Video Screencast Help

Symantec Endpoint Protection does not detect this virus (Cloud AV 2012)..

Created: 25 Nov 2011 • Updated: 28 Nov 2011 | 4 comments
ggezpz's picture
2 Agree
3 Disagree
-1 5 Votes
Login to vote

I got some weird "Cloud AV 2012" virus. See zip file here, full of viruses:

I also tried to attach the zip file to this message.

Symantec Endpoint Protection does not detect this virus.

Please enable detection and elimination of this virus with Symantec Endpoint Protection.

Comments 4 CommentsJump to latest comment

Thomas K's picture

Please do not attach virus files to a thread. Submit any suspected file to Security Response or Threat Expert for analysis. Once the file is analyzed, new signatures will be created to detect the threat(s)

Login to vote
albickers's picture

Symentec Endpoint Protection (with todays defs) was utterly unaware of this malware (even when pointed directly to it).  The malware seems to have come from a browser exploit and absolutely wrecks havoc on the system, setting browser proxies, changing the hosts file, setting up a backdoor, and completely disabling Symantec's products (not that they seem to pose any threat to the folks who programmed this, perhaps you should consider hunting them down, then hiring them).  A widely used, credible competitive product seems to be able to detect, but not completely remove, at least some of the various programs, services and other junk that comes along with this.

Well, I'm off to format and reinstall windows I suppose.  Had this month-old plea for help been taken seriously, I suppose I wouldn't have to spend my entire evening reinstalling.

Best Wishes.

Login to vote
ggezpz's picture

I tried to use Symantec's "Submit a virus" page (or whatever it is, "Security Response" or "Threat Expert" submission form). The forms I found required some kind of Customer ID# and other various details I don't have because I use Symantec as a result of being forced to do so by my company. I don't own the software personally, and I wasn't about to call my company and ask for all those details.

I didn't see anything about not attaching viruses to forum posts, and I explcitly pointed out that that was exactly what I had attached. I really don't see why it should be so complicated to submit a virus to you Symantec. I also don't see why I should be given anything but the utmost thanks for helping you guys make your product better.

Instead, you just downvote my comment and tell me I didn't submit the virus correctly?

And then you don't even bother modifying your signatures to account for this virus?

And then someone else comes on, a month after my post, and states that they had the same problem and that Symantec STILL does not detect the virus.. and you downvote him as well?

If I didn't know any better, I'd think you guys made this virus yourselves. You sure don't seem very eager to add it to your detection signatures.

Let me guess. I have to upgrade to the newest version of Symantec to get protection from this virus.

I'm going to write a letter to my company's IT department RIGHT NOW demanding that Symantec products be abandoned in favor of products that actually do what they're supposed to do--and customer service that actually cares about their customers.

Login to vote
Thomas K's picture

Hello, You can submit the files to Symantec retail (link included on page of the first URL), or ThreatExpert. There is no need for a customer number on either submission. Attaching infected files in a public forum is bad practice and can put uneducated users at risk.

I am guessing the reason your post was voted down, is because you mistakenly posted this as a "Idea" and not a forum post.

In the future, the product forum you seek is Endpoint Protection -

For now, try submitting to this page -

When you receive the tracking number, PM me the information, and I will track the progress of your submission. If you have any questions, feel free to reach out to me anytime.



Login to vote