Ok so I encountered a worm that seems to either be A) fairly new or B) fairly crafty. Either way, my SEP did not detect the worm as it invaded the computer from a flash drive. I was careless as I did not scan the drive. The worm prevented me from doing much on the computer, as it emulated Memory Write errors in applications. A lot of the currently running programs were crashed, and I was prevented from reopening them. I found some suspicious processes running on the machine, so I used a program to disable suspicious processes on the computer (Called Advanced Program Terminator). It stopped the worm from running (There were a few shortcut files created created on the flash drive, such as my pictures, my music, my documents, and a shortcut to a text file called passwords. These all pointed to %flashdriveletter%\kaiez.scr. There were also files called kaiez.exe, kaiez.scr, and an autorun.inf, all disguised as protected system files, and these were stashed inside c:\docs and settings\myusername, as well as inside the root of the flash drive.) I found and deleted these files, as well as the ones created on the flash drive. This killed the worm. However, when I went to check symantec to see if it detected the files, half of my UI options were grayed out. I rebooted, and the options were still gone. I believe the worm got to the applications data folder, because a lot of the programs that use this folder to store data were reset, as if they had just been installed (foobar2000 music player was one of the programs affected) I uninstalled SEP using Your Uninstaller 2008 Pro, which deletes all traces of a program, from orphaned files, to dead reg keys associated with the program. Now I am unable to reinstall SEP client 11 from a silent installer file. I need help to reinstall this application, because this computer is on a very insecure network, where other users are careless, and protection is minimal. There are no error logs in installation, as it uses a silent installer, which I obtained from my network admin.
Also, I have saved a copy of the files that infect the docs and settings folder and flash drive inside a rar file, inside another rar file with a readme describing the operations of the worm. I attempted to obtain the autorun file from the GUI, but was denied access. I tried through CMD with admin level privlages, but was still denied access. I cannot add the file to a rar archive either. The file is 1kb however, so I would guess that the contents were something like this:
[autorun]
open=kaiez.exe
Without the autorun.inf, I believe this worm is harmless, unless you run kaiez.exe or .scr.
Any help in reinstalling SEP from a silent installer would be greatly appreciated, as would an update to your Virus Definition files so that this worm does not spread any more.