Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

W32.Feberr

Created: 10 Nov 2009 • Updated: 02 Jun 2010 | 7 comments
This issue has been solved. See solution.

Hello.

I'm having some problems with infections by the W32.Feberr worm.

It seems that SEP doesn't fully remove this Worm. The removal process on the virus details page only says to update the virus definitions and run a full scan. That doesn't work. It detects the infected files (mostly .tmp files in the user profile temp folder) and move to quarentine. 

Some day later there is the virus infections again.

I want to know if there is any other procedure or a removal tool that fully removes this virus.

Thanks for the help.

Comments 7 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

 If the virus is getting detected again and again or it is getting re-infected that means.

Either some computer or media is re-infecting this system ( Flash Drive,CD/DVD or some unpatched infected computer)

or there are still some file which is not getting detected as a threat and they are redownloading the worm and is infecting.

have you turned on Autoplay.very first thing to do in case of Worm.

Clear out all temp folder and temp internet content.

If you find any suspicious file submit it https://submit.symantec.com/basic

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
AravindKM's picture

Ensure your all pcs in the network having latest patches
For more information regarding recommended procedures clock here 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

Below docs can help you in this
More on How to Disable AutoPlay feature to prevent Virus spreading this way 
How to Disable AutoPlay feature to prevent Virus spreading using this feature.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Mithun Sanghavi's picture

Hello,

Here are 5 things you need to know about...what I call as 5 Common KB's to protect your network.

1) 'Common loading points for viruses, worms, and Trojan horse programs on Windows NT/2000/XP/2003'

 http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2001060517115206?Open&seg=ent

2) The 5 Steps of Virus Troubleshooting

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

EMachado's picture

Thanks for all the replies.

Just for you know:

1 - The autorun feature is already disable in all corporate machines throught GPO;

2 - The autorun.inf files are blocked throught SEP Application and Device Control;

3 - Already checked infected machines on the known registry and startup entry points, process list and services. Nothing suspicious was found.

Mithun Sanghavi's picture

Hello,

Please work on the POA provided below:

1) All Computers are installed with Symantec EP with latest / updated with virus defintions and
2) Disable the System Restore from GPO
3) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
4) Disable Scheduled Tasks with GPO
http://support.microsoft.com/kb/310208
5) Enable Security Auditing with GPO
http://support.microsoft.com/kb/300549
6) Run a Scan all the machines...

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AravindKM's picture

Ensure that latest patches are available in all your systems
Enable Risk tracker and see any suspicious activity is present in the network
Fore more info refer the below article
Worms and threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind