Endpoint Protection

 View Only

  • 1.  virus suspect on system

    Posted Jan 29, 2015 01:55 AM

    I have a doubt on some file which is look like a virus file. I scan one by one on virustotal website. It not detect when i bunch of the files in zip and scan it again. it show me the file is detect as virus on some website. Symantec not be dtect it on virustotal

    SHA256: afd699fe02e3474ae13e6aae01c7f193a1b9ece6c9c7bcc4effbf55809d59845
    File name: virus.zip
    Detection ratio: 19 / 57
    Analysis date: 2015-01-29 06:13:36 UTC ( 0 minutes ago )

    See some av report, can you help me

    Symantec   20150129
    Tencent   20150129
    TheHacker Trojan/Lnk.gen 20150128
    TotalDefense LNK/Gamarue 20150128

     



  • 2.  RE: virus suspect on system
    Best Answer

    Posted Jan 29, 2015 12:51 PM

    Did you submit to security response?

    https://submit.symantec.com/websubmit/gold.cgi

    That's looks to be FakeAV. You should submuit so they can review and write a new set of defs.

    Also run a threat analysis scan from symhelp:

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH215519



  • 3.  RE: virus suspect on system
    Best Answer

    Posted Jan 30, 2015 12:35 AM

    You can submit the virus sample

    https://submit.symantec.com/websubmit/essential.cgi

     

    Run the symhelp to identify and secure the system from virus

     

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)

    Article:TECH215519  | Created: 2014-03-03  | Updated: 2014-07-10  | Article URL http://www.symantec.com/docs/TECH215519

     

    Eliminating viruses and security risks

    Article:HOWTO27280  | Created: 2010-01-08  | Updated: 2010-01-15  | Article URL http://www.symantec.com/docs/HOWTO27280

     

    What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

    Article:TECH99222  | Created: 2001-01-19  | Updated: 2010-08-13  | Article URL http://www.symantec.com/docs/TECH99222

     



  • 4.  RE: virus suspect on system

    Posted Jan 30, 2015 06:01 AM

    Hi data.process,

    Do submit that .zip as per above.

    Also: Symantec will detect the malcious content inside a .zip.  The .zip file itself is not malcious. (Think of the .zip like the envelope that contains a malicious letter.  The letter inside is harmful, but the envelope itself is not, it is just a container.)

    Please do update this thread with your progress!

    Many thanks,

    Mick



  • 5.  RE: virus suspect on system

    Posted Jan 31, 2015 02:36 AM

    Submitted the virus on symantec. will wait for positive revert.



  • 6.  RE: virus suspect on system

    Posted Jan 31, 2015 03:59 AM

    Hy,

     

    if your okay with manaul report upload it to 

     

    http://www.threatexpert.com/ 

     

    it would let you know what attribute changes are being made on the client and if symantec has found it as a threat or not.

     

    Cheers.



  • 7.  RE: virus suspect on system

    Posted Feb 02, 2015 05:47 AM

    Many thanks! Feel free to PM me the Tracking number.  I will have a quick look.

    All the best,

    Mick



  • 8.  RE: virus suspect on system

    Posted Feb 03, 2015 05:46 AM

    Jut a ping to see if you have received a response- please do update this thread when you have a minute.

     

    Many thanks!

     

    Mick