Endpoint Protection

A new virus has been found which symantec is unable to detect .this virus keep trying to access the floppy drive and prevents the user from shutting down the pc. I have already submited the file to security response team.

I had the same experience as yours before when I'am using SEP mr1. Unable to shutdown the computer.We think that It was the virus the causes the problem but upon submitting the diagnostic tool to symantec security response there was infected files found. Symantec support suggested to upgrade the SEP version. Then successfull migrate has been made and now all computers were able to shutdown properly. What version are you using?thanks

Just to make sure I advise also to

1. remove the infected computers on the network
2. Make sure virus definition is updated
3. Run full scan in safe mode

hi all,
I agree that the systems should be updated and scanned in safe mode, however if the sample submitted by Bijay is going to new variant then we need to wait till rapied definition is released. Assuming that Bijay has followed the best practise in identifying/removing the threats.

Cheers
Pete

Also try to check inase you can any instances of viruses running in processes, Autorun.inf files as well as any entries in the registry.

Incase you found any such instances, try to submit the samples to https://submit.symantec.com/gold

Rgrds,
SAM

We are using SEP11MR4

I am 100% sure that this is  anew threat.

If you submitted file to Symantec and it is indeed infected, you should get RapidResponse definitions rather quickly.  If you don't want to wait, download Malware Bytes and scan your system, most likely it will clean the infection for you.

till today no response from symantec. don't know what they are doing.other antivirus detecting the virus.

Hi All,

I have already submited the file to security response team with track number #11374748, Yesterday, 10 jul 2009 02.00 pm.

Usually when we accept feedback from symantec about our request have been processed ?

Tx

At last after 5 days symantec detected

filename: iitqq.exe
machine: Machine
result: This file is detected as Trojan Horse. http://www.symantec.com/avcenter/venc/data/trojan.horse.html


Virus definition detail:

Sequence Number Greater Than: 96601
Defs Version: 110610bm
Extended Version: 06/10/2009 rev.65

I have received new definition updated and can detect virus in my office (W32. Rontrokbro.mm),
but action status "Pending Analysis", what meaning about that ?

Because in SEP Manager Console, can't monitor Computer with status "Pending Anaysis"

Tx

W32.Rontokbro@mm is a mass-mailing worm that causes system instability.

Pending analysis means needs further checking. A user still needs to take action to complete the remediation of a risk on a computer. Manual intervention is still needed to reboot and scan the PC from safe mode.

Thanks...

thanks for bringing this one up..
great work...