Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

HELP!!! SEP can`t do nothing!!!!!!!

Created: 17 Jul 2013 • Updated: 17 Jul 2013 | 10 comments

Help with virus Symantec do nothing The virus worm.win32.debris.a ao al.(kaspersky) Rename to rar and password -1 to upload file. Where is the reaction send you 2 weeks Have a corporate antivirus SEP12.1 - 500 users (basic)

Operating Systems:

Comments 10 CommentsJump to latest comment

AJ_01's picture

Please clear your requirement.

If you find any virus then you can submit the suspicious file to Symantec security response team.

They can analysis and provide the Rapid defintion against that virus.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Regard

AJ

pete_4u2002's picture

upload the suspicious file to security response and work with tech support.

Brɨan's picture

Upload the file here

https://submit.symantec.com/websubmit/gold.cgi

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Check these articles:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Vladimir_virus's picture

I sand this file to srcurity response many time!!! http://www.symantec.com/security_response/submitsamples.jsp

Submission Date 2013-07-11T07:26:39.3
Tracking # 31099978
Submitter Vladimir Korobenko
Customer Notes  Symantec does not find him. Kaspersky names him worm.win32.debris.an A virus hides all files in the hidden folder when insert removable flesh. Password on zip(rename to doc) file - 1
Submission Date 2013-07-11T08:10:50.317
Tracking # 31100398
Submitter Vladimir Korobenko
Customer Notes  Symantec does not find him. Kaspersky names him worm.win32.debris.an A virus hides all files in the hidden folder when insert removable flesh. Password on zip(rename to doc) file - 1 Add two files that virus create. Zip file rename to doc
Submission Date 2013-07-16T09:04:40.853
Tracking # 31232745
Submitter Vladimir Korobenko
Customer Notes  2 weeks ago a send you body jf virus Where is the reaction

No reaction!!!

When a go to http://www.symantec.com/techsupp/home_homeoffice/products/sep/Sep_SupportTool.exe

Page Not Found

I live in Ukraine in Kiev (capital). We have no solution in our country. Most close solution in Moscow but a can`t call to their solution 0800504630 because selfdefendant.

Beppe's picture

Hello Vladimir,

as clearly instructed in the submission page, the archive must not be password protected and there's no need to change the extension, those things really slow down our investigation/reaction.

Once you have submitted the malicious samples in the proper way, if there's still no feedback from Symantec Security Response, you may contact our support to get it faster,

via web:

https://my.symantec.com/

or via phone, if you can't reach the Russian solution, try with the English (UK) one:

http://www.symantec.com/support/techsupp_contact_p...

Regards,

Giuseppe

AjinBabu's picture

Hello, 

Use power eraser and let us know the outcomes.

http://www.symantec.com/docs/TECH134803.

Regards

Ajin

 
Vladimir_virus's picture

VirusTotal

SHA256:         53a9da7b822af7ae3c9692a964fa2a565096d342bf13ecc765994461b578fece

File name:        thumbs.db

Detected:         9 / 46

Date:    2013-07-18 06:50:37 UTC (3 минут назад)

0

4

Antivirus                                  name                                        Date

Agnitum                                                                        20130717

AhnLab-V3                                                                   20130717

AntiVir                                                                           20130717

Antiy-AVL                                                                      20130718

Avast                                                                           20130718

AVG                                                                             20130718

BitDefender                                                                 20130718

ByteHero                                                                     20130613

CAT-QuickHeal                                                            20130717

ClamAV                                                                        20130718

Commtouch                                                                 20130718

Comodo                     UnclassifiedMalware                 20130718

DrWeb                                                                         20130718

Emsisoft                                                                       20130718

eSafe                                                                           20130717

ESET-NOD32                                                              20130717

F-Prot                                                                          20130718

F-Secure                                                                     20130718

Fortinet                                                                        20130718

GData                                                                          20130718

Ikarus                         Worm.Win32.Debris                 20130718

Jiangmin                                                                      20130717

K7AntiVirus                EmailWorm                                20130717

K7GW                        EmailWorm                               20130717

Kaspersky                   Worm.Win32.Debris.ao           20130717

Kingsoft                                                                       20130718

Malwarebytes                                                             20130718

McAfee                       Encoded Executable                20130718

McAfee-GW-Edition   Encoded Executable                20130717

Microsoft                                                                     20130717

MicroWorld-eScan                                                     20130717

NANO-Antivirus                                                         20130717

Norman                                                                       20130717

nProtect                                                                       20130717

Panda                                                                          20130717

PCTools                                                                     20130717

Rising                                                                           20130717

Sophos                                                                        20130717

SUPERAntiSpyware                                                   20130717

Symantec                                                                     20130717

TrendMicro                 TROJ_GEN.F47V0704          20130717

ViRobot           Worm.Win32.A.Debris.299520          20130717

Mithun Sanghavi's picture

Hello,

Upon checking your submissions where are the suggestions - 

Tracking # 31099978 is with File name virus.doc 

Tracking # 31100398 is with File name Archive.doc

Tracking # 31232745 is with File name _wbzysgzlmez.rar

whereas

thumbs.db with 

SHA256:         53a9da7b822af7ae3c9692a964fa2a565096d342bf13ecc765994461b578fece 

is not malicious itself, but an artifact of a threat. 

Threat Artifact means File is a byproduct of some threat.

In your case, It is requested that next time you submit such suspicious files on: 

https://submit.symantec.com/websubmit/basic.cgi

Please note the following guidelines for submissions:

  • Uploads may be a maximum size of 20MB
  • You may upload a maximum of 9 files in each submission by placing the sample files within a ZIP or RAR archive
  • Uploads must not be password protected

I would request you not to change the extension of the suspicious files while submitting to the Symantec Security Response.

Please check this Article:

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/docs/TECH102419

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.