Endpoint Protection

 View Only

  • 1.  W32.BlastClan.B

    Posted Jan 07, 2008 11:06 PM
    Hi all,
     
       In one of my branch office, we have SAV 10.1 Corporate Edition installed in 30 Nos of Win XPP PCs. Last week this network is attacked by W32.Blastclan.B Virus. Eventhough the autoprotect detects the threat it does not clean the root cause of the virus.
     
       I already followed the instructions given by symantec support pages but results not solved. Please give a solution to overcome this problem.
     
     
    Regards
    Sivakumar K M
    Ennore Foundries Ltd
    Chennai - INDIA
    Mob: +91 98417 09780


  • 2.  RE: W32.BlastClan.B

    Posted Jan 08, 2008 04:29 AM
    From the writeup: W32.Blastclan.B is a worm that spreads by copying itself to network shares.

    Basically what is happening there is that you have a machine that is trying to copy the threat from an unprotected machine to the protected machines. That is why Symantec Antivirus is detecting it but it comes back again. You need to find that unprotected machine to stop the infection.
    It is quite likely a laptop that somebody plugged into the network or an "under the desk" machine that is managed by your IT and therefore it may not have antivirus or out of date definitions.

    There is a feature called threat tracer in SAV that tells you from which machine is the threat coming. You can also see the open connections with a netstat or tcpview from sysinternals.

    This should solve your issue


  • 3.  RE: W32.BlastClan.B

    Posted Jan 09, 2008 02:02 AM
    Thank you Sir
     
    Regards
    K.M.Sivakumar
    Ennore Foundries Ltd