Video Screencast Help

scan notification

Created: 11 Mar 2011 • Updated: 18 Mar 2011 | 15 comments
This issue has been solved. See solution.

Hi,

 

find the attachment . The problem is all the original folders converted into shortcut folders likewise. How to remove this one and delete the

viruses.

Comments 15 CommentsJump to latest comment

P_K_'s picture

Run SEP support Tool

Under the Load Point section upload the suspected files

In the meantime make sure that the virus defs are updated and then run a full scan in safe mode

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

kp.ashok87's picture

Please send the SEP support tool liink

Chetan Savade's picture

Hi,

SEP Support link:

http://www.symantec.com/business/support/index?pag...

Run powere eraser option through SEP support tool and check.

High possibility is that machine is infected.

It is recommended to install all the Symantec features AV / PTP/ NTP with latest definitions.Always make sure that your computers are receiving definitions regularly.

You can upgrade your product to latest built.
 
You windows machines should have all the latest windows updates/Patches.
 
Disable Autorun.
 
Please follow best practice guide to handle virus issue.
 
http://www.symantec.com/business/support/index?page=content&id=TECH105236

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

kp.ashok87's picture

Hi,

 

From there where do i get the SEP tool.. Really i don't know..plzzzz help me..

Mithun Sanghavi's picture

Hello,

Please Click on the Link provided below:

The Symantec Endpoint Protection Support Tool

http://www.symantec.com/business/support/index?pag...

 

and then Click on 'HTTP DOWNLOAD'

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kp.ashok87's picture

Explain  plzzz   what is AV/PTP/NTP

Rafeeq's picture

AV: antivirus

PTP:proactive threat protection

NTP:newtork threat protection

Mithun Sanghavi's picture

Hello,

I Have a doubt:

The screen shot shown here seems to be on a Trascend Drive - E:\ (which is an external drive), so do you see the same thing happening on your personal drive as well?

These are shortcut files which have have been created on the drive due to virus infection (no doubt).

Suggestion 1:

If this is happening only on E drive, I would say They are many names for this virus but the most common is "the shortcut virus". Its capable of "disappearing" our folder and "appearing" it into shortcut.

The first thing NOT to do is to FORMAT your flash drive. Rumors says that this virus is just a prank..So that unwise user will think they files all gone!

Your file is NOT gone or corrupted, its just HIDDEN.  Follow these steps (if you are using windows..):

1) open your infected drive directory (example: drive F:\)

2) open tool, folder option, view tab

3) click "show hidden files & folders"

4) UNCLICK both "Hide extension for known file type" and

"Hide protected operating system files (recommended)"

5) If there is a warning, just click yes

/* Now you should be able to see your lost file (its in transparent folder)*/

6) Enter the hidden folder, CUT all your file and PASTE it inside a new folder. (repeat this step for your other folder too)

7) Delete all old folders that is empty and also the annoying 1kB shortcut folder. (also any suspicious folder or icon such as desktop.ini, thumb.db etc that might be virus)

8) Dont forget to undo step 2 and 3 if your done.

/*if you're infected by this virus again in the future, i recommend you to put all your files and folder in just ONE folder inside your external device.(so you dont have to repeat step 6 so many time)*/

 

 

Suggestion 2:

Click on "Start" -->Run --> type cmd and click on OK.

Here, your flash drive letter is H:

Enter this command.

attrib -h -r -s /s /d h:\*.*

You can copy the above command --> Right-click in the Command Prompt and paste it.

Now press "Enter". Now check for your files in Flash Drive.

 

Suggestion 3:

If the above Steps don't work, check if the Flash drive has a Autorun.inf file.

If you are able to locate the Autorun.inf, Right click on the same and click on "Open with"

Click on "Choose Program"

Select "Notepad"

Once you have opened the file, it may tell you what file is getting autorunned as soon as H drive (USB flash is inserted)

 

 

INCASE, this is not your USB EXTERNAL DRIVE then,

1) Update all Microsoft Security Patches

2) Disable Autorun on All Drives

http://support.microsoft.com/kb/953252

3) Disable System Restore

http://support.microsoft.com/kb/283073

4) Run a Full Scan sy Symantec Endpoint Protection in Safe Mode.

5) Follow the Symantec Forums Article:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
kp.ashok87's picture

How to disable AUTORUN on all drives?

Rafeeq's picture

use windows group policy to disable autorun on all drives

http://support.microsoft.com/kb/967715

Mithun Sanghavi's picture

Hello,

I have updated the Steps with Links.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

If you are deleting short cut files manually make sure you are not deleting original data.

So you may feel that you are deleting only 1KB file but actually it will delete all the data inside that folder.

Because in some cases I have seen original data will be inside 1KB file.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<