Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

When will SEP detect sftwred.info

Created: 08 Feb 2013 • Updated: 08 Feb 2013 | 4 comments
This issue has been solved. See solution.

Hello,

 

Several of our users machines are infected with sftwred.info. Below is some information about this malware:

 

http://blog.yoocare.com/how-to-remove-sftwred-info-browser-redirect-virus-manually/

http://www.zimbio.com/Latest+Computer+Threats/articles/Yyt4AMiitjC/Sftwred+info+Virus+Removal+Remove+Sftwred

http://guides.yoosecurity.com/how-to-remove-sftwred-info-manual-removal/

 

These users have the latest version of SEP 11. When I searched for sftwred.info, on Symantec's website, I could not find anything.

 

Any advice???

Comments 4 CommentsJump to latest comment

.Brian's picture

If it is not being detected than they don't have the definitions for it yet.

How to Use the Web Submission Process to Submit Suspicious Files

Article:TECH102419  |  Created: 2007-01-07  |  Updated: 2012-07-05  |  Article URL http://www.symantec.com/docs/TECH102419

Upload a sample to security response:

https://submit.symantec.com/websubmit/gold.cgi

Also, submit to virustotal to see if they are currently detecting it:

https://www.virustotal.com/

Do you have this .info file available? Usually it would be a dropper, like an executable that would be the infector.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Ashish-Sharma's picture

Hi,

In your case, it is advisable to follow few important steps:

1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

2) Make sure the machines are installed with the Latest Symantec virus definitions.

3) Disable the Autorun Feature on the machine.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/business/support/index?page=content&id=TECH104447

Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/docs/TECH102419

Thanks In Advance

Ashish Sharma

 

 

RSASKA's picture

Hey Brian,

 

I just emailed the user instructions on running another AV and uploading the malicious file to Symantec.

 

When I entered the URL in virustotal, only one URL engine detected it, Websense

 

https://www.virustotal.com/url/0685e1276f0e87ebd21df539b3c5ea40628f4bc1bc0b9718fde5477b18a9e1de/analysis/

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

.Brian's picture

Looks to be brand new than or it has been re-coded to evade detection.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.