Endpoint Protection

we are infected by this virus. can someone who knows and give me a removal tool?.

Hello,

Symantec's Latest variant of Detection from Trojan.Shylock is Trojan.Shylock!gen7

I would request you to submit the files on:

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is owned by Symantec.

New Trojan.Shylock wave
https://www-secure.symantec.com/connect/blogs/new-trojanshylock-wave

Hello,

Symantec's Latest variant of Detection from Trojan.Shylock is Trojan.Shylock!gen7

A trojan horse that intercepts traffic and tries to add malicious code to it.

Most commonly, the threat is experienced as detection on a file called thumbs.db[x], where X can be a letter or a number.a trojan horse that intercepts traffic and tries to add malicious code to it.

Make sure you have all the machines updated with Latest Microsoft Security Patches and Service Packs and Symantec's Latest Virus Definitions.

Reference Thread: https://www-secure.symantec.com/connect/forums/thumbsdb2-virus

I would request you to submit these Threat files to the Symantec Security Response Team on -

https://submit.symantec.com/websubmit/essential.cgi

OR

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Followers of this thread will be interested in this new Symantec Blog:

New Trojan.Shylock wave

http://bit.ly/O8bJ98

Hope that helps!!

We got hit with this Trojan on Monday the 20^th before it was included in the dat files.  We have noticed that it only affects network shares or devices attached to the PC.  Basically, any drive except C:\.  The link files created are not detected in a scan, but will infect the system if someone clicks on them.  To see if you have the lnk files, type dir *.*.lnk /s/p and look for recently created files (mostly at the same time).  We ended up manually deleting the link files through the command prompt (del *.*.lnk /s).  You will also want to unhide the real files (attrib –h /s).  Removing the network shares, external drives, usb drives, etc. will also help you control the situation.  We used Norton Power Eraser before the dat files were updated.  It seems however now that we had some infection in exe and dll files.  We decided to reformat and install from a clean backup.  By looking at the owner of one of these files, it appears to show the user that started the infection.

Followers of this thread will be interested in this new blog:

The Shylock “LNK” Awakening
https://www-secure.symantec.com/connect/blogs/shylock-lnk-awakening

Thumbs up. Very informative article. Thanks.

Hi,

If you are unable to take any action that you do the following

1. Press CTRL+ALT+DELETE to open the Windows Task Manager. Then stop all the Trojan.Shylock.B processes.
2. Click on the Processes tab, search for Trojan.Shylock.B process, then right-click it and select End Process key.
3. Click Start button and select Run. Type regedit into the box and click OK to proceed.
4. Once the Registry Editor is open, search for the registry key “HKEY_LOCAL_MACHINE\Software\Trojan.Shylock.B.” Right-click this registry key and select Delete.
5. Search for file like %PROGRAM_FILES%\Trojan.Shylock.B. and delete it manually.
6. Search for file like c:\Documents and Settings\All Users\Start Menu\Trojan.Shylock.B\ and delete it manually
7. Search for file like c:\Documents and Settings\All Users\Trojan.Shylock.B\ and delete it manually

However, please note that manual removal of Trojan.Shylock.B is a time-taking process. Moreover, it does not always ensure full removal of Trojan.Shylock.B infection due to the fact that

certain files might be hidden or even may be restored automatically after you restart your computer. In addition, such a manual interference might damage the Computer.

hugs