Video Screencast Help

virus issue - chinese language corrupted files and folders in pen drive

Created: 07 May 2013 • Updated: 01 Aug 2013 | 5 comments
kishorilal1986's picture
This issue has been solved. See solution.

Hi Can anyone help me as virus issue - chinese language corrupted files and folders in pen drive. please see attached snapshot and provide me resolution as I cant open or see the file contents.

Comments 5 CommentsJump to latest comment

.Brian's picture

You zip them up, 9 per zip file, and submit to security response

http://www.symantec.com/security_response/submitsa...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

In your case, what I believe is your USB drive is clearly infected.

Are running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

Run a scan in safe mode with networking to remove the virus.

Could you zip each of the files and folders, submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

Once submitted, please PM me the Tracking number.

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

In your case, it is also advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine via GPO. http://support.microsoft.com/kb/967715

4) Disable System Restore before you do this as the virus also creates entries in the System Restore Points store volumes.

Also, check this Article:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Chetan Savade's picture

Hi,

I hope you are using all three SEP features AV/AS, PTP & NTP.

You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Symantec Help (SymHelp)

http://www.symantec.com/docs/TECH170752

You can scan the machine using Symantec power eraser tool also.

Use Power Eraser to detect threat and remove them

http://www.symantec.com/theme.jsp?themeid=spe-user...

Best Practices for Troubleshooting Viruses on a Network

http://www.symantec.com/docs/TECH122466

Follow the best practices:

1) Install all the SEP features i.e. AV/AS, PTP & NTP.

1) System should be updated with Service packs and windows patches.

2) Make sure the machines are installed with the latest third party applications.

3) Disable the Autorun Feature if not using SEP 12.1.

 

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

pete_4u2002's picture

does accessing files SEP detects? if not submit the files to Security respons.e

Is the client machine updated latest Av definition.