Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Virus in usb

Created: 29 Jun 2013 • Updated: 24 Jun 2014 | 9 comments
This issue has been solved. See solution.

Shorcut icon create in usb and folders are hidden?

remove the icon but it again back when reconnect.

client is 11.0.7 Mp3

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

Shortcut virus are create some Microsoft patch are missing in your system.

You can check some of fourms for same problem releated

https://www-secure.symantec.com/connect/forums/short-cut-virus

https://www-secure.symantec.com/connect/forums/vir...

Thanks In Advance

Ashish Sharma

.Brian's picture

Run the SymHelp tool and submit any suspicious processes

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

http://www.symantec.com/docs/TECH203027

Run the Symantec Power Eraser

https://www.symantec.com/theme.jsp?themeid=spe-use...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

update the microsoft patches.

run the symhelp and check against reputation and submit any suspsicious file to Symantec.

Disable autorun.

Sumit G's picture

Update your system with Latest Defintion.

Make sure your system are update with Latest MSPatches.

Scan your system in safemode.

If it not be clean then submit the suspicious files to symantec security team

http://www.symantec.com/security_response/submitsamples.jsp

Collect the log and also submit to symantec

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

Regards

Sumit G.

AjinBabu's picture

HI, 

Update your System aswell the OS and run a full scan on safe mode.

Regards

Ajin

Sachin Sawant's picture

Apply the MS patch (KB2286198), block the autorun.inf via SEPM and full scan the machine.

Mithun Sanghavi's picture

Hello,

W32.Changeup.C  is a worm that spreads through removable and shared drives by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

W32.Stuxnet!lnk is a detection for .lnk files created by the W32.Stuxnet worm.

Bloodhound.Exploit.346 is a heuristic detection for files attempting to exploit the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

New Trojan.Shylock wave

https://www-secure.symantec.com/connect/blogs/new-trojanshylock-wave

The Shylock “LNK” Awakening

https://www-secure.symantec.com/connect/blogs/shylock-lnk-awakening

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Check these Articles:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

So, as we see these above Threats appears when there are open vulnerabilities on the machines.

In your case, I would suggest the below Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable the System Restore with GPO

http://support.microsoft.com/kb/283073

6) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

7) Incase of any shared / mapped drives present, make sure these are password protected.

8) Scan ALL the machines...

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Check this Thread with similar issue:

https://www-secure.symantec.com/connect/forums/lnk-virus

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.