Endpoint Protection

 View Only
  • 1.  Folder name .exe virus

    Posted Jun 24, 2009 06:19 AM
    We have symantec endpoint protection Security antivirus. From last 3 months we are having problem with one virus which creates folder name with .exe files when double click on any folder.
    Around 30 machines infected due to this. Our antivirus definition is updated up to date.

    Please suggest how to clear this virus.

    Regards
    Sayaji
    System Administrator
    Minda Stoneridge Instruments Ltd



  • 2.  RE: Folder name .exe virus

    Posted Jun 24, 2009 06:28 AM
    Sounds like W32.SillyFDC / W32.SillyDC to me.

    Run a scan in safe mode only to remove the virus.

    Also, disable System restore before you do this as the virus alse creates entries in the System Restore Points store volumes.

    Additionally, disable Autoplay for ALL DRIVES Via a GPO (If you're on a domain), and also disable SImple File Sharing if it's enabled to prevent the infection from propogating itself by binding to files.




  • 3.  RE: Folder name .exe virus

    Posted Jun 24, 2009 07:52 AM
    hi,

    If this .exe virus infected in you computer, It will Disable the following …

    Task Manager, Registry Editor, Folder Options, Run in start menu

    And it will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor

    Download following tools to remove new folder.exe virus follow the link below to downlaod the tool

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe ( run tools In safe mode )


    Manually remove it (new folder.exe Fix)

    Delete File named svichossst.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    “@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    “Yahoo Messengger”=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    “Shell”=”Explorer.exe “


  • 4.  RE: Folder name .exe virus

    Posted Jan 07, 2010 11:32 AM

    where can Delete File named  " svichossst.exe " ?
    and i already follow the step but also cant delete the virus,so any solution for me ,
    Thank



  • 5.  RE: Folder name .exe virus

    Posted Jan 07, 2010 03:35 PM
     Hi Kokwai,

    You should make a new thread on this subject. This post that you replied to is very old and will most likely be ignored by most users in this forum. In your new post please provide the following information.

    What version of SEP you have
    How many clients are affected
    More detailed information about this "svichossst.exe" such as its location and how many of them are being created ect ect

    Thanks
    Grant


  • 6.  RE: Folder name .exe virus

    Posted Jan 07, 2010 11:38 PM
    Hi Grant
    i'm using
    SEP Client Version 11.0.5002.333
    SEPM Version 11.0.5002.333
    around 10 user are effected ,i try to format all pc can ,but
    when folder is sharing will automatic create the new foder.exe is share folder,so how ?

    thank
     kok wai