Video Screencast Help

Virus in usb

Created: 30 Jun 2013 • Updated: 24 Jun 2014 | 9 comments
This issue has been solved. See solution.

Shorcut icon create in usb and folders are hidden?

remove the icon but it again back when reconnect.

client is 11.0.7 Mp3

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture


Shortcut virus are create some Microsoft patch are missing in your system.

You can check some of fourms for same problem releated

Thanks In Advance

Ashish Sharma

Brɨan's picture

Run the SymHelp tool and submit any suspicious processes

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

Run the Symantec Power Eraser

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

update the microsoft patches.

run the symhelp and check against reputation and submit any suspsicious file to Symantec.

Disable autorun.

Sumit G's picture

Update your system with Latest Defintion.

Make sure your system are update with Latest MSPatches.

Scan your system in safemode.

If it not be clean then submit the suspicious files to symantec security team

Collect the log and also submit to symantec


Sumit G.

AjinBabu's picture


Update your System aswell the OS and run a full scan on safe mode.



Sachin Sawant's picture

Apply the MS patch (KB2286198), block the autorun.inf via SEPM and full scan the machine.

Mithun Sanghavi's picture


W32.Changeup.C  is a worm that spreads through removable and shared drives by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

W32.Stuxnet!lnk is a detection for .lnk files created by the W32.Stuxnet worm.

Bloodhound.Exploit.346 is a heuristic detection for files attempting to exploit the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

New Trojan.Shylock wave

The Shylock “LNK” Awakening

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on :

We also offer a self-service site to analyze files, at, which can give you more information on the files you submit to it.

Check these Articles:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

So, as we see these above Threats appears when there are open vulnerabilities on the machines.

In your case, I would suggest the below Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

4) Disable Auto play with GPO

5) Disable the System Restore with GPO

6) Disable Scheduled Tasks with GPO

7) Incase of any shared / mapped drives present, make sure these are password protected.

8) Scan ALL the machines...

Here are some excellent suggestions on how to keep your computers, their users and data safe:

Check this Thread with similar issue:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.