Hi,
We're now facing this kind of virus that looks like a hidden folder. Moreover it keeps on appearing even after deleting it.
Please see below image ofr your reference:
How can I totally remove this?
Have you run a full scan with SEP/NOrton power eraser? Did it remove it?
Have you tried other third party tools?
Hi Brian,
Yes, i did run norton and symdiag but the folder is still there. I also run third party apps.
Is there any other way to remove it totally as this virus is penetrating all the computers here in my organization?
I'd identify those machines and remove from the network quickly. You can also submit a sample to Symantec to see if they know about it. Maybe best to work with someone from Symantec support as well on this.
We are seeing the same thing. Do You have Watchguard host sensor installed on that machine by chance?
We are seeing the same thing on a couple machines. Do You have Watchguard host sensor installed by chance?
Reached out to watchguard today and got this response:
"The files you are referring to are part of the Host Ransomware Prevention features when running in Detect or Prevent mode that the host sensor software uses to check if there is a process attempting to encrypt files on the drive. If they are deleted the host sensor will regenerate those folders and files automatically on the next boot. Here are some more details regarding Host Ransomware Prevention: Host Ransomware Prevention: http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/services/tdr/tdr_hrp_c.html "
