Video Screencast Help

Virus infection on removable disk- shortcuts of folders are creating

Created: 16 Mar 2013 • Updated: 25 Mar 2013 | 7 comments
kishorilal1986's picture
This issue has been solved. See solution.

Dear All,

I invite you all for getting the resolution on above mentioned subjects.

I have already submitted all virus/suspected files and in touch with them but still need some advice/suggestion from u all.

Behaviour of virus:

It created shortcuts of folders which are in removable media, It doesnt creats any shortcut in system drive itself.As it hampering our bussiness proces kindly help me on priority and please dont paste just links which could not be helpful. created lnk shortcuts of folders

  • [RANDOM CHARACTERS].exe      e.g  0xB15317E2.exe
  • Review virus exc=  %windir%\system32\cmd.exe /c "start %cd%RECYCLER\11afb2c9.exe &&%windir%\explorer.exe %cd%UnManage 32bit

Thanks in advance.

Comments 7 CommentsJump to latest comment

.Brian's picture

Use the tools here to clean the infection

https://www-secure.symantec.com/connect/forums/you...

Since you know the directories, create an application control policy to stop files from executing from those locations.

Have you tried a second opinion scanner such as malwarebytes or hitman pro?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

hi,

You can create support ticket for this issue.symantec techinal support will help for this issue

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kishorilal1986's picture

Thanks brian for your responce but this is not happened on sigle machine so I cant use malwarebytes. This spreads on multiple machines and I wanted to do something which can do centralized solution for all machines.

.Brian's picture

Than your best bet is to use an adc policy to lock down those directories.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

kishorilal1986's picture

Hi Brian can u advice in details so that it will more helpful to me as I have alraedy reserched and googled.

I have almost resolved all the issues but still same behaviour getting from diffrent named viruses.  can u guide me for preventing through ADC.

Mithun Sanghavi's picture

Hello,

Could you please PM me your Tracking numbers?

Secondly in your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kishorilal1986's picture

Thanks all but I have got virus defination and required patch details for this issue from symantec.
Symantec has adviced us to patch all machines with 2 patches one is LNK/PIF vulnerablity patch etc.

Still thanks to all for helping me.

SOLUTION