Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

[ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

  • 1.  [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 08, 2014 06:40 AM

    Hi,

    Can someone tell me how to delete " [ SID: 27071 ] System Infected: backdoor VBS Dunihi  detected " virus.

    I tried Symhelp Tool and Norton Power Eraser but no sucess.

    We are using SEP 12.1.



  • 2.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected



  • 3.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 08, 2014 09:12 PM

    What is the source that it's coming from? SEP is probably doing its job by blocking an attempt



  • 4.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 09, 2014 08:37 AM

    Hi mohammed.imran11,

    Definitely run the SymHelp diagnostic tool with Threat Analysis Scan and submit the .vbs file which is identified.

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)
    http://www.symantec.com/docs/TECH215519 
     

     

    Your IPS logs show will likely show wscript.exe as the source for this malicious traffic: the .vbs file is what wscript is actually executing.

    How to Use the Web Submission Process to Submit Suspicious Files
    http://www.symantec.com/docs/TECH102419 
     



  • 5.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 12, 2014 06:04 AM

    Hi mohammed.imran11,

    Just checking to see if you were able to locate the .vbs file and overcome this threat?

    Please do update this thread when time allows.

    Many thanks,

    Mick



  • 6.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 20, 2014 03:18 AM
      |   view attached

    Hi Mick,

    Enclosed is the .sdbz file from affected device, but saved as .txt

    Please provide the solution ASAP.

    Thanks

    Attachment(s)

    txt
    CLT_D000169__2014_05_20__09_47_35_TSF.txt   2.09 MB 1 version


  • 7.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted May 20, 2014 04:44 AM

    Hi mohammed.imran11,

    That's beyond the scope of what can be done in a peer-to-peer support forum.  Can you open a Technical Support case?  The trained experts there will have the ability to examine the .sdbz file and provide advice on what to submit.

    Here's an article that will help, once you have identified the suspicious files:

    Symantec Insider Tip: Successful Submissions!
    https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

     

     

     



  • 8.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 09, 2014 08:25 AM
    hello,

    I have the same problem "System infected: Backdoor VBS Dunihi detected"

    is that you have found the solution ?



  • 9.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 09, 2014 08:35 AM

    Have you determined the remote source of the infection attempts?



  • 10.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 09, 2014 08:56 AM

    Non, how to do ?



  • 11.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 09, 2014 09:01 AM

    Check the security log on the client, does it show a source IP where this is coming from?



  • 12.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 09, 2014 09:06 AM

    Hi BILLEL,

    The remote IP can also be seen from the SEPM.

    Two Reasons why IPS is a "Must Have" for your Network

    https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network



  • 13.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 25, 2014 06:10 AM

    I WANT TO KNOW HOW TO ASK AN UPDATE SYMANTEC VIRUS FOR WELL DEFINED

     



  • 14.  RE: [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected

    Posted Jun 25, 2014 07:45 AM

    Please open a new thread if you need help.