Vidéos d'aide de Screencast
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec endpoint protection could not catch newfolder.exe virus

Created: 29 Juillet 2012 • Updated: 31 Juillet 2012 | 9 comments

Dear All,

I have been using Symantec Endpoint Protection 11.0 but I am quite fedup with .exe virus as in each folder of my system, .exe virus is present. Suppose here is name of foder i.e "raheel". when I click on raheel folder, here there is raheel.exe file is present alongwith my data. users are facing with great difficulties for this type of virus as in every folder, there relevant .exe folder are generating and Symantec is unable to detect, delete or qurantine it. Pleae help on this.

Commentaires CommentairesAccéder au dernier commentaire

l'image des pete_4u2002

is the AV updated with signatures?

is Autoprotect on?

have you submittedthe file to Symantec security response? if not, suggest you to do it on priority.

Also suggest to open support ticket, to know the suspiciosu file present on the system.

l'image des shahid-ahmed

yes AV is quite updated with current signatures and autoprotect is on.

Moreover my all systems are on Domain and i also limited c: partition more secure as only read permission has been granted to domain user. however domain user can write on their profile.

I want any tool that can quickly remove this type of virus from systems.

l'image des K33

Hi,

Please don't be attach any Virus releted Folder in Symantec Forums.

Update your system latest Defination.

https://www-secure.symantec.com/connect/forums/need-virus-removal-tool

If not, there are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Rapid Release Virus Definitions –

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

Power Eraser tool –

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitionshttp://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Support Tool with Power Eraser Tool included –

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

http://www.symantec.com/business/security_response/submitsamples.jsp

http://www.threatexpert.com/submit.aspx

l'image des Simpson Homer

Hello

Please follow the steps given by Kashish, Also check if you have any GPO policy set that could be causing this issue.

Run the power eraser tool and follow its instructions.

http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

l'image des Vikram Kumar-SAV to SEP

Submit the file to symantec security response it will get detected and removed from all computers at once after next def update..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

l'image des .Brian

This is currently being detected by Symantec as W32.Imaut with the latest defintion set.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Mick2009

There are enough websites active today which are responsible for spreading malware.  Please don't add Connect to that list!  The links provided by other experienced members in the posts above are the ONLY way to get a virus sample to Symantec.

With thanks and very best regards,

Mick

With thanks and best regards,

Mick

l'image des cus000

I agreed with Brian,

Just saw this new variant few days ago, quite big in size... about 32mb lol

Use SEP Support tool, run load point analysis, copy this sample and then submit to Symantec... and Virustotal - virustotal.com