Video Screencast Help

PianoManCorrupt virus

Created: 11 Apr 2013 • Updated: 06 May 2013 | 9 comments

This virus has recked havoc on my network machines infecting all MS office 2007,2010,2013 documents(excel, word,powerpoint ,onenote) rendering them unreadable.

Please assist me with solutions. I desperately need to recover my documents.

Operating Systems:

Comments 9 CommentsJump to latest comment

W007's picture

Hello,

What sep version are you using ?

You can download sep tool

http://www.symantec.com/connect/forums/your-system...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

W007's picture

hello,

If above issue not resolved you can collect suspicious file and submit symantec support team

 

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

You can create case also

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_t...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SachinKamble's picture

Kindly follow the below steps :

1) Remove these sysrems from network

2) On one system, run SepSupprt tool & collect the suspected file with the help of Loadpoliint option.

3) Submit these files on symantec portal, also confirm on Virus total site.

 

Mick2009's picture

Hello onismo,

Just checking to see if you were able to overcome this threat, and what steps helped you accomplish that.  Your experiences may be of benefit to other admins in the same situation.

Many thanks in advance!

Mick

With thanks and best regards,

Mick

Jeshrel's picture

Hi Onsimo,

 

I have same infection on my network but SEP is detecing it as w32.silly, w32.downadup 

 

I have run all the above recommemded, symantec scan says it detected it and deleted it, but the same threat jumps up the same next day.

 

Please letting us know by what you did to fix the issue.

 

 

.Brian's picture

Did you disable autorun?

Where is it being detected? USB drive?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jeshrel's picture

Hi Brian,

 

Yes, autorun.inf is blocked through symantec, Yes on the USB drive.

 

Symantec detects excels sheets and words iles as infection, sometimes it detected a threat on the physical machine.

.Brian's picture

Have you considered using ADC to block file from executing from a USB?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jeshrel's picture

Hi Brian,

 

You mean this article right

http://www.symantec.com/docs/TECH131741

 

Yes i have implemented it but it's the documents that are getting detected as threat sad