Lot of W32.Rontokbro@mm infection
Created: 14 Feb 2013 | 19 comments
Hi,
In one of the node, we are getting lot of W32.Rontokbro@mm virus detections. it has been found to take lot traffic. Ran many of the tools suggested by Symantec but the issue still persists. Can i create an exception for this known detection from the server level? The user is annoyed because the computer hangs because of the continuos detection of this threat. Please help.
Regards,
Anish
Discussion Filed Under:
Comments 19 Comments • Jump to latest comment
Hi,
Check this tool
http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99
Is your system infected? Symantec tools to help clear an infection
https://www-secure.symantec.com/connect/forums/you...
If symantec not detect virus you can submit Supicious file
Submit Suspicious Files
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi Ashish,
The infected computer seems to be running with some application which is also shared by other users. The application is used internally and accessed by only 5-10 people from their computers. It is been found that as and when these users share their folders, they also get those virus detection. Please let me know how to add exceptions for application and what type of exception would be better in my case ?
Regards,
Anish.
Regards,
Anish
HI,
Check this artical how to add
Configuring Exceptions for Symantec Endpoint Protection (SEP) 12.1
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello Anish,
1) Make sure your system is updated with latest antivirus definiton.
2) Your system should have all patches installed including KB958644
3) Do a full scan on the system and then restart the system.
Please check with this..
http://www.symantec.com/security_response/attacksi...
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Hi Ambesh,
The Computer is updated wiht latest antivirus defintions. Also, the above patch has been installed. Full scan has been done.
Regards,
Anish
Regards,
Anish
Hi Anish,
Thank you for revert,
Please check with this,
http://www.symantec.com/security_response/writeup....
http://www.symantec.com/security_response/attacksi...
http://www.symantec.com/security_response/writeup....
And please let me know...
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
sent one link on PM.
Hi Anish,
Please let me know if your issue is resolved?
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Hi,
We are still facing with the issue.
Regards,
Anish
Regards,
Anish
Hello Anish,
Have you done above thing on system.
Please go through with below link and let me know.
http://www.symantec.com/security_response/writeup....
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
symantec not detect virus you can submit Supicious file
Submit Suspicious Files
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello,
I would suggest you to check this Thread: https://www-secure.symantec.com/connect/forums/how-delete-0
What version of SEP are you carrying?
Checking it carefully, found this:
Your Symptoms looks very similar to these as below:
You run a scan multiple times and it continually finds threats previously quarantined in C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine. A full system scan will find the files and claim that it successfully quarantined the file but will be found my another full system scan in the same location.
Cause: Unknown. It is suspected that the SRTSP is a middle point for the main quarantine typically located in C:\Documents and Settings\All Users\Application data\Symantec Endpoint Protection\Quarantine
Solution:
Disable the System Restore from the Machine.
When trying to access C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine you will probably get an access denied.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Anish,
Kindly update us about your virus related problem?
Thank& Regards,
Ambesh
Please mark your thread as 'SOLVED' with the answer that helps you.
Are you able to identify the source?
I'm afraid the attack won't stop until you track the source and clean it all together...
Hi,
whenever a user in our network try to share some folders, the virus is found. Users have been told not to share folders. At the same time, the application currently running on the machine is planned to be put in a dedicated machine. Will have to perform few other stesp once the user is free. Thanks for your suggestions.
Regards,
Anish
Regards,
Anish
Hello,
Are all the client machines installed with Latest and updated SEP client??
Could you please make sure you have the machines run a Full scan on them.
And when the users share a drive or a folder a strong password protection to be used.
I would also recommend you to disable the AutoRun Feature via GPO.
To find the Source of the Threat, it is advised to Enable the "Risk Tracer" feature from the SEPM.
Risk Tracer -
http://www.symantec.com/docs/TECH102539
How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection
http://www.symantec.com/docs/TECH94526
A few extra notes....
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi,
Is there any inbuilt option in windows 7 or XP with this password protection for shared folders?
Regards,
Anish
Regards,
Anish
Hello,
You cannot password protect individual folders in XP. You restrict access by assigning permissions to drives, folders and files.
Check this Article: http://support.microsoft.com/kb/307874
Whereas in Windows 7 you could turn on the password protected sharing, check this Article:
http://windows.microsoft.com/en-US/windows7/Share-files-with-someone
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi
Please scan the system in safe mode
Regards
Would you like to reply?
Login or Register to post your comment.