Endpoint Protection

 View Only

  • 1.  symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 05, 2011 02:54 AM

    please help how to detect and remove this sort of virus.



  • 2.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 12, 2011 07:35 AM

    Hello Ajay,

    could you please submit those files to security response

    https://submit.symantec.com/websubmit/gold.cgi

    I'm sure these will be taken care in next releases, 



  • 3.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Broadcom Employee
    Posted Oct 12, 2011 07:51 AM

    did the detetction from another AV?

    if yes, check out this link

    What to do when a competitor's antivirus, adware scanner, or spyware scanner detects a threat that Symantec AntiVirus does not detect
    http://www.symantec.com/business/support/index?page=content&id=TECH99494



  • 4.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 12, 2011 02:36 PM

    As mentionned in above posts,you should submit any potentially infected file which is undetected to security response.

    You could also upload the file to virus total or threat expert,it COULD potentially be a false positive.

    Symantec will issue updated virus signatures only if you submit these.

    Remember a 100% detection rate for all existing malware is not feasible.What is more important is to detect and remediate 100 % of in the wild malware,a smaller set of malware which is most likely to be encountered by end users.

    Safe computing practises and user education is crucial to limit exposure to malware.

    Keep windows,your browsers and its plugins and other third party software up to date.this should suffice together with an up to date SEP 12.1

    http://www.virustotal.com/

    http://www.threatexpert.com/



  • 5.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 14, 2011 12:13 AM

    You'll need some assitance if you don't have the sample...

    if you do just submit it to Symantec as per standard portal... (Gold or Platinum...)

     

    else raise the case for full support



  • 6.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 16, 2011 06:44 AM

    Hello,kindly note that DR/VBKrypt.agdj is currently detected by Symantec as W32.Rontokbro@mm

    http://www.symantec.com/security_response/writeup.jsp?docid=2005-092311-2608-99

    You can review this scan on virus total

    http://www.virustotal.com/file-scan/report.html?id=40e565de924dd7ae3a10555e308d049c60e389b7a512f8d4fa3fcd005f357f8c-1293293763

    As you can read on the Symantec article,Symantec provides protection against this threat since September 23, 2005



  • 7.  RE: symantec antivirus unable to detect WORM/Esfury.BA,,DR/VBKrypt.agdj,,

    Posted Oct 16, 2011 06:53 AM

    WORM/Esfury.BA is a one of the numerous variants of the W32.Silly family of worms.

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-011714-4843-99&tabid=2

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-011714-4843-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-011714-4600-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-082016-3750-99

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FEsfury.A&ThreatID=-2147333266

    If your SEP is up to date,you should have adequate protection against these threats