Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Shortcut of folders creating by virus/worm

Created: 17 Mar 2013 • Updated: 12 Apr 2013 | 7 comments
This issue has been solved. See solution.

Hi,

I am facing virus/worm issue. Shortcut of folders creating by virus/worm . I have googles and searched in symantec connect but still no resolution.

Do I need any ADC policy to prevent this. Pleasehelp urgently as it is spreading day by day and our resorces consuming this worm.

Also find the snapshot and sample of shortcut of files.

<<<<CMD.rar file removed - Mithun Sanghavi>>>>

Comments 7 CommentsJump to latest comment

Ambesh_444's picture

Hi,

Please disable autorun.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Check the below articles on handling infections.

Best practices for troubleshooting viruses on a network

http://www.symantec.com/business/support/index?page=content&id=TECH122466

Security Best Practice Recommendations
http://service1.symantec.com/support/ent-security.nsf/docid/2009010808340848?Open&seg=ent

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/business/support/index?pag...

Security Response recommendations for Symantec Endpoint Protection settings
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

kishorilal1986's picture

Hi Santosh,

I also facing same issue of shortcut creation of folders.Please let me know the the name of virus and its ipacts til. What are u doing prevent  spraed of this

Mithun Sanghavi's picture

Hello,

I would advise not to upload any .exe file on the Symantec Threads.

I would advise you to upload this suspicious file to the Symantec Security Response Team on - 

https://submit.symantec.com/essential

OR

http://www.threatexpert.com

Secondly in your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kishorilal1986's picture

Hi Santosh ,
This issue is resolved and will share the resolution soon.
till refer below thread
https://www-secure.symantec.com/connect/forums/vir...

kishorilal1986's picture

Hi Santosh,

also check this

With reference to recent virus/worm issues, Symantec has strongly
recommended us to update the below mentioned patches on priority as this
helps worms/viruses to gain advantage of the vulnerabilities found on
unpatched machines. Also recieved virus defination from symantec for submitted worm.

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution

SOLUTION