Most commonly, the threat is experienced as detection on a file called thumbs.db[x], where X can be a letter or a number.a trojan horse that intercepts traffic and tries to add malicious code to it.

Make sure you have all the machines updated with Latest Microsoft Security Patches and Service Packs and Symantec's Latest Virus Definitions.

Reference Thread: https://www-secure.symantec.com/connect/forums/thumbsdb2-virus

I would request you to submit these Threat files to the Symantec Security Response Team on -

https://submit.symantec.com/websubmit/essential.cgi

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Followers of this thread will be interested in this new Symantec Blog:

New Trojan.Shylock wave

http://bit.ly/O8bJ98

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

Krolly

Trojan.Shylock!gen7 - Comment:27 Aug 2012 : Link

We got hit with this Trojan on Monday the 20th before it was included in the dat files. We have noticed that it only affects network shares or devices attached to the PC. Basically, any drive except C:\. The link files created are not detected in a scan, but will infect the system if someone clicks on them. To see if you have the lnk files, type dir *.*.lnk /s/p and look for recently created files (mostly at the same time). We ended up manually deleting the link files through the command prompt (del *.*.lnk /s). You will also want to unhide the real files (attrib –h /s). Removing the network shares, external drives, usb drives, etc. will also help you control the situation. We used Norton Power Eraser before the dat files were updated. It seems however now that we had some infection in exe and dll files. We decided to reformat and install from a clean backup. By looking at the owner of one of these files, it appears to show the user that started the infection.

Mick2009 Symantec Employee

Trojan.Shylock!gen7 - Comment:30 Aug 2012 : Link

Followers of this thread will be interested in this new blog:

The Shylock “LNK” Awakening
https://www-secure.symantec.com/connect/blogs/shylock-lnk-awakening

With thanks and best regards,

Mick

Brian81 Trusted Advisor

Trojan.Shylock!gen7 - Comment:30 Aug 2012 : Link

Thumbs up. Very informative article. Thanks.

SEP Knowledge Base

Endpoint SWAT

Fabiano.Pessoa Partner Accredited

Trojan.Shylock!gen7 - Comment:30 Aug 2012 : Link

Hi,

If you are unable to take any action that you do the following

1. Press CTRL+ALT+DELETE to open the Windows Task Manager. Then stop all the Trojan.Shylock.B processes.
2. Click on the Processes tab, search for Trojan.Shylock.B process, then right-click it and select End Process key.
3. Click Start button and select Run. Type regedit into the box and click OK to proceed.
4. Once the Registry Editor is open, search for the registry key “HKEY_LOCAL_MACHINE\Software\Trojan.Shylock.B.” Right-click this registry key and select Delete.
5. Search for file like %PROGRAM_FILES%\Trojan.Shylock.B. and delete it manually.
6. Search for file like c:\Documents and Settings\All Users\Start Menu\Trojan.Shylock.B\ and delete it manually
7. Search for file like c:\Documents and Settings\All Users\Trojan.Shylock.B\ and delete it manually

However, please note that manual removal of Trojan.Shylock.B is a time-taking process. Moreover, it does not always ensure full removal of Trojan.Shylock.B infection due to the fact that

certain files might be hidden or even may be restored automatically after you restart your computer. In addition, such a manual interference might damage the Computer.

hugs

Trojan.Shylock!gen7

Comments 6 Comments • Jump to latest comment

Fabiano Pessoa

Systems Analyst - Forensic Expert

Links

Trojan.Shylock!gen7

Comments 6 Comments • Jump to latest comment

Fabiano Pessoa

Systems Analyst - Forensic Expert

Would you like to reply?

Links