Endpoint Protection

 View Only
  • 1.  Folder is getting created "Folder.exe"

    Posted Jul 20, 2012 05:45 AM

    Folder is getting created "Folder.exe"



  • 2.  RE: Folder is getting created "Folder.exe"

    Trusted Advisor
    Posted Jul 20, 2012 06:59 AM

    Hello,

    Are running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

    The symptoms sounds like W32.SillyFDC to me.

    Run a scan in safe mode with networking to remove the virus.

    Also, disable System Restore before you do this as the virus alse creates entries in the System Restore Points store volumes.

    Additionally, Disable Autoplay for ALL DRIVES Via a GPO (If you're on a domain), and also disable SImple File Sharing if it's enabled to prevent the infection from propogating itself by binding to files.

    Secondly, Submit these files to the Symantec Security Response and they will get detected.

    https://submit.symantec.com/essential

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 3.  RE: Folder is getting created "Folder.exe"

    Posted Jul 20, 2012 07:19 AM

    Not to Worry, its an infection which can be healed by Symantec Latest Definition. Just check whether Symantec Scan Engine and its definition is updated, if so just Scan it, it will Clean it. I have faced several such issues.



  • 4.  RE: Folder is getting created "Folder.exe"
    Best Answer

    Posted Jul 20, 2012 09:04 AM

    Please make sure that autorun.inf is disabled

    Run the rapid release

    Also update Windows patches. 

    Run a full scan in safe mode.



  • 5.  RE: Folder is getting created "Folder.exe"

    Trusted Advisor
    Posted Jul 20, 2012 09:20 AM

    Hello,

    There are useful some tools that are provided by Symantec for help with finding those hard to detect threats.

    1.       The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

    2. The SERT (Symantec Endpoint Recovery Tool)is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

    3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

    Rapid Release Virus Definitions –

    http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

    Power Eraser tool –

    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

    How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions

    http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

    Support Tool with Power Eraser Tool included –

    http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

    How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files 

    http://www.symantec.com/business/support/index?page=content&id=TECH141402

    If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

    http://www.symantec.com/business/security_response/submitsamples.jsp

    http://www.threatexpert.com/submit.aspx

    Also, check this Thread:

    https://www-secure.symantec.com/connect/forums/smart-hdd-virus-removal

    Hope that helps!!