Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Problem with virus

Created: 02 Jun 2011 | 4 comments

Hi,

I'm looking if anyone is having the same problem that I'm having, there is about 2 months I having a problem with a virus that is hidden folders on my file server. 

I've sent many times the suspicius files to Symantec but every week I get the same problem back.

I follwed all the steps that has been recommed buy Symantec like disable autorun, virus definitions, microsoft patchs even removable devices are allowed only for people that really need to use, but i still having the problem with the virus.

In addition all my machines has this patch applyed http://www.securityfocus.com/bid/41732

Is it anything else that a can do to sort out my problem.

My SEP version is : Ru6 MP1

Thanks!

Comments 4 CommentsJump to latest comment

Kurt G.'s picture

What is the risk you are dealing with? Without this information it is nearly impossible to provide any recommendations.

When you submit the files, are you immediately receiving a report stating that the files are associated with a risk?

If you run system scans on the file server are the files detected by SEP?

What features of SEP client are installed in your environment? e.g. Antivirus and Antispyware, Proactive Threat Protection, Network Threat Protection.

Kurt G.
Symantec Technical Specialist: Endpoint Security Advanced Team

Symantec Corporation www.symantec.com

Symantec Enterprise Support: (800) 342 0652 

Mithun Sanghavi's picture

Hello,

Please Explain the Issue in Detail.

It is important to understand the Symptoms you are facing in detail so that we could assist you appropriately.

I understand that you are having a Hidden Folders on the File Server. And you have send Suspicious Files to Symantec.

However, you haven't specified, if they are hidden, how did you come to know about them and What were the results of the Submission?

How many machines do you have in Network and Is that the hidden folders found only on FileServer?

Did Symantec ever detect Threats? If yes, what were those?

If you could upload the Risk Logs from Symantec Endpoint Protection?

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rodrigo Benedik's picture

I got about 400 machines on my network all the workstations are running with all features and the servers are running with Antivirus, anti-spyware and NTP.

We started having the virus changeup, a few days ago we had trojan.ADH.2.

I know that is getting hidden when users complain about the folders and the only way to unhidden the folders is using attrib. And most of times when i look insade of the folder after the problems beging with the folder, I find suspicius files and when we submit files to websites like virustotal.com there are many brand that already detect the files but SEP are not detecting.

I'm getting problem only with the file server. 

And what is strange is on my SEP console there is nothig point virus the console is always green and health.

Thanks!

 

 

 

 

 

Rodrigo Benedik

thomas_m's picture

Is the AV software on your fileserver up to date? Have you submitted any files to the Security Response website?

Symantec Technical Support Engineer, SEP, SAV for Linux<