Endpoint Protection

 View Only

  • 1.  At .Jobs Virus

    Posted Sep 20, 2014 11:38 AM

    We Are facing At .Jobs Virus created on server 2003 and 2008 Os.

    This At .Jobs created On task manager.

    I had taked with Symantec Team but symantec told this is not virus.

    I have checked on Total virus side other antivirus detected as  Virus but symantec not detected.

    Please any facing this kind of issue or give me soluation.



  • 2.  RE: At .Jobs Virus

    Posted Sep 20, 2014 11:47 AM

    Best you can do is run the threat analysis scan from the symhelp tool and submit any findings to symantec. Also try running a tool called adwcleaner and junkware removal tool

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519

    Security Response recommendations for Symantec Endpoint Protection 12.1 settings

    http://www.symantec.com/docs/TECH173752

    Security Best Practice Recommendations

    http://www.symantec.com/docs/TECH91705



  • 3.  RE: At .Jobs Virus

    Posted Sep 20, 2014 11:47 AM
    You cn scan your system symhelp tool How to run the Threat Analysis Scan in Symantec Help (SymHelp) Article:TECH215519|Created: 2014-03-03|Updated: 2014-07-10|Article URL http://www.symantec.com/docs/TECH215519 See mithun articles Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante You will want to submit these suspicious files, to the Symantec Security Response for analysis, For Retail License Holders https://submit.symantec.com/retail


  • 4.  RE: At .Jobs Virus

    Posted Sep 22, 2014 02:13 AM

    Hi kiran,

    Can you provide any examples? (Link to the VT page, or just provide the hash of one task?)

    In general, Symantec detects the actual malicous code.  that is by dsign.  A scheduled task in itself is not dangerous. This article lays out why:

    Why Symantec Endpoint Protection does not remove AT, INF, INI, and registry keys related to infections
    http://www.symantec.com/docs/TECH158359

     

    Here's one which shows how that taks can, in fact, be a clue to the identity of real infections on the network:

     

    How to determine which remote computer has created a malicious scheduled task
    http://www.symantec.com/docs/HOWTO95062

    This article may help to remove a common threat which causes scheduled tasks:

    Killing Conficker: How to Eradicate W32.Downadup for Good
    https://www-secure.symantec.com/connect/articles/killing-conficker-how-eradicate-w32downadup-good
     

    Please update your thread to confirm if ths information has helped!

    With thanks and best regards,

    Mick