Hi,

I have SEPM on my server and SEP on clients. Recently (yesterday) a virus appear on a client. This virus is not detected by SEP but it is detected by MalwareBytes. The virus convert your folders and files on Hidden Items and creates links to then that execute the virus if you click on them.

I have attached the virus for anyone to detect with SEP.

Can you help me??

Thanks,

<< Removed the file - Mithun Sanghavi>>

Please don't be attached any suspicious files in public thread

Upload a suspected infected file (Retail)

https://submit.symantec.com/websubmit/retail.cgi

How to submit suspicious files via the online submission form that have been quarantined by Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV)

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hi James007,

Sorry for uploading but SEP doesnt detect it as suspicious. SEP says nothing about this file. Malwarebytes give me a positive detect.

The code of the links is:

C:\WINDOWS\system32\cmd.exe /C start /b "" "cmd.exe" /C if exist "Evaluaciones\evaluaciones 2010\rFQfXT.bdKx" start /b "" "Evaluaciones\evaluaciones 2010\rFQfXT.bdKx" && start /b "" "Horarios.xls"

This way i found the virus.

I am going to try to submit the file by the way you say.

Thanks,

Hi,

Try to install this patch

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.microsoft.com/en-in/download/details.as...

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.microsoft.com/en-in/download/details.as...

Check also this thread

https://www-secure.symantec.com/connect/forums/short-cut-virus

Hello,

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Check these articles:

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/docs/TECH98929

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!

Run the Symantec Power Eraser on it

How to run Symantec Power Eraser with the SymHelp utility

Hi,

I uploaded the file and they openned me a case. I am waiting for response.

I have checked the Power Eraser but on the server..... i prefer not to do it. It checks only basic system.

I will wait for the response from Symantec.

Thanks,

Hello,

Could you please PM me with the Case #?

Let me have a look.

Did you upload the suspicious files to the Symantec Security Response Team?

Hi Mithun,

I have sent you a PM with tracking number.

I uploaded yesterday the suspicious file.

Thanks,

Hi again,

I have no news from Symactec Security Response Team. Anyone can help me about this??

Thanks,

Still without news from Symantec. Any help please?? It is not logical that Malwarebytes free version detects perfectly a virus that SEP 12.1 Paid cant detect! 

Did you receive a tracking number back from Symantec after submitting??

Hi _Brian,

I recieved a tracking number but i cant find where to check the status and i have no recieved any other notification about this from Symantec.

Where can i check it??

Thanks,

Hello,

The Last time you send me the Tracking number, I had suggested you to submit the files on Essential website.

https://submit.symantec.com/websubmit/essential.cgi

AND

http://www.threatexpert.com, which can give you more information on the files you submit to it.

If done, please send me a PM with the new Tracking number again.

Hope that helps!!