Endpoint Protection

Hi
We had often the problem that Symantec don’t discover viruses or malware as other products. Also I had submitted this virus file on Symantec response team, but they are said this file is not malicious.
See the attach file.
I had also uploaded this file virustotal.com except Symantec other antivirus detect this file.
Any ones could give me any indication what going on hare.
 
 

Symantec detects the threat on the basis of the hash value of the threat.
And the fale positive ratio for symantec is the lowest compare to any other competitor. So it could be possible that the detection could be a false positive.

Things for you to check
Is the file found in the registry?
What is the path where you found the file?
What was the date of creation for the file?
Is it also found in startup?
Is it found in the Services?
Check also the Task Scheduler for any new tasks you didn't put there.

You may also want to get the SysInternals from Microsoft, then...
If you run Procmon.exe (SysInternals) does it show in the list and does it any information to its origin (e.g. developer)

I also did some search on the file. Didn't find much - mostly other vendors saying that it is a trojan.
I can't guarantee their word as some major providers have already released updates file that contains false positives and ends up destroying the system.

thx for reaply kavin,

I don’t think so these are false positive resulted becoz this virus detect in MacAfee and kasperkey also detect in sophas antivirus this are AV also good in market.

thx for reply mon_raralio,
this file i found in pendrive
but i am not to see any services releted this file and process
this are file detect in other AV i know but why symantec security response team failed to detect this virus. whare i go now?

You cna contact the symantec support and re submit the file with their assistance. they can request the response team to have detailed look onthe file.

Hi Sameer, the file might be a legitimate file (not malware). There might be other files that could be the real virus that's also using the said dll and makes sure that it includes said file during infection.

I'll start with the autorun.inf - if you can view it using a text editor, it may give you a hint.
Then check for hidden files and folders in the pendrive. I'm guessing there's a hidden "System Volume Information" folder or a "Recycle" folder in there.
Or unless you've already done a scan, what malwares were found and where (path).

One earlier full scan system I was found virus plz check attach file.

That is a fairly recent virus. Open the registry and check for any entries on those files in the box you made. Although I think there is a small chance you'll find any.
Since SEP already detected them, I'm pretty sure that your PC is protected with the latest definitions you have.

Here's Symantec's writeup on the virus:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-072307-3024-
99&tabid=2

And if you're still unsure, do a full scan. Cheers! :D

With regards to the DLL in the first post, it's clean.

Yes my SEP agent already update with latest update Sunday august 2010, R3.
Also I had latest MS update.
The virus is detecting in snap in other file and we are talking update other file which was not detecting in Symantec.