Endpoint Protection

 View Only

  • 1.  khu hidden file in shared folders

    Posted Aug 12, 2009 06:22 AM
    Hi,     Experts

    This is pratap. I am using SEP in Windows PC, here some files are stored in shared folders named as khu, and creates more file like khr, kh.. and so on..

    what are these file..
    how to solve the problem
    plz guide me.


    regards
    Pratap borra


  • 2.  RE: khu hidden file in shared folders

    Posted Aug 12, 2009 06:39 AM
    Since the files are in shared folder there could be possiblity that  they may be a threat. Since the folder is shared the user may knowingly or un knowingly would have infected it.

    Steps you need to do:

    Make sure that the share is not open. ( For the time being )

    Add password to share

    Disable the share for the time being

    Scan the share  with the latest virus defintion.



  • 3.  RE: khu hidden file in shared folders

    Posted Aug 12, 2009 07:15 AM
    after cleaning the system just delete these files as these files are left by some virus even if the system got cleaned.

    so manually delete these files .if still these are created again that means you network has still some virus left .so clean each and every pc .and make the shares readonly and see what happens.


  • 4.  RE: khu hidden file in shared folders

    Posted Aug 12, 2009 08:27 AM
    Hi Pratap,

    Open all your shares
               Look for suspected exe files. (Even though you delete them this will get created automatically after sometime).
               If you find any exe files submit the samples to symantec security team.

    They will analyse and provide the Rapid release link to download.

    I had faced the similar issue at mulitple customer place and submitted the samples.

    These virus are  W32.Harakit.



  • 5.  RE: khu hidden file in shared folders

    Posted Aug 12, 2009 08:49 AM
    Try to scan the file using SEP but if it not detected by sep then submit it to symantec security team to analyze the file.


  • 6.  RE: khu hidden file in shared folders

    Posted Aug 13, 2009 08:41 AM
    it's may be Harakit or clean file


  • 7.  RE: khu hidden file in shared folders

    Posted Aug 13, 2009 09:08 AM
    It is an activity of harakit, but when u submit those files to symantec reponse team it will say it is clean file. These files is generated only in the folders with full permission. I have a case logged in symantec since last two  months. Not yet came to a ressolution.
    The size of these files are 0KB.


  • 8.  RE: khu hidden file in shared folders

    Posted Aug 13, 2009 09:48 AM

    Ajitjha,

    You need to find out the exe files and submit ti to symantec for the definitions.
    khr or khz files are being created by the virus and not harmfull.

    Earlier I had the same issue, it was creating 0 kb files in the name of mon, tue,wed, thr, sat.

    Customer had named it as sunday, monday virus.

    It had taken almost 10 to 15 days to find out the virus.