Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP unable to detect virus - in AVG, it is detected as js/agent

Created: 24 Oct 2013 | 6 comments
mhine_'s picture

Hi,

I would like to check with y'all if you encounter these symptoms:

- submitted the suspected virus file to Symantec Response but they unable to confirm.
- unable to launch control panel, system settings, etc. Gettings Windows Explorer error
- the computer hangs
- unable to access internet at times
- some of the apps unable to run
- unable to run Symhelp tool load point analysis and power eraser (the program hangs). Tried running on Safe Mode still the same

- tried installing AVG and it detected as js/agent

Operating Systems:

Comments 6 CommentsJump to latest comment

mhine_'s picture

Hi Rafeeq,

- tried to install the .inf mentioned on the link but still the same problem

- im unable to run the power eraser as it just hangs

.Brian's picture

Submit the sample to Symantec:

http://www.symantec.com/security_response/submitsa...

How to run Symantec Power Eraser with the SymHelp utility

Article:TECH203683  |  Created: 2013-03-08  |  Updated: 2013-09-20  |  Article URL http://www.symantec.com/docs/TECH203683

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

In case you have submitted to the Symantec Security Response Team, PM me the Tracking number.

In your case, I would suggest you to run the SERT.

Symantec Endpoint Recovery Tool (SERT)

https://www-secure.symantec.com/connect/articles/symantec-endpoint-recovery-tool-sert

Regards,

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

mhine_'s picture

Hi Mithun,

The risk was not detected by SEP and all related Symantec tools (Symhelp loadpoint analysis and power eraser, recovery tool). We have taken out the .js files detected by AVG and submitted to Symantec Response. They replied that the files submitted are indeed threats (JS.Proslikefan). Tracking #3345839 and 3348134.

=======cut==========

Technical details

Security Response is updating the generic detection for JS.Proslikefan

Change reason: Updated generic definition on the polymorphic worm

MD5: 6f773d452777a9c0fbb992fb88287820

External Public Write-up for JS.Proslikefan

http://www.symantec.com/security_response/writeup.jsp?docid=2012-091310-3211-99

=======cut==========

And they have created a rapid release this afternoon to address this. So far, SEP is able to detect and delete them.

After the restart, all the symptoms reported gone. 

Mithun Sanghavi's picture

Hello,

Thank you for updating the Thread.

Let us know if there is anything we could do for you.

Regards,

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.