Endpoint Protection

hi,



i am unable to run full scan on unmanage client.whenever i run it, it is scan like a active scan.

pls help

I found "qazwsx/zaqxsw.exe" in my c drive.and i am facing a problem whenever I connect pen drive, automaticly a autorun.inf file i found in pen drive.i tried to delete it, but it is in process unable to delete.after formating pen drive, again i found the same file whenever i connect pen drive.

Looks like there is a threat on your computer.
Download NSS and run full scan in safe mode.

Disable autoplay aswell

https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way

and also check
https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer

Submit all the suspected files to https:..submit.symantec.com/gold

What happens when you try to do the full scan?

connect the pen drive
open the cmd prompt
navigate to pen drive ,say F:\>

type attrib -h -s -r

del autorun.inf

try to run the scan now

iot is acan like a active scan only for less then 1 minute

unable to delete the autorun.inf file.   it is being used

and the coding i found in inf file.....................



 

[[[[[[[[[autorun[][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]
[autorun

:jmp3
;wÝ#??m?{??L??íõÀµ????
open=qazwsx\zaqxsw.exe
;捄?sxaA
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files using Windows Explorer
:je0

shell\\\\open\\\\\\command=qazwsx/zaqxsw.exe

:cmp

shell\\\explore\\\\\command=qazwsx/zaqxsw.exe
;ÃxöJ?â?g??(nçÒ#
useautoplay=1
;?üC}?ëÄ??{?Z
[AutoRun]
:GOTO NUL
 

Follow this forum discussion and remove autorun.inf


https://www-secure.symantec.com/connect/forums/how-remove-autoruninf-file

thanks rafeeq,


but still when i reconnect pen drive system rebuild the same autorun.inf file

have you disabled autoplay following the above article.You can download and run Malwarebytes it will surely clean all the virus from your computer

Check the autorun file on all your hard drives, delete those too.

try donig a full scan with latest virus defs.

seem like its coming from your system to pen drive.

Hi,

If this computer is connected to LAN, then try to map the drive from the another computer and run full scan.

if the said virus not even detected by Symantec antivirus, it is highly recommended to submit this file to Symantec Security response team to analyze the file

if pen drive is affected by autorun.inf trojan,It is als associated with hidden files

qazwsx\zaqxsw.exe
qazwsx\Desktop.ini

size of zaqxsw.exe file is 211,968

use safe mode command prompt to delete it

del /a *

sometimes zaqxsw.exe affect your PC and sit under in C:\RECYCLER\S-1-5-21-8751926100-3516730847-449045751-7323
directory as  czzi.exe

search the file czzi.exe in c: 
    dir /s czzi.exe

and delete it
    del /a czzi.exe 
 

 make a autorun.inf directory in your pen drive root, set its attribute as  hidden and system
 
attrib +r +h +s  autorun.inf

ISSUE RESOLVED !

- Dennis Jaat