Video Screencast Help

Trojan.Shylock!gen7

Created: 27 Aug 2012 | 6 comments

we are infected by this virus. can someone who knows and give me a removal tool?.

Comments 6 CommentsJump to latest comment

Ashish-Sharma's picture

Hello,

Symantec's Latest variant of Detection from Trojan.Shylock is Trojan.Shylock!gen7

I would request you to submit the files on:

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is owned by Symantec.

New Trojan.Shylock wave
https://www-secure.symantec.com/connect/blogs/new-trojanshylock-wave

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

 

Hello,

Symantec's Latest variant of Detection from Trojan.Shylock is Trojan.Shylock!gen7

A trojan horse that intercepts traffic and tries to add malicious code to it.

Most commonly, the threat is experienced as detection on a file called thumbs.db[x], where X can be a letter or a number.a trojan horse that intercepts traffic and tries to add malicious code to it.

Make sure you have all the machines updated with Latest Microsoft Security Patches and Service Packs and Symantec's Latest Virus Definitions.

Reference Thread: https://www-secure.symantec.com/connect/forums/thumbsdb2-virus

I would request you to submit these Threat files to the Symantec Security Response Team on -

https://submit.symantec.com/websubmit/essential.cgi

OR

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

 

Followers of this thread will be interested in this new Symantec Blog:

New Trojan.Shylock wave

http://bit.ly/O8bJ98

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Krolly's picture

We got hit with this Trojan on Monday the 20th before it was included in the dat files.  We have noticed that it only affects network shares or devices attached to the PC.  Basically, any drive except C:\.  The link files created are not detected in a scan, but will infect the system if someone clicks on them.  To see if you have the lnk files, type dir *.*.lnk /s/p and look for recently created files (mostly at the same time).  We ended up manually deleting the link files through the command prompt (del *.*.lnk /s).  You will also want to unhide the real files (attrib –h /s).  Removing the network shares, external drives, usb drives, etc. will also help you control the situation.  We used Norton Power Eraser before the dat files were updated.  It seems however now that we had some infection in exe and dll files.  We decided to reformat and install from a clean backup.  By looking at the owner of one of these files, it appears to show the user that started the infection.

Mick2009's picture

Followers of this thread will be interested in this new blog:

The Shylock “LNK” Awakening
https://www-secure.symantec.com/connect/blogs/shylock-lnk-awakening

With thanks and best regards,

Mick

.Brian's picture

Thumbs up. Very informative article. Thanks.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Fabiano.Pessoa's picture

Hi,

If you are unable to take any action that you do the following

 

1. Press CTRL+ALT+DELETE to open the Windows Task Manager. Then stop all the Trojan.Shylock.B processes.
2. Click on the Processes tab, search for Trojan.Shylock.B process, then right-click it and select End Process key.
3. Click Start button and select Run. Type regedit into the box and click OK to proceed.
4. Once the Registry Editor is open, search for the registry key “HKEY_LOCAL_MACHINE\Software\Trojan.Shylock.B.” Right-click this registry key and select Delete.
5. Search for file like %PROGRAM_FILES%\Trojan.Shylock.B. and delete it manually.
6. Search for file like c:\Documents and Settings\All Users\Start Menu\Trojan.Shylock.B\ and delete it manually
7. Search for file like c:\Documents and Settings\All Users\Trojan.Shylock.B\ and delete it manually

However, please note that manual removal of Trojan.Shylock.B is a time-taking process. Moreover, it does not always ensure full removal of Trojan.Shylock.B infection due to the fact that

certain files might be hidden or even may be restored automatically after you restart your computer. In addition, such a manual interference might damage the Computer.

 

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert