Endpoint Protection

 View Only
  • 1.  virus infection

    Posted Jul 07, 2014 12:58 AM

    Virus is infected the storage. File name is totally different and not be clean

    File type - CM0013 File (.cm0013)

    Data folder is in shortcut and when i have check the property it show the traget path is

    "C:\WINDOWS\system32\rundll32.exe ~$WWBY.FAT32,_ldr@16 desktop.ini RET TLS " ""

    How to remove this virus.

    Antivirus is updated and all patches are update.

    Scan the torage device but not be detected.

     



  • 2.  RE: virus infection
    Best Answer

    Posted Jul 07, 2014 01:02 AM

    Submit the infected file to symantec for the analysis.

    https://submit.symantec.com/websubmit/gold.cgi

    --Edit--

    Run the threat analysis scan.

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    Article:TECH215519  |  Created: 2014-03-03  |  Updated: 2014-03-07  |  Article URL http://www.symantec.com/docs/TECH215519


  • 3.  RE: virus infection

    Posted Jul 07, 2014 07:51 AM

    Run the Threat Analysis Scan:

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519

    Also check these additional links:

    Is your system infected? Symantec tools to help clear an infection

    https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

    Symantec Endpoint Protection – Best Practices

    http://www.symantec.com/page.jsp?id=stopping_malware

    Security Response recommendations for Symantec Endpoint Protection 12.1 settings

    http://www.symantec.com/docs/TECH173752



  • 4.  RE: virus infection

    Posted Jul 08, 2014 04:24 AM

    Hi sunnyc_up,

    What kind of storage device are you using- NAS, SAN, etc?

    ~$WWBY.FAT32,_ldr@16 desktop.ini RET TLS " ""

    Is there any file named anything similar?  Open the desktop.ini with notepad and see if there is anything unual in there.

    A few internet searches indicate that this file type may just be corruption / a matter for checkdisk rather than security.  For example: https://ph.answers.yahoo.com/question/index?qid=20140524065004AAfhXtx

    Many thanks in advance for more information!

    Mick

     

     



  • 5.  RE: virus infection

    Posted Jul 11, 2014 04:25 AM

    Symantec is now cleaned this virus.