Video Screencast Help

Short cut virus

Created: 03 Apr 2013 • Updated: 03 Apr 2013 | 10 comments
vinu283's picture

HI All

In My environment we have 350 systems running with symantec endpoint protection 12.1 and in some system we are facing short cut virus problem I have created a policy autorun.inf still this virus is there so please give sujjestions to over come this problem

 

Thanks in advance

Vinod kumar D

Operating Systems:

Comments 10 CommentsJump to latest comment

W007's picture

hello,

You can create support ticket for this issue.This issue are occured when some of microsoft patch are missing

Look this discussion

https://www-secure.symantec.com/connect/forums/vir...

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

is the machine updated with latest AV definitin and patches?

run symhelp and upload the suspicious file to security response.

vinu283's picture

Hi Pete

All definitions and patches are up to date

Chetan Savade's picture

Hi,

I have seen this issue in the past.

Shortcuts are creating on external drive or on local drive? It's probably trojan infection.

If it's on external drive does it get created automatically even after doing format of external drive?

I hope you are using all three SEP features AV/AS, PTP & NTP.

You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

Best Practices for Troubleshooting Viruses on a Network

http://www.symantec.com/docs/TECH122466

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SameerU's picture

Hi

Submit the suspicious file to Symanec Security response for analysing so they can analyse and resolve the same at th earliest

Regards

Mick2009's picture

Hi vinu283,

This article may help:

Eliminating viruses and security risks
http://www.symantec.com/docs/HOWTO27280 
 

With thanks and best regards,

Mick

Mithun Sanghavi's picture

Hello,

Have you created a Case with Symantec Technical Support?? It is adviced to create a case.

I would advise you to upload this suspicious file to the Symantec Security Response Team on - 

https://submit.symantec.com/essential

OR

http://www.threatexpert.com

Secondly in your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Here's some advice from Security Response on how to make the best use of SEP.  Auto-Protect with traditional AV derfinitions alone is not enough for a complete defence against today's sophisticated threats: using IPS, Insight etc is crucial.  And, of course, educated users following best security practice... that';s the best protection.

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

vinu283's picture

Hi chetan

Short cut virus we are getting on external drives only and even after formatting also we are facing the same problem...

Chetan Savade's picture

Hi,

Even after formatting external drive if shortcuts are getting created it means virus is active on system.

Shortcuts are getting created on pen drive but source file might be present on the system.

Need to find out that source file and submit it to the Symantec for further analysis.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

W007's picture

hello Vinu,

Try this a word of Mr K s Sharma,You can install below patch

Hi Santosh,

also check this

With reference to recent virus/worm issues, Symantec has strongly
recommended us to update the below mentioned patches on priority as this
helps worms/viruses to gain advantage of the vulnerabilities found on
unpatched machines. Also recieved virus defination from symantec for submitted worm.

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.microsoft.com/en-in/download/details.as...

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.microsoft.com/en-in/download/details.as...

https://www-secure.symantec.com/connect/forums/sho...

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.