Endpoint Protection

 View Only

  • 1.  SEP 11.0.5 cannot block Trojan.ADH

    Posted May 23, 2011 10:19 AM

    Hello,
    I have SEP 11.0.5 clients with Win7, and recently we have a lot infections with Trojan.ADH, but the antivirus doesn't block that virus. This virus block the internet connection, and in the external drives (flash, external drives) hide all the folders creating shortcuts.

    We ran a full scan system in a safe mode, but didn't work. I'll appreciate your help.



  • 2.  RE: SEP 11.0.5 cannot block Trojan.ADH

    Posted May 23, 2011 11:02 AM

    can symantec found a virus and cannot delete or nothing found?

    Best Regards.

    Fatih



  • 3.  RE: SEP 11.0.5 cannot block Trojan.ADH

    Trusted Advisor
    Posted May 23, 2011 11:12 AM

    Hello,

    How did you come to know that this was Trojan.ADH?

    What Symtops were identified, that made you sure that it was Trojan.ADH?

    Please Follow the Article:

     

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 
     
     
    Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not
     
     


  • 4.  RE: SEP 11.0.5 cannot block Trojan.ADH

    Posted May 23, 2011 11:47 AM

    Are you on the latest AV definitions? It appears that signature was updated yesterday for new variants. 

    http://www.symantec.com/security_response/writeup.jsp?docid=2010-031221-0802-99

    Did you submit the files to the Security Response Website?



  • 5.  RE: SEP 11.0.5 cannot block Trojan.ADH

    Posted May 23, 2011 11:59 AM

    If it's being detected--since you provided the name--what is the action taken?

    From the writeup:

    Trojan.ADH is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

    I would take a look at the Technical Details tab via the above link for suggestions.

    sandra



  • 6.  RE: SEP 11.0.5 cannot block Trojan.ADH

    Posted May 23, 2011 12:04 PM

    SEP nothing found, and if we scan the clients through the network (other client or server), detects the next file: 

    Ltgqgb.exe Trojan.ADH

    The symtops are that .exe file block internet connection, and in the external drives hide all the folders, and create shortcuts to themselves.

    I'll use the Symantec Support tool to submit and inform you the results as soon as posible.