Endpoint Protection

 View Only

  • 1.  W32.Feberr

    Posted Nov 10, 2009 07:26 AM
    Hello.

    I'm having some problems with infections by the W32.Feberr worm.

    It seems that SEP doesn't fully remove this Worm. The removal process on the virus details page only says to update the virus definitions and run a full scan. That doesn't work. It detects the infected files (mostly .tmp files in the user profile temp folder) and move to quarentine. 

    Some day later there is the virus infections again.

    I want to know if there is any other procedure or a removal tool that fully removes this virus.

    Thanks for the help.


  • 2.  RE: W32.Feberr
    Best Answer

    Posted Nov 10, 2009 07:42 AM
     If the virus is getting detected again and again or it is getting re-infected that means.

    Either some computer or media is re-infecting this system ( Flash Drive,CD/DVD or some unpatched infected computer)

    or there are still some file which is not getting detected as a threat and they are redownloading the worm and is infecting.

    have you turned on Autoplay.very first thing to do in case of Worm.

    Clear out all temp folder and temp internet content.

    If you find any suspicious file submit it https://submit.symantec.com/basic


  • 3.  RE: W32.Feberr

    Posted Nov 10, 2009 07:45 AM
    Ensure your all pcs in the network having latest patches
    For more information regarding recommended procedures clock here 


  • 4.  RE: W32.Feberr



  • 5.  RE: W32.Feberr

    Trusted Advisor
    Posted Nov 10, 2009 07:58 AM
    Hello,

    Here are 5 things you need to know about...what I call as 5 Common KB's to protect your network.


    1) 'Common loading points for viruses, worms, and Trojan horse programs on Windows NT/2000/XP/2003'
     http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2001060517115206?Open&seg=ent

    2) The 5 Steps of Virus Troubleshooting


  • 6.  RE: W32.Feberr

    Posted Nov 10, 2009 08:18 AM
    Thanks for all the replies.

    Just for you know:

    1 - The autorun feature is already disable in all corporate machines throught GPO;

    2 - The autorun.inf files are blocked throught SEP Application and Device Control;

    3 - Already checked infected machines on the known registry and startup entry points, process list and services. Nothing suspicious was found.


  • 7.  RE: W32.Feberr

    Trusted Advisor
    Posted Nov 10, 2009 08:29 AM
    Hello,

    Please work on the POA provided below:

    1) All Computers are installed with Symantec EP with latest / updated with virus defintions and
    2) Disable the System Restore from GPO
    3) Disable Auto play with GPO
    http://support.microsoft.com/kb/953252
    4) Disable Scheduled Tasks with GPO
    http://support.microsoft.com/kb/310208
    5) Enable Security Auditing with GPO
    http://support.microsoft.com/kb/300549
    6) Run a Scan all the machines...





  • 8.  RE: W32.Feberr

    Posted Nov 10, 2009 08:31 AM
    Ensure that latest patches are available in all your systems
    Enable Risk tracker and see any suspicious activity is present in the network
    Fore more info refer the below article
    Worms and threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker