Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

unable to full run full scan

Created: 17 Sep 2009 • Updated: 03 Aug 2010 | 15 comments

Comments 15 CommentsJump to latest comment

bhanu_engineer's picture

hi,

i am unable to run full scan on unmanage client.whenever i run it, it is scan like a active scan.

pls help

bhanu_engineer's picture

I found "qazwsx/zaqxsw.exe" in my c drive.and i am facing a problem whenever I connect pen drive, automaticly a autorun.inf file i found in pen drive.i tried to delete it, but it is in process unable to delete.after formating pen drive, again i found the same file whenever i connect pen drive.

Vikram Kumar-SAV to SEP's picture

Looks like there is a threat on your computer.
Download NSS and run full scan in safe mode.

Disable autoplay aswell

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way

and also check
https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer

Submit all the suspected files to https:..submit.symantec.com/gold

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Rafeeq's picture

What happens when you try to do the full scan?

bhanu_engineer's picture

iot is acan like a active scan only for less then 1 minute

Rafeeq's picture

connect the pen drive
open the cmd prompt
navigate to pen drive ,say F:\>

type attrib -h -s -r

del autorun.inf

try to run the scan now

bhanu_engineer's picture

and the coding i found in inf file.....................

 

[[[[[[[[[autorun[][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]
[autorun

:jmp3
;wÝ#??m?{??L??íõÀµ????
open=qazwsx\zaqxsw.exe
;捄?sxaA
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files using Windows Explorer
:je0

shell\\\\open\\\\\\command=qazwsx/zaqxsw.exe

:cmp

shell\\\explore\\\\\command=qazwsx/zaqxsw.exe
;ÃxöJ?â?g??(nçÒ#
useautoplay=1
;?üC}?ëÄ??{?Z
[AutoRun]
:GOTO NUL
 

bhanu_engineer's picture

unable to delete the autorun.inf file.   it is being used

bhanu_engineer's picture

thanks rafeeq,

but still when i reconnect pen drive system rebuild the same autorun.inf file

Int3rn3t's picture

have you disabled autoplay following the above article.You can download and run Malwarebytes it will surely clean all the virus from your computer

Rafeeq's picture

Check the autorun file on all your hard drives, delete those too.

try donig a full scan with latest virus defs.

seem like its coming from your system to pen drive.

Rajesh Kumar-SEP's picture

Hi,

If this computer is connected to LAN, then try to map the drive from the another computer and run full scan.

Peterpan's picture

if the said virus not even detected by Symantec antivirus, it is highly recommended to submit this file to Symantec Security response team to analyze the file

:-)

dennis_jaat's picture

if pen drive is affected by autorun.inf trojan,It is als associated with hidden files

qazwsx\zaqxsw.exe
qazwsx\Desktop.ini

size of zaqxsw.exe file is 211,968

use safe mode command prompt to delete it

del /a *

sometimes zaqxsw.exe affect your PC and sit under in C:\RECYCLER\S-1-5-21-8751926100-3516730847-449045751-7323
directory as  czzi.exe

search the file czzi.exe in c: 
    dir /s czzi.exe

and delete it
    del /a czzi.exe 
 

 make a autorun.inf directory in your pen drive root, set its attribute as  hidden and system
 
attrib +r +h +s  autorun.inf

ISSUE RESOLVED !

- Dennis Jaat