Video Screencast Help

Undetected Virus

Created: 30 Dec 2011 | 6 comments

My computer began responding differently and programs began to disappear. I am running Symantec Endpoint with real time protection. It did not recognize the threat. I am now having to use a boot disk, which I created from Windows Defender Offline. I ran Windows Defender Offline, and it found DOS/Alureon.E, FakeSysdef, and Alureon.FE.

I removed the infected drive and placed it in a portable enclosure. I connected this drive to another computer with current Symantec definitions. Again, Endpoint did not locate the threat, but MS Essentials located the threat; however, MS Essentials was unable to remove DOS/Alureon.E.

Why was Symantec Endpoint unable to protect against these viruses? Thoughts?

It will be helpful to understand how to prevent this situation in the future.

Thanks.

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

Was the SEP updated with the latest definition, were the components of SEP active while scanning?

the files are not cleaned by defender, can you submit those files to Symantec Securtiy response team using you support entitlement.

https://submit.symantec.com/websubmit/bcs.cgi

https://submit.symantec.com/websubmit/essential.cgi

Sumit G's picture

Hi,

 

   Kindly read the below link. It will help to sort out the virus issue.

 

https://www-secure.symantec.com/connect/forums/virus-issue-2

Regards

Sumit G.

Mithun Sanghavi's picture

Hello,

Incase if there are certain Threat Files / Suspicious Files are not being detected by Symantec, it is advisable to follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also check this:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mohankumar's picture

Hello,

Go to 'C' drive the document settings and application data and check any new folder with different name if you find that compressed to zip folder and submit to symantec  as showen below link

https://submit.symantec.com/websubmit/bcs.cgi

 

Vikram Kumar-SAV to SEP's picture

If 1 threat doesn't detected it does not mean SEP doesn't detect the bootkit threats.

It might be possible SEP did miss this one..as suggested above Submit the file and symantec will release a defs for it.

To check a file if its getting detected by other threats or not you can use

threatexpert.com or virustotal.com where it will show you how many different antiviruses are detecting it.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Sumit G's picture

Hi- Your issue is still pending ya resolve??

Regards

Sumit G.