Endpoint Protection

 View Only

  • 1.  Virus Issue foldername.exe

    Posted Feb 26, 2010 09:15 AM
    Hi;

    I faced an interesting problem. On my usb stick all the folders converted to foldername.exe.

    When I scan with SEP RU5 client no thing was found.

    Is there any one how faced with this problem.

    When I look my machine missAU.exe run on the process. And also 2 files created on admin profile which names is 1 and 2.

    As I look missAU.exe file its icon is same with folder icon.

    Is there any idea.

    Regards.


  • 2.  RE: Virus Issue foldername.exe

    Posted Feb 26, 2010 09:34 AM

    Sounds like W32.SillyFDC / W32.SillyDC to me.

    Run a scan in safe mode only to remove the virus.

    Also, disable Autoruns, System restore before you do this as the virus also creates entries in the System Restore Points store volumes.


    You should also run a full suystem scan in safe mode with networking and let us know if the issue has been taken care of.

    You should submit one of the exe files to Symantec Security response team as well.

    Aniket


  • 3.  RE: Virus Issue foldername.exe

    Posted Feb 26, 2010 01:16 PM
    I did all you said. Team said that w32.imaut.e is the worm which infect us. I install the update and just starta full scan. After it finish I start a full scan on safe mode as well.

    Thanks.


  • 4.  RE: Virus Issue foldername.exe

    Posted Feb 26, 2010 01:19 PM
     So is it all detected and clean now ?


  • 5.  RE: Virus Issue foldername.exe

    Posted Feb 26, 2010 07:19 PM
     Yes please come back and let us know how to scan went. Also you might want to check out this guide for future reference:

    How to prevent a virus from spreading via autorun
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2c3dd6a59d7d1688802574130041a738?OpenDocument

    Cheers
    Grant



  • 6.  RE: Virus Issue foldername.exe
    Best Answer

    Posted Mar 02, 2010 07:53 AM
    Hi;

    The infection name is W32.Imaut.E.

    The infected files missau.exe and also 1,2 were deleted. But after the deletetion. The infected machine not open. Its try to logon and after logon its logoff automatically.

    The worm also change the HLM\Software\Microsoft\Windows NT\Currentversion\Winlogon\Userinit string value to c:\windows\missau.exe

    Because of this the infected machine not open.

    For the solution you must open the infected computer with ERD 2007 and change the string as the correct one which is c:\windows\system32\userinit.exe

    Regards.


  • 7.  RE: Virus Issue foldername.exe

    Posted Mar 02, 2010 11:25 AM
    Try to scan it in another PC with other anti virus.  Or do a free online scan from Housecall see if is found.


  • 8.  RE: Virus Issue foldername.exe

    Posted Mar 02, 2010 01:50 PM
    SEP found and delete it sucessfully.


  • 9.  RE: Virus Issue foldername.exe

    Posted Mar 02, 2010 11:08 PM
     So can we call this thread closed? I am glad you got the virus off the machine but I just want to make sure there isn't anything else you need before we "mark it as solved". Actually if it isn't too much trouble it would be great if you could mark the thread that helped you the most. That way the user who helped you gets the points he/she deserves, which he/she can later spend on fun things like iPods thumb drives ect.

    Thanks,
    Grant