This issue has been solved.

Shortcut of folders creating by virus/worm

Created: 17 Mar 2013 • Updated: 12 Apr 2013
Login to vote
-2 2 Votes

Hi,

I am facing virus/worm issue. Shortcut of folders creating by virus/worm . I have googles and searched in symantec connect but still no resolution.

Do I need any ADC policy to prevent this. Pleasehelp urgently as it is spreading day by day and our resorces consuming this worm.

Also find the snapshot and sample of shortcut of files.

<<<<CMD.rar file removed - Mithun Sanghavi>>>>

Quick Look Solution

Hi Santosh, also check

Hi Santosh,

also check this

With reference to recent virus/worm issues, Symantec has strongly
recommended us to update the below mentioned patches on priority as this
helps worms/viruses to gain advantage of the vulnerabilities found on
unpatched machines. Also recieved virus defination from symantec for submitted worm.

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution

Filed Under

Comments

pete_4u2002
Symantec Employee
Accredited
Ambesh_444
Partner
Accredited
17
Mar
2013

Hi,   Please disable

Hi,

 

Please disable autorun.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

 

Check the below articles on handling infections.

Best practices for troubleshooting viruses on a network

http://www.symantec.com/business/support/index?page=content&id=TECH122466

Security Best Practice Recommendations
http://service1.symantec.com/support/ent-security.nsf/docid/2009010808340848?Open&seg=ent

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/business/support/index?pag...

Security Response recommendations for Symantec Endpoint Protection settings
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

kishorilal1986
Partner
Accredited
18
Mar
2013

  Hi Santosh, I also facing

 

Hi Santosh,

I also facing same issue of shortcut creation of folders.Please let me know the the name of virus and its ipacts til. What are u doing prevent  spraed of this

Mithun Sanghavi
Symantec Employee
Accredited
18
Mar
2013

Hello, I would advise not to

Hello,

I would advise not to upload any .exe file on the Symantec Threads.

I would advise you to upload this suspicious file to the Symantec Security Response Team on - 

https://submit.symantec.com/essential

OR

http://www.threatexpert.com

Secondly in your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kishorilal1986
Partner
Accredited
24
Mar
2013

Hi Santosh , This issue is

Hi Santosh ,
This issue is resolved and will share the resolution soon.
till refer below thread
https://www-secure.symantec.com/connect/forums/vir...

kishorilal1986
Partner
Accredited
06
Apr
2013
SOLUTION

Hi Santosh, also check

Hi Santosh,

also check this

With reference to recent virus/worm issues, Symantec has strongly
recommended us to update the below mentioned patches on priority as this
helps worms/viruses to gain advantage of the vulnerabilities found on
unpatched machines. Also recieved virus defination from symantec for submitted worm.

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution