Endpoint Protection

 View Only

  • 1.  virus in system

    Posted Sep 30, 2014 02:16 AM

    trojan.gen risk detect in system and quarantine the file dongleserver.exe. Is it risky for the server?

    Symhelp tool run on the system but it not be capture any of the virus file. Can i remove the system from network or still continue with it.

    Because a lot of viruses capture with that virus.

    Other detail

    Trojan.Semnager location is AppData\Roaming\OpenCandy\625DC0D66D894967B9CB551D81E9CB34\

    Name - settingsmanagersetup.exe

    Status - Backup



  • 2.  RE: virus in system

    Posted Sep 30, 2014 02:30 AM

    Hi.

    Please Update the system with latest Antivirus definition and do a full scan of the system and then run NPE tool on the system.

    Please check the below article for best help.

    http://www.symantec.com/security_response/writeup.jsp?docid=2013-080623-4310-99&tabid=3

    https://www-secure.symantec.com/connect/forums/symantec-antivirus-detection-results-trojangen

     

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-082216-3542-99

    http://www.symantec.com/security_response/detected_writeup.jsp?name=Trojan.Gen.2

     



  • 3.  RE: virus in system
    Best Answer

    Posted Sep 30, 2014 02:36 AM

    Symantec has detected dongleserver.exe as a virus.

    You can submit the file for symantec responce file.

    https://www.virustotal.com/

    https://submit.symantec.com/websubmit/retail.cgi

    Best Practices for Troubleshooting Viruses on a Network

    Article:TECH122466  | Created: 2010-01-15  | Updated: 2014-08-14  | Article URL http://www.symantec.com/docs/TECH122466


  • 4.  RE: virus in system
    Best Answer

    Posted Sep 30, 2014 02:48 AM

    Check the virus total report

    https://www.virustotal.com/en/file/a47557f072bb94180a05d18081b4a573e770374bc34a1dcc7185a55a1487d21e/analysis/

    Symantec is now detect it as a trojan.gen virushttp://www.symantec.com/security_response/writeup.jsp?docid=2010-022501-5526-99 and its quarantine. You can delete it

    You can run the symhelp tool again and submit the report to symantec for the safety and clean the network from virus.



  • 5.  RE: virus in system
    Best Answer

    Posted Sep 30, 2014 05:10 AM

    Hi consoleadmin,

    Do you believe this to be a False Positive?

    Best Practice when Symantec Endpoint Protection is Detecting a File that is Believed to be Safe
    http://www.symantec.com/docs/TECH98360

    I would definitely check the MD5 or SHA256 hash of the file being detected, and run that through virustotal.com and threatexpert.com.  Don't rely on just the file name alone, as a file can be named anything.

    How to determine the unique hash of a file detected by Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH211522
     

    If you believe that this file should noty be detected but it still is with the latest definitions, then do submit it to the false positives portal.

    Hope this helps!  Please keep this thread up to date with your progress!  &: )

    Mick



  • 6.  RE: virus in system

    Posted Oct 01, 2014 01:52 AM

    Hi again,

    Just a ping to see if there is any update on this thread?  Do you have the hash of the file involved?

    With thanks and best regards,

    Mick