Video Screencast Help
Search Video Help Close Back
to help

Virus information

Created: 27 Nov 2012 | Updated: 29 Nov 2012 | 6 comments
Anil kondalkar's picture
Anil kondalkar
0 0 Votes
Login to vote
This issue has been solved. See solution.

Attached is the virus found which symantec detected and deleted. KIndly find which virus is this.

Discussion Filed Under:
, , , , ,

Comments 6 CommentsJump to latest comment

Ashish-Sharma's picture
Ashish-Sharma
Virus information - Comment:27 Nov 2012 : Link

HI,

32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and block access to security-related Web sites.

http://www.symantec.com/security_response/writeup....

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

SOLUTION
0
Login to vote
  • Actions
Anil kondalkar's picture
Anil kondalkar
Virus information - Comment:27 Nov 2012 : Link

Hi,

Access denied wt exact ?

0
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Virus information - Comment:27 Nov 2012 : Link

Hello,

Work on the Plan of Action as given below for a 100% result.

Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

2) Install MS08-67 patch download [KB 958644] on ALL computer.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

6) Enable Security Auditing with GPO

http://support.microsoft.com/kb/300549

7) Scan ALL the machines...

NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

Inaddition to this, please check the Article provided below and work upon the same.

1) Best Practice for Downadup.B and Additional information on the same.

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

2) Simple steps to protect yourself from the Conficker Worm

http://www.symantec.com/docs/TECH93179

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

+3
Login to vote
  • Actions
Ashish-Sharma's picture
Ashish-Sharma
Virus information - Comment:27 Nov 2012 : Link

Hi,

Check same problem thread

https://www-secure.symantec.com/connect/forums/w32...

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

+1
Login to vote
  • Actions
sandra.g's picture
sandra.g Symantec Employee Accredited Certified
Virus information - Comment:27 Nov 2012 : Link

For future reference, the blue link in the detection results takes you a write-up about the threat that was detected (see attached).

"Access denied" means the file was actually prevented from writing to the disk. See

http://www.symantec.com/docs/TECH102052

Access Denied
Specifies the events where Auto-Protect prevented a file from being created.

sandra

scan_0_edit.jpg

Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group

Don't forget to mark your thread as 'solved' with the answer that best helped you!
 

+2
Login to vote
  • Actions
Mick2009's picture
Mick2009 Symantec Employee
Virus information - Comment:28 Nov 2012 : Link

W32.Downadup is a threat that Symantec has examined in great depth.  Details about it can be found from the following link:

The Downadup Codex, Edition 2.0
https://www-secure.symantec.com/connect/blogs/downadup-codex-edition-20

With thanks and best regards,

Mick

+1
Login to vote
  • Actions