Endpoint Protection

 View Only

  • 1.  Trojan.Kotver!bat

    Posted Oct 14, 2016 01:45 PM

    I would like to is there any Virus definition has been released for the Virus Trojan.Kotver!bat , As I could see many infections in my environment.

    As of I could see tool has been released to fix this issue , which needs manual effort to fix https://support.norton.com/sp/en/us/threat-removal-solutions/current/solutions/v119650544_EndUserProfile_en_us

     

     

    If any information about this New threat will grateful.

     

    thank you,

    Balaji Krishnan



  • 2.  RE: Trojan.Kotver!bat

    Posted Oct 14, 2016 01:53 PM

    I would like to know is there any Virus definition has been released for the Virus Trojan.Kotver!bat , As I could see many infections coming in my environment.

    As of now, I could see tool has been released to fix this issue , which needs manual effort to fix https://support.norton.com/sp/en/us/threat-removal-solutions/current/solutions/v119650544_EndUserProfile_en_us

    If any information about this New threat will be grateful.

    thank you,

    Balaji Krishnan



  • 3.  RE: Trojan.Kotver!bat

    Posted Oct 14, 2016 01:56 PM

    SEP has a signature to identify it but it doesn't appear to properly remediate it. The removal tool worked though.



  • 4.  RE: Trojan.Kotver!bat

    Posted Oct 14, 2016 02:21 PM

    Thanks a lot Brain,

     

    Any Idea when can we expect the proper signature for this?

     

    Thanks,

    Balaji Krishnan



  • 5.  RE: Trojan.Kotver!bat

    Posted Oct 14, 2016 02:28 PM

    I'm not sure why it doesn't. If you have a sample then submit it. You may need to get a case open.



  • 6.  RE: Trojan.Kotver!bat

    Posted Oct 17, 2016 05:10 AM

    Hi Balaji,

    Many thanks for the post.  The remediation capabilities built into SEP are very good but special actions are still needed against certain threats.  Trojan.Kotver is one of those.  Here's an article:

    Kovter malware learns from Poweliks with persistent fileless registry update

    Isolate the infected computers and run the fixtool, carefully following the directions from the write-up.  (If the tool is not renamed, the threat may not be removed.)

    Trojan.Kotver Removal Tool

    Hope this helps!  Please do keep the thread up-to-date with your progress, or mark it solved if you have received your answer.

    With thanks and best regards,

    Mick



  • 7.  RE: Trojan.Kotver!bat

    Posted Oct 28, 2016 12:15 PM

    Hi Balaji,

    Just a note to let you know that a new and improved version of the fixtool is now available from https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99

    Please do update this thread with your current status! 

    With thanks and best regards,

    Mick