks.

     

    I use attrib command to del it already. Hope it will not come back again.



  • 7.  RE: Headache with virus create tun of exe and cmd file

    Posted Oct 31, 2010 11:02 AM

    Make sure you scan you machine in safe mode once with latest virus definition.



  • 8.  RE: Headache with virus create tun of exe and cmd file

    Posted Nov 01, 2010 10:53 AM

    To clean this system from threats, try running the Power Eraser tool.

    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

     

    The Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully, and only after you have exhausted other options.

     

    Good luck,

    Thomas



  • 9.  RE: Headache with virus create tun of exe and cmd file

    Posted Nov 01, 2010 10:57 AM

    Here's what I would do:

    -Set the folder with all the files to read only for all users except yourself

    -Upload the files to security response

    -Upload a few to www.threatexpert.com to see if they are communicating anywhere outside the network as well as to see what system changes they are making

    -Delete all of the suspect files from that folder

    -Disable autorun

    -Block any communication/changes the threats are making according to the threatexpert report

    -Once you get a detection for the threats from security response scan all machines in the network to ensure they are clean

    -Change the folder back from read only