Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Autorun.inf problem

Created: 16 Sep 2012 • Updated: 11 Oct 2012 | 4 comments
dmcbbalab's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote
Status: Alternative Solution

My Pendrive contains a autorun.inf virus .Symantec does not detect this virus.The user opens the pendrive.The user profile gets affected by the virus.Subsequently if  I insert any pendrive on this system, in this user profile,all the pendrive data becomes hidden and shortcuts are created.If I take this same pendrive and use it on another machine,that machine userprofile is affected.

I have tried :
1)Scanning the pendrive in safe mode.
2)I have scanned the system in safe mode.
3)I have run the symantec support tool to scan if any problem

But no virus is getting detected.

If I scan the pendrive with another antivirus ,that antivirus immediately detect a TROJAN on autorun.inf and cleans the virus.

I want symantec to start a autoscan immediately after the pendrive ( or any removable drive) is plugged into system (even before the user selects a scan for viruses option) and delete the auotrun.inf virus if it exists on the device

Comments 4 CommentsJump to latest comment

Ashish-Sharma's picture

Hi,

I think you have raised IDEA not thread

Check this thread

https://www-secure.symantec.com/connect/forums/block-autoruninf

You can blocked Autorun.inf

Ashish Sharma

Chetan Savade Technical Support Accredited

Hi,

In SEP 11.x you can block autorun.inf through multiple way with the help of following articles.

Preventing a virus from using the AutoRun feature to spread itself

http://www.symantec.com/docs/TECH104447

Preventing viruses using "autorun.inf" from spreading with "Application and Device Control" policies in Symantec Endpoint Protection (SEP) 11.x

http://www.symantec.com/docs/TECH104909

Microsoft KB articles to disable Autorun

http://support.microsoft.com/kb/967715

http://technet.microsoft.com/en-us/magazine/cc137730.aspx

From SEP 12.1 onwards, SEPM will block autorun.inf by default. It's a part of Application & device control policy.

Thanks In Advance

Ashish Sharma

+1
Login to vote
Mick2009's picture

You may wish to cast a vote in favor of this proposed enhancement request: https://www-secure.symantec.com/connect/idea/automatically-demand-avas-scan-usb-devices-when-plugged

With thanks and best regards,

Mick

0
Login to vote
Surendrakumar97's picture

How to use Group Policy settings to disable all Autorun features in Windows Server 2008 or Windows Vista

Use either of the following methods:

Method 1

  1. Click Start
    Collapse this imageExpand this image
     

    , type Gpedit.msc in the Start Search box, and then press ENTER.

    Collapse this imageExpand this image
     

    If you are prompted for an administrator password or for confirmation, type the password, or click Allow.

  2. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
  3. In the Details pane, double-click Turn off Autoplay.
  4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  5. Restart the computer.

Method 2

  1. Click Start
    Collapse this imageExpand this image
     

    , type Gpedit.msc in the Start Search box, and then press ENTER.

    Collapse this imageExpand this image
     

    If you are prompted for an administrator password or for confirmation, type the password, or click Allow.

  2. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.
  3. In the Details pane, double-click Default Behavior for AutoRun.
  4. Click Enabled, and then select Do not execute any autorun commands in the Default Autorun behavior box to disable Autorun on all drives.
  5. Restart the computer.
0
Login to vote
Jaycee's picture

I have an unmanaged SEP 12.1.1101.401 client and it cannot automatically scan/clean autorun.inf-related viruses on one of the usb hard drive I use in my clients' networks.

Besides, it detected and cleaned correctly the other viruses on the drive, when opening the drive in Explorer (scan enabled when accessing files, not only executed files).

However, some exe files linked to autorun.inf were not detected / cleaned because they had "hidden" and "system" attributes : this does not harm the current host, but it could still harm other hosts not protected by SEP, in my other clients' networks for example.

The result is that my hard drive is a healthy carrier of an autorun.inf threat...

In order to force SEP to scan / clean it, I performed the following in a cmd.exe prompt, where X is the usb drive :

attrib -r -h -s X:\*.*

Then view / scan the files which just appeared.

I'd like SEP to warn / autoclean +r/+h/+s files at the root of usb drives. Thanks!

0
Login to vote