Endpoint Protection

Hello,

I have a customer using Symantec Endpoint Protection (SEP) and recently I found multiple folder's shortcut created under particular folders. Suspecting this maybe be caused by virus etc, I removed the SEP and found WORM_OTORUN.SMJ on one computer after scanning with another Antivirus. (this worm also creates autorun.exe under few folders).
As I want to continue using SEP, I'm wondering how can I have the SEP virus definition updated with this virus definition?

NOTE : The details of this virus on the file attachment.

Any help would be appreciated.

Thank you.

Regards,

Fathur

Attachment(s)

log 09062011.xls   20 KB 1 version

If possible, try rescanning the drive from a clean machine.

There are multiple threats that use this exe file: http://www.threatexpert.com/files/autorun.exe.html

If it is not one of those, you may want to submit a test file to Symantec.

Hi Fathur,

Please do submit a sample for Symantec to analyze- Security Response can then examine it and create protection against it. 

Thanks and best regards,

Mick

Whenever you have a virus, removing SEP from the machine is really the last thing you want to do.  If running a full system scan in safe mode with the latest definitions does not yield any detections, then the next best thing you should do is open a case and submit the files for review.