Endpoint Protection

 View Only

  • 1.  When will SEP detect sftwred.info

    Posted Feb 08, 2013 09:48 AM

    Hello,

     

    Several of our users machines are infected with sftwred.info. Below is some information about this malware:

     

    http://blog.yoocare.com/how-to-remove-sftwred-info-browser-redirect-virus-manually/

    http://www.zimbio.com/Latest+Computer+Threats/articles/Yyt4AMiitjC/Sftwred+info+Virus+Removal+Remove+Sftwred

    http://guides.yoosecurity.com/how-to-remove-sftwred-info-manual-removal/

     

    These users have the latest version of SEP 11. When I searched for sftwred.info, on Symantec's website, I could not find anything.

     

    Any advice???



  • 2.  RE: When will SEP detect sftwred.info
    Best Answer

    Posted Feb 08, 2013 09:51 AM

    If it is not being detected than they don't have the definitions for it yet.

    How to Use the Web Submission Process to Submit Suspicious Files

    Article:TECH102419  |  Created: 2007-01-07  |  Updated: 2012-07-05  |  Article URL http://www.symantec.com/docs/TECH102419

    Upload a sample to security response:

    https://submit.symantec.com/websubmit/gold.cgi

    Also, submit to virustotal to see if they are currently detecting it:

    https://www.virustotal.com/

    Do you have this .info file available? Usually it would be a dropper, like an executable that would be the infector.



  • 3.  RE: When will SEP detect sftwred.info

    Posted Feb 08, 2013 09:55 AM

    Hi,

    In your case, it is advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    How to Use the Web Submission Process to Submit Suspicious Files

    http://www.symantec.com/docs/TECH102419



  • 4.  RE: When will SEP detect sftwred.info

    Posted Feb 08, 2013 10:07 AM

    Hey Brian,

     

    I just emailed the user instructions on running another AV and uploading the malicious file to Symantec.

     

    When I entered the URL in virustotal, only one URL engine detected it, Websense

     

    https://www.virustotal.com/url/0685e1276f0e87ebd21df539b3c5ea40628f4bc1bc0b9718fde5477b18a9e1de/analysis/



  • 5.  RE: When will SEP detect sftwred.info

    Posted Feb 08, 2013 10:09 AM

    Looks to be brand new than or it has been re-coded to evade detection.