Virus infection on removable disk- shortcuts of folders are creating
Created: 16 Mar 2013 | Updated: 25 Mar 2013 | 7 comments
This issue has been solved. See solution.
Dear All,
I invite you all for getting the resolution on above mentioned subjects.
I have already submitted all virus/suspected files and in touch with them but still need some advice/suggestion from u all.
Behaviour of virus:
It created shortcuts of folders which are in removable media, It doesnt creats any shortcut in system drive itself.As it hampering our bussiness proces kindly help me on priority and please dont paste just links which could not be helpful. created lnk shortcuts of folders
- [RANDOM CHARACTERS].exe e.g 0xB15317E2.exe
- Review virus exc= %windir%\system32\cmd.exe /c "start %cd%RECYCLER\11afb2c9.exe &&%windir%\explorer.exe %cd%UnManage 32bit
Thanks in advance.
Comments 7 Comments • Jump to latest comment
Use the tools here to clean the infection
https://www-secure.symantec.com/connect/forums/you...
Since you know the directories, create an application control policy to stop files from executing from those locations.
Have you tried a second opinion scanner such as malwarebytes or hitman pro?
SEP Knowledge Base
Endpoint SWAT
hi,
You can create support ticket for this issue.symantec techinal support will help for this issue
Thanks In Advance.
Manish
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Thanks brian for your responce but this is not happened on sigle machine so I cant use malwarebytes. This spreads on multiple machines and I wanted to do something which can do centralized solution for all machines.
Than your best bet is to use an adc policy to lock down those directories.
SEP Knowledge Base
Endpoint SWAT
Hi Brian can u advice in details so that it will more helpful to me as I have alraedy reserched and googled.
I have almost resolved all the issues but still same behaviour getting from diffrent named viruses. can u guide me for preventing through ADC.
Hello,
Could you please PM me your Tracking numbers?
Secondly in your case, it is advisable to follow few important steps:
1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.
2) Make sure the machines are installed with the Latest Symantec virus definitions.
3) Disable the Autorun Feature on the machine.
Preventing a virus from using the AutoRun feature to spread itself
http://www.symantec.com/business/support/index?page=content&id=TECH104447
Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:
Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Thanks all but I have got virus defination and required patch details for this issue from symantec.
Symantec has adviced us to patch all machines with 2 patches one is LNK/PIF vulnerablity patch etc.
Still thanks to all for helping me.
Would you like to reply?
Login or Register to post your comment.