Endpoint Protection

 View Only

  • 1.  Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 12:24 AM
     
    To Symantec Tecnical Support
    whay after 5 year worm vbs autorun.a spread on internet common  Symantec Product (SEP 11.0.6 - NIS 2010 - N360) with last rapid releasu update not detect this malware.
    i tray submit to http://submit.symantec.com/basic web 2 year ago and add to SEP 11.0.5 Quarantin on 2009 & no respond still not detec (blind).

    then i am send to  "ThreatExpert" & I got report :


    "ThreatExpert"
    Technical Details:
      File System Modifications
    The following files were created in the system:
    # Filename(s) File Size File Hash Alias
    1 %Temp%\untitled4.vbe
    %Temp%\untitled5.vbe
    %Temp%\untitled6.vbe
    %Temp%\untitled7.vbe  10.164 bytes MD5: 0xEFE528483FD3C6ED75A8C1E016026E10
    SHA-1: 0x0DF78E3988D7FAD76F1DDA5A149D1EE685D065DB Worm.VBS.Autorun.a [Kaspersky Lab]
    VBS/Sasan-Fam, VBS/Sasan-N [Sophos]
    2 [file and pathname of the sample #1]  22.374 bytes MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2
    SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDB Worm.VBS.Autorun.a [Kaspersky Lab]

    Note:
    %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
     

    All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert. 
    Submission Summary:
    Submission details:
    Submission received: 24 April 2010, 22:24:29
    Processing time: 9 min 8 sec
    Submitted sample:
    File MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2
    File SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDB
    Filesize: 22.374 bytes
    Alias: Worm.VBS.Autorun.a [Kaspersky Lab]



    this not false positive itray by my self & malware contain payload, damage all office document, create autorun inf on root derectory, hide folder option menu. 
    Should i post malware to the this forum ?

    thank's


  • 2.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 12:57 AM
    No, Please do not post Malware to this forum
    Re submite the file to Symantec Security Resposne and then a log  a case with Tech Support.


  • 3.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 01:36 AM
    Can you please give me the tracking ID?


  • 4.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 10:05 AM
    To Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS) My submission (Tracking #15460418) thank's


  • 5.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 11:06 AM
    Thanks for the the Tracking ID, i will check that and revert back to you tomorrow


  • 6.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 25, 2010 08:55 PM
    Thank's to Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS) Note: Sorry All Damage file sucess remove & recovery using Kaspersky Rescue Boot Disk without problem. i know SEP 11.0.6 better than Kaspersky Workstasion Thank's


  • 7.  RE: Symantec vs. worm vbs autorun.a

    Posted Apr 27, 2010 02:53 AM

    thank's to Prachand on Symantec i am wait real respon from symantec


     this my send file report success @ 5 minute ago on symantec web.


    Your Submission Has Been Sent

    Your submission has been sent Sat Apr 24 22:18:21 PDT 2010. You will receive an email message from Symantec with a tracking number that will enable you to check the status of this submission.First Name: abdi
    Last Name: cinta
    Symptoms: Symantec vs. worm vbs autorun.aabdi_cinta April 24th 2010 To Symantec Tecnical Supportwhay after 5 year worm vbs autorun.a spread on internet common Symantec Product (SEP 11.0.6 - NIS 2010 - N360) with last rapid releasE update not detect this malware.i tray submit to http://submit.symantec.com/basic web 2 year ago and add to SEP 11.0.5 Quarantin on 2009 & no respond still not detec (blind). then i am send to ThreatExpert & I got report :ThreatExpertTechnical Details: File System ModificationsThe following files were created in the system: Filename(s) File Size File Hash Alias1 Tempuntitled4.vbeTempuntitled5.vbeTempuntitled6.vbeTempuntitled7.vbe 10.164 bytes MD5: 0xEFE528483FD3C6ED75A8C1E016026E10SHA-1: 0x0DF78E3988D7FAD76F1DDA5A149D1EE685D065DB Worm.VBS.Autorun.a [Kaspersky Lab]VBS/Sasan-Fam VBS/Sasan-N [Sophos]2 [file and pathname of the sample 1] 22.374 bytes MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDB Worm.VBS.Autorun.a [Kaspersky Lab]Note:Temp is a variable that refers to the temporary folder in the short path form. By default this is C:Documents and Settings[UserName]Local SettingsTemp (Windows NT/2000/XP). All content (Information) contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies (ThreatExpert) and may not be copied without the express permission of ThreatExpert. Submission Summary:Submission details:Submission received: 24 April 2010 22:24:29Processing time: 9 min 8 secSubmitted sample:File MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2File SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDBFilesize: 22.374 bytesAlias: Worm.VBS.Autorun.a [Kaspersky Lab] this not false positive itray by my self & malware contain payload damage all office document create autorun inf on root derectory hide folder option menu. thanks
    Uploaded File Size: 22374
    Uploaded File Name: vbs.worm.autorun.a.zip
     
    Sincerely,
    Symantec Security Response