Endpoint Protection

 View Only

  • 1.  Malware Reinstalling Itself

    Posted Oct 03, 2014 05:29 PM

    I anm running sep 12.1.4100 enterprise.

    Since June I have had a 100 fold increase of virus.malware. I have seen Symantec quantine the same file over and over.

    I even remoted in and delected a folder containing a entire malware installation and seen it immediately have the folder and files show up again.

    After fighting with this I finally found in scheduled tasks a task to install it.  Symantec does not remove this task nor does other malware removal programs.

    Just thought I'd share this.

     



  • 2.  RE: Malware Reinstalling Itself

    Posted Oct 03, 2014 05:36 PM
    What's the name of file? Did you submit them? SEP isn't going to remove scheduled tasks


  • 3.  RE: Malware Reinstalling Itself

    Posted Oct 04, 2014 03:56 PM

    Hi Mr Gadget,

    Just guessing, but is that threat W32.Downadup?  Here's an article that will help.

    Killing Conficker: How to Eradicate W32.Downadup for Good
    https://www-secure.symantec.com/connect/articles/killing-conficker-how-eradicate-w32downadup-good

     

    The steps are not always convenient, but they are effective.

    Please do update this thread with your progress!

    All the best,

    Mick



  • 4.  RE: Malware Reinstalling Itself

    Posted Oct 05, 2014 04:25 PM

    Brian

    There are many, I can't keep up with them all. I try to submit to Symantec but because all clients are at remote sites I only have an hour a day to remote in to submit from the client.

    I've seen as many as 20 different scheduled tasks from Malware and some repeated tasks.

    I'm encoutering as many as 15 different malwares in one day and maybe 30 or more in a week.

    My suspicion is one person has made many of them and sends a new one or ones out per day.



  • 5.  RE: Malware Reinstalling Itself

    Posted Oct 05, 2014 04:30 PM

    Mick, I've had the W32.downadup before and it tends to rear its ugly head every now and then. I've really not had a problem getting rid of it.

    I started this discussion just as a FYI  to let people know these new malwares are installing scheduled tasks.



  • 6.  RE: Malware Reinstalling Itself

    Posted Oct 05, 2014 06:57 PM

    What's the executable that is triggered by the scheduled task. ? Is that a URL that is downloaded or a EXE that is fired by the task scheduler ?

     

    Task scheduler by itself just fires the tasks that is scheduled to run and remains ignorant otherwise. A/V programs doesn't neccesseraily care about this area unless the execution made by the task violates one or more of the legitimate rules that every A/V's real time engine monitors all the time .



  • 7.  RE: Malware Reinstalling Itself

    Posted Oct 21, 2014 09:59 AM

    Ksreek, I have not seen a URL listed in the scheduled tasks only executables. I am assuming these executables launch some URL where it either reinstalls the same Malware or Downloads more.