Hi,
Can someone tell me how to delete " [ SID: 27071 ] System Infected: backdoor VBS Dunihi detected " virus.
I tried Symhelp Tool and Norton Power Eraser but no sucess.
We are using SEP 12.1.
See this thread
http://www.symantec.com/connect/forums/sid-27071-system-infected-backdoor-houdini-activity-detected
What is the source that it's coming from? SEP is probably doing its job by blocking an attempt
Hi mohammed.imran11,
Definitely run the SymHelp diagnostic tool with Threat Analysis Scan and submit the .vbs file which is identified.
How to run the Threat Analysis Scan in Symantec Help (SymHelp) http://www.symantec.com/docs/TECH215519
Your IPS logs show will likely show wscript.exe as the source for this malicious traffic: the .vbs file is what wscript is actually executing.
How to Use the Web Submission Process to Submit Suspicious Files http://www.symantec.com/docs/TECH102419
Just checking to see if you were able to locate the .vbs file and overcome this threat?
Please do update this thread when time allows.
Many thanks,
Mick
Hi Mick,
Enclosed is the .sdbz file from affected device, but saved as .txt
Please provide the solution ASAP.
Thanks
Attachment(s)
That's beyond the scope of what can be done in a peer-to-peer support forum. Can you open a Technical Support case? The trained experts there will have the ability to examine the .sdbz file and provide advice on what to submit.
Here's an article that will help, once you have identified the suspicious files:
Symantec Insider Tip: Successful Submissions! https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions
I have the same problem "System infected: Backdoor VBS Dunihi detected"
is that you have found the solution ?
Have you determined the remote source of the infection attempts?
Non, how to do ?
Check the security log on the client, does it show a source IP where this is coming from?
Hi BILLEL,
The remote IP can also be seen from the SEPM.
Two Reasons why IPS is a "Must Have" for your Network
https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
I WANT TO KNOW HOW TO ASK AN UPDATE SYMANTEC VIRUS FOR WELL DEFINED
Please open a new thread if you need help.