Endpoint Protection

 View Only
Expand all | Collapse all

taquito.exe

  • 1.  taquito.exe

    Posted Jul 07, 2010 10:22 AM

    Hi,

    we're running symantec endpoint protection version 11.0.5002.333 ... and we have just started seeing a spate of taquito.exe worms crop up in the office.

    i understand its an old one, so why hasn't symantec endpoint added it to their list of viruses/worms to capture?

    also, what the hell do i do with it!

    thanks

    rod


  • 2.  RE: taquito.exe

    Posted Jul 07, 2010 10:28 AM
    Submit that file to symantec...
    https://submit.symantec.com/gold or /basic /essential depending on your support contract of no contract then /retail 


  • 3.  RE: taquito.exe

    Posted Jul 07, 2010 10:38 AM
    It may be a new variant, also check your AV security settings and make sure you are using the recommended levels.
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

    Make sure your definitions are current and run a full scan in Safe-mode, and see if it gets detected.

    You can also submit the file to ThreatExpert for analysis.

    http://www.threatexpert.com/default.aspx


  • 4.  RE: taquito.exe

    Posted Aug 27, 2010 04:09 PM
    We're seeing a bunch of taquito.exe files right now.  They get detected as Trojan.Gen, and they are usually "partially repaired."  But there is no information that would help us determine how to clean them up, or what files and registry changes to look for on infected computers.

    It would be nice if Symantec would have a virus signature and information page specific to this threat. 

    In the meantime, is there anybody out there who has experience dealing with an outbreak like this?


  • 5.  RE: taquito.exe

    Posted Aug 27, 2010 04:17 PM

    Are you running Proactive Threat Protection? and is the action set to something other than Log?

    Check your PTP logs to see what's in there. Also you may want to turn up your sensitivity level.


  • 6.  RE: taquito.exe

    Posted Aug 30, 2010 05:07 AM
    Hi Rod and Mitch,

    A careful reading of the SEP Risk Logs (info from which is also in the Windows Application Event Logs) is what I recommend in this case.  What files are being detected?  What action is taken?  If it is the same taquito.exe over and over again (in the same location) then see if the action is "partially removed" or similar.  That means that it's time for a full system scan in safe mode to completely remove the threat.

    Here's an article with more info: What Does "Risk was partially removed" Mean? (http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d3a625fd5617b855802575d100446316?OpenDocument)

    Please keep the forum up-to-date with your progress!

    Thanks and Best regards,

    Mick


  • 7.  RE: taquito.exe

    Posted Aug 30, 2010 07:02 AM
    " have just started seeing a spate of taquito.exe worms crop up in the office"...Where  do you  see it? If you  see SEP detecting  it, then wghat is the  action taken???


  • 8.  RE: taquito.exe

    Posted Aug 30, 2010 07:04 AM
    Also run Microsoft MSRT tool and scan system files and program files once with system restore off

    http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displayLang=en


  • 9.  RE: taquito.exe

    Posted Aug 30, 2010 11:02 AM
    Trojan.gen is a variant of the Trojan.clampi infection. Check to see if the users of the infected computers are members of local admin on computer. Block outbound traffic on your firewall and make sure you are running SEP 11.0.5000 or better.


  • 10.  RE: taquito.exe

    Posted Sep 02, 2010 10:06 AM
    We have had the same issue.  Endpoint is NOT detecting the Taquito Virus as well as several other viruses that spread via USB Flash / Memory cards.  They spread very quickly and easily because of using flash memory. 

    A co-worker has tried to contact Symantec for a resolution and has absolutely gotten nowhere.  Sadly, Symantec is choosing to ignore this while most other venders including free softwares... AVGFree and MS Security Essentials can easily detect AND remove these infections.  The MS solution seems to coexist with Endpoint without any major side effects and that is our solution... for now


  • 11.  RE: taquito.exe

    Posted Sep 02, 2010 10:31 AM

    Have any of these malicious files been submitted to Symantec Security Response so they can create defs?


  • 12.  RE: taquito.exe

    Posted Sep 02, 2010 11:40 AM
    We haven't had anything malicious from them but have read that the .exe could be if anyone actually executed it.  I am not sure if we submitted them because my co-worker had been trying to work with Symantec with no success.  More to the point is that Symantec is leaving us vulnerable and not addressing the issue... while other softwares even FREE versions can handle them.  They are not new at all... these have been out there for quite a while.


  • 13.  RE: taquito.exe

    Posted Sep 02, 2010 12:08 PM

    Can you elaborate more on what you mean by Symantec not addressing the issue?

    Does support not have answers and close the case without resolution?

    Have you talked to your account manager or SE?