Endpoint Protection

 View Only

  • 1.  SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Aug 09, 2013 12:44 AM
    I have problem with virus name "W32.SillyFDC"
     
     
    My thumb drive has "W32.SillyFDC" virus file.
    When connect thumb drive to computer that have Symantec Endpoint Protection 12.1.2015.2015.
    The Symantec has detect "W32.SillyFDC" virus in my thumb drive  .
    Symantec scan and require my computer restart.
    When my computer boot  up again, virus in my thumb drive still alive, so Symantec  detect and require restart again.
     
    Note that: My thumb drive are read-only mode.
    I never change  my thumb drive to read-only mode my self.
    Virus can do that?
     
     
    Ref case virus report: 31754702 and 31487832


  • 2.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Broadcom Employee
    Posted Aug 09, 2013 12:47 AM

    can you format the USB drive and check if you see threat.

     



  • 3.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Aug 09, 2013 12:50 AM
    W32.SillyFDC is a computer worm that spreads by copying itself to removable drives. W32.SillyFDC uses the "AutoRun" feature in your Windows operating system to spread. Although Symantec rates it as a "low risk" worm, you may want to remove it as soon as possible to prevent potential data loss. Note that you will require administrative rights to perform some of the steps involving the removal of this worm
     
    Try this link,

    http://www.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99



  • 4.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Aug 09, 2013 01:31 AM

    Scan the usb in safe mode with networking and clean this virus. This virus is in your thumb drive when you connect normally any usb autoplay work and virus normally be active due to autoplay. So scan it in safemode with networking because autoplay driver not work in it.



  • 5.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Aug 09, 2013 07:38 AM

    Did you disable autorun?

     



  • 6.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Trusted Advisor
    Posted Aug 10, 2013 05:57 AM

    Hello,

    Are you running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

    Check the W32.SillyFDC writeup.

    Here is the Plan of Action:

    1. Run a scan in safe mode with networking to remove the virus. (Make sure SEP is updated with the Latest definitions)
    2. Disable System Restore before you do this as the virus alse creates entries in the System Restore Points store volumes.
    3. Disable Autoplay for ALL DRIVES Via a GPO (If you're on a domain), and
    4. Disable SImple File Sharing if it's enabled to prevent the infection from propogating itself by binding to files.
    5. Secondly, Submit these files to the Symantec Security Response and they will get detected. https://submit.symantec.com/essential

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 7.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Aug 11, 2013 05:42 AM

    Please update the latest status of your issue?



  • 8.  RE: SEP 12.1.2015.2015 can not delete "W32.SillyFDC" virus

    Posted Oct 21, 2013 04:09 PM

    Have you gotten this resolved? Do you need any more help?