Endpoint Protection

We have a threat spreading on our computers.

I hope I have sent the file to the right place.
https://submit.symantec.com/websubmit/retail.cgi
I got this tracking number (Tracking #16085023)
 

The problem is that "Symantec Endpoint Protection 11.0.5002.333 (Definitions: 30 june 2010 r41)" is not detecting the virus(trojan).
We have tested with AVAST and it detects the threat as (Win32:VB-OND)

It spreads via USB memmory.

Please help us with removalinstruktions.

Regards
Peter M

The updates for new virus has to be given by Symantec only.But for avoiding spread for such virus you can do something
First disable autoplay.this is one of the common way of spreading the virus
How to prevent a virus from spreading using the "AutoRun" feature

Have a look at this article also .It will also will be helpful to you
Online Virus and Behavioural Scan Engines

haven't you received the closing tracking number? The mail will declare whether the file submitted are clean or infected.

I submitted the file and i recived an email with the header "[TRACKING]: Symantec Security Response Automation (Tracking #16085023)"  2010-07-01 09:53:06
and I have still not recived a [CLOSING] mail ? Time is now 2010-07-01 11:19

Did I send this file to the right submission sajt ?  https://submit.symantec.com/websubmit/retail.cgi


Regards
Peter M

P.S  Thanks AravindKM for the advise regardning autorun.
But the problem with this virus (trojan) is that the user klick on the icon for the USB memmory and the gets it anyway.

you may need to open support case and talk to Technician on the update on the closing, if you have received the tracking number, it has been sent to updated successfully.

Educating user is a very important thing in prevention of threats.You can create a policy in SEPM with the help of  application and device control to prevent executable  executing directly from a USB drive.This will reduce the risk.Refer this KB
How to prevent programs from running by blocking the file extension types from removable drives.

Guys, retail is for the consumer products. I am not sure , but I think that due to the high volume or retail submissions you will not get an email notification.

You should submit though "Basic" or "BCS" for enterprise support.

http://www.symantec.com/business/security_response/submitsamples.jsp

Peter, if you are a enterprise customer, you would not want to submit through the retail submission page.  I would also suggest submitting the suspected files to Threat Expert.  I would also try updating with Rapid Release defs if current certified definitions aren't finding it.

This submission does still show as open.  No determination has been made on the explorer.exe file submitted--this doesn't mean it's malicious, it just needs further analysis.  The other two say no malicious content.

One of the other files is an autorun.inf file, which is only a text file and is not malicious in and of itself.  Was there a reference within that file to an executable? If so, that is what we would want to analyze if you did not already submit it.

sandra

Submission site for Symantec Business Support
https://www-secure.symantec.com/connect/forums/help-new-virustrojan


A public site now owned by Symantec (They are real quick)
http://www.threatexpert.com/default.aspx

...that first link is to this very forum thread.

sandra

I have now created a "mysupport" account. (https://mysupport.symantec.com/)

Do anyone know how to obtain one of following things.

Technical Contact Id :
or
Support Number :
or
Technical Case Id :

I need it to submit my question to the support team.

How to Contact Customer Care and Technical Support