Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

System Progressive Protection malware

  • 1.  System Progressive Protection malware

    Posted Dec 12, 2012 04:11 AM

    Hi,

    I have a small problem and i need so information about it. Namelly, it is about the System Progressive Protection malware that is found in the wild. I want to know if symantec have a signature about it at if it is implemented in some SEP definitions. In our company in the last week w had 3 different cases of this malware found on systems protected with SEP 11.0.6 and I want to know if the the signature exists and in what release of the SEP this malware can be detected. It is clear that in 11.0.6 the malware is not detected and infects the clients. We have manually cleaned the systems but I want the malware to be stoped as soon as the client tries to download it and not to waste our time in cleaning it afterwards

    Upgrade of the clients, as a solution, is acceptable.

     

    thanks for any replays



  • 2.  RE: System Progressive Protection malware

    Posted Dec 12, 2012 04:18 AM

    If any suspicious files symantec antivirus not detect you can submit file in symantec

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

     

    Check this thread

    https://www-secure.symantec.com/connect/forums/whats-process-submit



  • 3.  RE: System Progressive Protection malware

    Broadcom Employee
    Posted Dec 12, 2012 04:23 AM

    the latest signatures should be used on the client machines. If you feel any suspicious files submit it to security response.

    http://www.youtube.com/watch?v=SGfW2gAODWU



  • 4.  RE: System Progressive Protection malware

    Posted Dec 12, 2012 09:27 AM

    I've collected the file and uploaded to symantec for analsys.

    Also have blocked the web sites that were infecting our clients and informed them about the malware. Hope to get defentions that will block this file soon, because the number of infected clients started growing



  • 5.  RE: System Progressive Protection malware

    Posted Dec 12, 2012 01:34 PM

    We have just been through a cleanup of System Progressive Protection on a machine in our company.  The machine is running SEP 12.1 RU1 MP1 with the latest virus definition files.



  • 6.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 03:14 AM

    It could be a new variant, if it's not detected by Rapid Release then you'll need to submit the sample to Symantec...

     

    Also you'll need to do a lil bit of forensic to identify real source of this threat.

    Is it coming from USB?

    Is it from certain websites browsed by user? etc

     

     

     

     

     



  • 7.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 03:16 AM

    symantec replyed me with the following message:

    Determination: Not a threat (Symantec does not consider this file to be a threat, no detection is necessary for this file.)

    I'm guaranteeing that this is a threat and I'm not agreeing with this findings. Does someone knows how to send them a notification saying that i dont agree or I should just open them a case and have them work hadr to earn my money?



  • 8.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 03:19 AM

    @cus000, as I said before I've found the file that causes this, It is automaitcally donwloaded from two websites (I have blocked both of them on my web proxy) but I dont know how fast is this spreading and if some other sites are infected. This is why I want a signature and definition created for it



  • 9.  RE: System Progressive Protection malware

    Broadcom Employee
    Posted Dec 13, 2012 03:23 AM

    open a support ticket and work with Tech support so that they might have a second look.



  • 10.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 03:45 AM

    I apologize, i thought the post was from @Appel

     

    If you don't mind, can you upload the sample to threatexpert.com and virustotal.com and then share the result with us?

     

    Sometimes it could be threat remnants.... so it won't be detected...

    the real source files might have been deleted or gone somehow....

     

    well virustotal and threatexpert could give some hints ;)



  • 11.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 03:48 AM

    HI,

    Kindly contact Support and have a case created to get further help.

     

    How to create a new case in MySupport

    http://www.symantec.com/business/support/index?page=content&id=TECH58873

    Phone numbers to contact Tech Support:-

     

    Regional Support Telephone Numbers:
    United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    United Kingdom: +44 (0) 870 606 6000

    India: Toll-Free 000 800 4401 456 directly

    IDD call: +61 2 8220 7111

     

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

     

    Customer Care Contact Numbers for Licensing Issues:-

    http://www.symantec.com/support/assistance_care.jsp



  • 12.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 04:30 AM

    here are the results from virustotal:

    Here even symantec says that it is a threat

     

    Antivirus Result Update
    Agnitum - 20121212
    AhnLab-V3 - 20121212
    AntiVir TR/Kryptik.UA 20121213
    Antiy-AVL - 20121212
    Avast Win32:Dropper-gen [Drp] 20121213
    AVG FakeAV_s.UF 20121212
    BitDefender - 20121213
    ByteHero - 20121212
    CAT-QuickHeal - 20121213
    ClamAV - 20121213
    Commtouch - 20121213
    Comodo UnclassifiedMalware 20121213
    DrWeb Trojan.Fakealert.34707 20121213
    Emsisoft - 20121213
    eSafe - 20121212
    ESET-NOD32 a variant of Win32/Kryptik.APVK 20121213
    F-Prot - 20121213
    F-Secure - 20121213
    Fortinet - 20121213
    GData Win32:Dropper-gen 20121213
    Ikarus - 20121213
    Jiangmin - 20121213
    K7AntiVirus - 20121212
    Kaspersky Trojan.Win32.FakeAV.ozdb 20121213
    Kingsoft - 20121210
    Malwarebytes - 20121213
    McAfee FakeAlert-SecurityTool.ga 20121213
    McAfee-GW-Edition - 20121213
    Microsoft Rogue:Win32/Winwebsec 20121213
    MicroWorld-eScan - 20121213
    NANO-Antivirus - 20121213
    Norman W32/Kryptik.DAX 20121212
    nProtect - 20121213
    Panda - 20121212
    PCTools - 20121213
    Rising - 20121213
    Sophos Mal/FakeAV-KL 20121213
    SUPERAntiSpyware - 20121213
    Symantec Trojan.FakeAV 20121213
    TheHacker - 20121211
    TotalDefense - 20121212
    TrendMicro PAK_Generic.012 20121213
    TrendMicro-HouseCall PAK_Generic.012 20121213
    VBA32 - 20121213
    VIPRE Trojan.Win32.Generic!BT 20121213
    ViRobot Trojan.Win32.A.FakeAV.652288.BQ 20121213

     



  • 13.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 04:37 AM

    Ok, forward this result and ask to recheck.

     

    They have missed something....



  • 14.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 04:41 AM

    Before i forget... do open a case with Support....(via my.symantec.com portal or phone)

     

    the threat submission tracking number itself cant be consider as a case..

    (yeah ...no offfense but i found it's a joke.....u'll need to open support case to follow up on the tracking number)



  • 15.  RE: System Progressive Protection malware

    Posted Dec 13, 2012 04:47 AM

    case was opend.

    so we will see what it is going to happend