Endpoint Protection

 View Only
  • 1.  W32.Harakit is not getting cleaned from shared drive

    Posted Nov 12, 2010 06:53 AM
    Hi,
     
     
    Virus is not getting detected by full scan, same is detected by auto protect scan. Detection is happening from shared drive.
     
     
    How we will clean it.
     
     
    Rgds,
    Sanoj
     


  • 2.  RE: W32.Harakit is not getting cleaned from shared drive

    Posted Nov 12, 2010 06:58 AM

    It may be getting infected from another system in the network.Use risk tracer  and see.Have a look at this article also

     

     

    Wormsand threats that spread across networks by network shares have become more common in recent years.--Like Downadup/Conficker



  • 3.  RE: W32.Harakit is not getting cleaned from shared drive

    Posted Nov 12, 2010 11:01 AM

    This type of infection spreads over the network.

    Try downloading the intelligent updater, install it and try scanning again. Also before that make sure System restore is disabled, All the network shares are removed and Antivirus has the latest definitions.

    Title: 'How to update definitions for Symantec Endpoint Protection using the Intelligent Updater
    Web URL: http://www.symantec.com/business/support/index?page=content&id=TECH102606&locale=en_US

    Title: 'W32.Harakit
    Web URL: http://www.symantec.com/security_response/writeup.jsp?docid=2008-102011-5014-99



  • 4.  RE: W32.Harakit is not getting cleaned from shared drive

    Posted Nov 12, 2010 12:04 PM

    Hi Sanoj,

    What Symantec product are you using for that AP scan and full system scan?

    Whet exactly deos it say in the risk logs / Windwos Applciation Event logs-?  Is the threat left along, partially removed, etc.-?

    Thanks and best regards,

    Mick



  • 5.  RE: W32.Harakit is not getting cleaned from shared drive

    Posted Nov 12, 2010 12:21 PM

    When Auto-protect detects a file it doesn't mean the file is on your local system it might be on a remote system which is infected and is accessing the shared drive.

    So make sure all the system that are accessing the Shared Drive are up-to-date with virus defs.

     

    Also enable risk tracer it will tell the name of the machine from where this virus is coming from

    Check this doc

    http://www.symantec.com/business/support/index?page=content&id=TECH102539&locale=en_US

    w32.harakit is worm and it spreads through autoruns/autoplay