Endpoint Protection

I have this virus. SEP call it Backdoor.Trojan, but it's like VBS.Runauto.F.
http://www.symantec.com/security_response/writeup....
The solution for VBS.Runauto.F doesn't work:
SEP doesn't find winfile.jpg on C: and doesn't delete it and the register keys also.
Has anybody else the same problem?
I find a solution, but I must use "Spybot - Search & Distroy" and "Malwarebytes' Anti-Malware" to delete it.
I can't stop the epidemic, if SEP doesn't find it.

 Submit the files to symantec security response that are detected by other AV but not from symantec so that symantec will come up with its own defs and will automatically remove it from your computer and hundred others as well.
submit to https://submit.symantec.com/basic

To add to this. You will also want to download the latest rapid release definitions after  you submit the virus sample. These provide you with the most up to date virus definitions.

Cheers
Grant

Thank you for the answers, but the virus hides its file on C:.
So I can't send it/ upload it/ copy it.
I can see it only with "dir /w" command, but I can't delete it. (The command "attrib –r – s –h" doesn't work.)
I found the files winfile.jpg on a USB support and I sent it to symantec security response and they said me to delete it from the USB.

Try this comand on the c drive attrib -a -h -s -r *.* /S /D
this is let you see the file.. If you want to delete them & if it is not letting you delete the try using unlocker tool for the same. 

Risk Level 1: Very Low for this virus but it a worm it will hope from one machine to another with the help of autorun.. This even launches it self on the same machine by the help of autorun.. The first thing you should do is diabale autorun.

Follow the below mention step to stop auto run..

1} Go to strat run type gpedit.msc
2} 2} go to administrative templets
3} then system.
4} On the right hand side enable auto play.

If you are facing this problem with the entire network the do this via GPO..

Access denied

Thank you!
I did it, but the infection is already over hundreds of pcs :-(
How can I clean they?

Hi all,

in case of an access denied on a file and you can't see the file from normal Windows Explorer,  you should be able to change file permissions from a command-prompt (CMD.EXE).

As example, the command:

C:\>cacls autorun.inf /E /G administrators:F

will add the "Administrators" group to the file "autorun.inf" with full rights.

More info on "CACLS" in Microsoft KBs:

http://support.microsoft.com/?scid=kb%3Ben-us%3B162786&x=13&y=14
http://support.microsoft.com/?scid=kb%3Ben-us%3B135268&x=12&y=12

Having the administrator group with full-rights will let the "attrib" command to work correctly on the file.

Great!
It works well and I can send that file to the security response.
Tks!