Endpoint Protection

 View Only

  • 1.  Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Posted Dec 28, 2011 08:46 AM

    I have had a couple of instances whereby users have experienced that their folders in USB flash drives are turned into .exe files, and the following are added:

    porn.exe, sexy.exe, passwords.exe, secret.exe, m.mpeg, and another random .exe file.

     

    For some reason symantec is not able to contain the virus/worm. I have to gamble with the manual removal of the worm which is impractical most of the times.

     

    Any heads up..... ?? solutione?



  • 2.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup



  • 3.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Posted Dec 28, 2011 09:15 AM

    so the detection and the deletion is manual? thats what i learnt on the other page...



  • 4.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Trusted Advisor
    Posted Dec 28, 2011 09:34 AM

    Hello,

    In your case, there are few suggestions.

    1) Check if these machines are updated with the Latest Microsoft Updates and Security Patches.

    2) Check if the Autorun is disabled.

    3) Symantec is carrying the Latest Virus Definitions and Run a Full scan in Safe mode.

    Also, you can Run the Symantec Support Tool which may assist you to submit the suspicious files to the Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

    It is always advisable to Work on the Best practices for troubleshooting viruses on a network

    http://www.symantec.com/docs/TECH122466

    Hope that helps!!



  • 5.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Broadcom Employee
    Posted Dec 28, 2011 10:20 AM

    Hi,

    Ideally USB flash drives are blocked for security reason.

    If you have enabled it please review it's necessity.

    Check risk logs on clients machines, check whether  it' new threat ? or happening due to system vulnerability ?

    To check whether it's new threat or not ?

    Run SEP support tool & submit files to Symantec for analysis.

    http://www.symantec.com/techsupp/home_homeoffice/products/sep/Sep_SupportTool.exe

     

    System vulnerability can be avoided with following ways.

    Use all three features i.e Antivirus/Antispyware , Proactive Threat Protection , Network Threat Protection.

    Make sure all three feature have latest definitions.

    Upgrade OS with latest service pack and windows updates.

    Upgrade third party software's with latest patches. (e.g acrobat reader)

    Disable auto-run .

    Use latest Symantec Antivirus version i.e RU7 MP1 or 12.1 RU1

    As you said you are able to remove it manually ? which threat it is ? Symantec is detecting with manual scan or how ?



  • 6.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Posted Dec 29, 2011 09:53 AM

    I am removing it manually from the following:

     

    registry edit..a couple of things..

    c:/users/documents/().exe

     



  • 7.  RE: Porn.exe, sexy.exe, passwords.exe, etc Virus Cleanup

    Trusted Advisor
    Posted Dec 29, 2011 10:01 AM

    Hello,

    Removing the Enteries Manually does not Guarantee, that these Threat would not re-appear.

    Registries are not Threats.

    I would still recommend you to Run the Symantec Support Tool which may assist you to submit the suspicious files to the Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

    Again, could you check if you Login as a Different User, do you see the same issue occurying??

    If not, you can simply Delete the Infected User Account (profile) and keep a newer one.

    Hope that helps!!