Video Screencast Help

how to recover from problem cuased by virus

Created: 26 May 2013 | 12 comments
roh234's picture

hi

my file server got infected from virus,it has created some porn folder and hinde some folder,

i can see that folder if i am browsing through Address bar,but cant see them when going to there folder directly.

i have submited files to virus total.they have suggested me some patches that removed my porn folder,but still i am not able to see those folder

 

kindly let me knw how to solve this

 

Regards

 

Operating Systems:

Comments 12 CommentsJump to latest comment

roh234's picture

i have updated and scan complete system even i go to aggesive mode,but it does not help.

have scan system in safe mood but no help.

technical_specialist's picture

Hello,

If the virus has been clean then you can unhide the file using attrib command

http://n4dheem.wordpress.com/2011/03/17/virus-set-...

Incase virus is still in system then submit the virus file to symantec

https://submit.symantec.com/websubmit/retail.cgi

https://www-secure.symantec.com/connect/forums/vir...

Symantec will investigate on file and provide the rapid release path to clean it.

Thanks

Ambesh_444's picture

Hello,

Make sure that your server is updated with latest antivirus definition and update it with latest ms patches also,
Then do a full scan on the server and then run NPE (Norton Power Eraser ) tool on the server.

How to run Norton Power Eraser - Free Virus and Spyware Removal Tool from Norton

https://support.norton.com/sp/en/in/home/current/s...

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

pete_4u2002's picture

you mean you have scanned in safe mode?

hasn't the SEP detected?

Have you applied the definition the security response has mentioned in the email?

roh234's picture

which email you are talking about.

pete_4u2002's picture

ahh you uploaded on virustotal!

can you upload the file to Symantec Security response.

technical_specialist's picture

When you can submit the virus to symantec. Symantec will provide you the rapid release defintion path on email. Run the same on infected system and clean the virus.

AjinBabu's picture

 

HI, 

As suggested above pot please perform a safe mode full scan.

Regards

Ajin

Mick2009's picture

Hi roh234,

Are you using SEP 11 or SEP 12.1 with SONAR and insight?   Check the SEPM logs to see what files are being detected in your environment heuristically and get them submitted.

Using SEPM Alerts and Reports to Combat a Malware Outbreak
https://www-secure.symantec.com/connect/articles/using-sepm-alerts-and-reports-combat-malware-outbreak

 

With thanks and best regards,

Mick

Chetan Savade's picture

Hi,

I hope you are using all three SEP features AV/AS, PTP & NTP.

You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

Best Practices for Troubleshooting Viruses on a Network

http://www.symantec.com/docs/TECH122466

Follow the best practices:

1) Install all the SEP features i.e. AV/AS, PTP & NTP.

1) System should be updated with Service packs and windows patches.

2) Make sure the machines are installed with the latest third party applications.

3) Disable the Autorun Feature if not using SEP 12.1.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

In case, if your system is infected, symantec tools to help clear an infection. Check this Link:

https://www-secure.symantec.com/connect/forums/you...

Try running the SymHelp Utility which may assist you to understand the basic issues.

Symantec Help (SymHelp) is a utility designed to quickly and efficiently diagnose common issues encountered on multiple Symantec products. SymHelp can identify most of the problems that you might run into when installing the client, and provide instructions on how to solve them. 

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Here's some advice from Security Response on how to make the best use of SEP.  Auto-Protect with traditional AV derfinitions alone is not enough for a complete defence against today's sophisticated threats: using IPS, Insight etc is crucial.  And, of course, educated users following best security practice... that';s the best protection.

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Secondly, I would also advise you to create a case with Symantec Technical Support - 

How to create a new case in MySupport

http://www.symantec.com/docs/TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope this helps!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.