Video Screencast Help
Search Video Help Close Back
to help

Undetected Virus

Created: 30 Dec 2011 | 6 comments
VT-CM's picture
VT-CM
0 0 Votes
Login to vote

My computer began responding differently and programs began to disappear. I am running Symantec Endpoint with real time protection. It did not recognize the threat. I am now having to use a boot disk, which I created from Windows Defender Offline. I ran Windows Defender Offline, and it found DOS/Alureon.E, FakeSysdef, and Alureon.FE.

I removed the infected drive and placed it in a portable enclosure. I connected this drive to another computer with current Symantec definitions. Again, Endpoint did not locate the threat, but MS Essentials located the threat; however, MS Essentials was unable to remove DOS/Alureon.E.

Why was Symantec Endpoint unable to protect against these viruses? Thoughts?

It will be helpful to understand how to prevent this situation in the future.

Thanks.

Discussion Filed Under:
, , ,

Comments 6 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Undetected Virus - Comment:31 Dec 2011 : Link

Was the SEP updated with the latest definition, were the components of SEP active while scanning?

the files are not cleaned by defender, can you submit those files to Symantec Securtiy response team using you support entitlement.

https://submit.symantec.com/websubmit/bcs.cgi

https://submit.symantec.com/websubmit/essential.cgi

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

+2
Login to vote
  • Actions
Sumit G's picture
Sumit G
Undetected Virus - Comment:31 Dec 2011 : Link

Hi,

 

   Kindly read the below link. It will help to sort out the virus issue.

 

https://www-secure.symantec.com/connect/forums/virus-issue-2

Regards

Sumit G.

0
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Undetected Virus - Comment:02 Jan 2012 : Link

Hello,

Incase if there are certain Threat Files / Suspicious Files are not being detected by Symantec, it is advisable to follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also check this:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

 
Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

+2
Login to vote
  • Actions
Mohankumar's picture
Mohankumar Partner Accredited
Undetected Virus - Comment:03 Jan 2012 : Link

Hello,

Go to 'C' drive the document settings and application data and check any new folder with different name if you find that compressed to zip folder and submit to symantec  as showen below link

https://submit.symantec.com/websubmit/bcs.cgi

 

0
Login to vote
  • Actions
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP Symantec Employee Accredited
Undetected Virus - Comment:03 Jan 2012 : Link

If 1 threat doesn't detected it does not mean SEP doesn't detect the bootkit threats.

It might be possible SEP did miss this one..as suggested above Submit the file and symantec will release a defs for it.

To check a file if its getting detected by other threats or not you can use

threatexpert.com or virustotal.com where it will show you how many different antiviruses are detecting it.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
  • Actions
Sumit G's picture
Sumit G
Undetected Virus - Comment:04 Jan 2012 : Link

Hi- Your issue is still pending ya resolve??

Regards

Sumit G.

0
Login to vote
  • Actions