W32.Feberr
Updated: 02 Jun 2010 | 7 comments
This issue has been solved. See solution.
Hello.
I'm having some problems with infections by the W32.Feberr worm.
It seems that SEP doesn't fully remove this Worm. The removal process on the virus details page only says to update the virus definitions and run a full scan. That doesn't work. It detects the infected files (mostly .tmp files in the user profile temp folder) and move to quarentine.
Some day later there is the virus infections again.
I want to know if there is any other procedure or a removal tool that fully removes this virus.
Thanks for the help.
discussion Filed Under:
Comments
If the virus is getting
If the virus is getting detected again and again or it is getting re-infected that means.
Either some computer or media is re-infecting this system ( Flash Drive,CD/DVD or some unpatched infected computer)
or there are still some file which is not getting detected as a threat and they are redownloading the worm and is infecting.
have you turned on Autoplay.very first thing to do in case of Worm.
Clear out all temp folder and temp internet content.
If you find any suspicious file submit it https://submit.symantec.com/basic
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Try this
Ensure your all pcs in the network having latest patches
For more information regarding recommended procedures clock here
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Below docs can help you in
Below docs can help you in this
More on How to Disable AutoPlay feature to prevent Virus spreading this way
How to Disable AutoPlay feature to prevent Virus spreading using this feature.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
5 steps for Virus Prevention
Hello,
Here are 5 things you need to know about...what I call as 5 Common KB's to protect your network.
1) 'Common loading points for viruses, worms, and Trojan horse programs on Windows NT/2000/XP/2003'
2) The 5 Steps of Virus Troubleshooting
3) How to prevent a virus from spreading using the "AutoRun" feature
4) General security practices for network administrators
5) Example of an Emergency Containment Plan to respond to a virus infection
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Thanks for all the
Thanks for all the replies.
Just for you know:
1 - The autorun feature is already disable in all corporate machines throught GPO;
2 - The autorun.inf files are blocked throught SEP Application and Device Control;
3 - Already checked infected machines on the known registry and startup entry points, process list and services. Nothing suspicious was found.
POA.
Hello,
Please work on the POA provided below:
1) All Computers are installed with Symantec EP with latest / updated with virus defintions and
2) Disable the System Restore from GPO
3) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
4) Disable Scheduled Tasks with GPO
http://support.microsoft.com/kb/310208
5) Enable Security Auditing with GPO
http://support.microsoft.com/kb/300549
6) Run a Scan all the machines...
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Ensure that latest patches
Ensure that latest patches are available in all your systems
Enable Risk tracker and see any suspicious activity is present in the network
Fore more info refer the below article
Worms and threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Would you like to reply?
Login or Register to post your comment.