Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to remove Virus/Malware - 6dc09d8d.exe

Created: 09 Jan 2013 | 10 comments

Hi, 

Does anybody know how to remove 6dc09d8d.exe on local disk? I do not know if this is virus or malware but it does infect plug in USB storage or any external hard drive. It will hide and make read-only the folders on the USB storage and create shortcuts of them that will trigger to created hidden RECYCLER folder with 6dc09d8d.exe as the content.

Shortcuts and RECYCLER folder on the USB storage can be easily deleted. However, original files that was hidden cannot easily unhide because they are now read-only.

Unfortunately, Symantec Endpoint Protection 12.1.1000.157 RU1 cannot detect, clean and remove the virus.

Where does it located on Windows? How to prevent from spreading?

Please Help.

Thank you

Noel

Comments 10 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/you...

If symantec not detect virus you can submit Supicious file

Submit Suspicious Files

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Thanks In Advance

Ashish Sharma

kradangel's picture

It does not create shortcuts on the system, however, it does only activate when plug the external hard drives and or usb storage. How will I prevent from transfering from one workstation to another and identify the location of that .exe file.

kradangel's picture

autorun is disabled by our group policy.

@Ashish Sharma, it is not mention how they resolve the issue.

Ashish-Sharma's picture

Hi,

Check this thread

https://www-secure.symantec.com/connect/forums/rec...

ThreatExpert's awareness of the file "recycler.exe":

http://www.threatexpert.com/files/recycler.exe.html

Also you can submit file

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture

Hello,

Are running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

Run a scan in safe mode with networking to remove the virus.

Could you zip each of the folders and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

In your case, it is also advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine via GPO. http://support.microsoft.com/kb/967715

4) Disable System Restore before you do this as the virus also creates entries in the System Restore Points store volumes.

Also, check this Article:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kradangel's picture

I just submitted the file to threatexpert. I hope for positive result and stop the virus from spreading.

kradangel's picture

No one replied yet from threatexpert. I hope they are still analyzing the file. Thank you

Mithun Sanghavi's picture

Hello,

Did you submit the Symantec Security Response Team on :

https://submit.symantec.com/websubmit/essential.cgi

If not, please do the same and send me the Tracking number.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.