Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Short cut virus

  • 1.  Short cut virus

    Posted Apr 04, 2013 12:53 AM

    HI All

    In My environment we have 350 systems running with symantec endpoint protection 12.1 and in some system we are facing short cut virus problem I have created a policy autorun.inf still this virus is there so please give sujjestions to over come this problem

     

    Thanks in advance

    Vinod kumar D



  • 2.  RE: Short cut virus

    Posted Apr 04, 2013 01:08 AM

    hello,

    You can create support ticket for this issue.This issue are occured when some of microsoft patch are missing

    Look this discussion

    https://www-secure.symantec.com/connect/forums/virus-infection-removable-disk-shortcuts-folders-are-creating



  • 3.  RE: Short cut virus

    Broadcom Employee
    Posted Apr 04, 2013 01:34 AM

    is the machine updated with latest AV definitin and patches?

    run symhelp and upload the suspicious file to security response.



  • 4.  RE: Short cut virus

    Posted Apr 04, 2013 01:47 AM

    Hi Pete

    All definitions and patches are up to date



  • 5.  RE: Short cut virus

    Broadcom Employee
    Posted Apr 04, 2013 04:17 AM

    Hi,

    I have seen this issue in the past.

    Shortcuts are creating on external drive or on local drive? It's probably trojan infection.

    If it's on external drive does it get created automatically even after doing format of external drive?

    I hope you are using all three SEP features AV/AS, PTP & NTP.

    You might have to submit suspicious files to the Symantec for further analysis if issue remained same.

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/u...

    Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH170752

    You can scan the machine using Symantec power eraser tool also.

    Use Power Eraser to detect threat and remove them

    http://www.symantec.com/theme.jsp?themeid=spe-user...

    Best Practices for Troubleshooting Viruses on a Network

    http://www.symantec.com/docs/TECH122466

     



  • 6.  RE: Short cut virus

    Posted Apr 04, 2013 04:38 AM

    Hi

    Submit the suspicious file to Symanec Security response for analysing so they can analyse and resolve the same at th earliest

    Regards



  • 7.  RE: Short cut virus

    Posted Apr 04, 2013 04:47 AM

    Hi vinu283,

    This article may help:

    Eliminating viruses and security risks
    http://www.symantec.com/docs/HOWTO27280 
     



  • 8.  RE: Short cut virus

    Trusted Advisor
    Posted Apr 04, 2013 01:47 PM

    Hello,

    Have you created a Case with Symantec Technical Support?? It is adviced to create a case.

    I would advise you to upload this suspicious file to the Symantec Security Response Team on - 

    https://submit.symantec.com/essential

    OR

    http://www.threatexpert.com

    Secondly in your case, it is advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Here's some advice from Security Response on how to make the best use of SEP.  Auto-Protect with traditional AV derfinitions alone is not enough for a complete defence against today's sophisticated threats: using IPS, Insight etc is crucial.  And, of course, educated users following best security practice... that';s the best protection.

    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

    Hope that helps!!



  • 9.  RE: Short cut virus

    Posted Apr 23, 2013 01:30 AM

    Hi chetan

    Short cut virus we are getting on external drives only and even after formatting also we are facing the same problem...



  • 10.  RE: Short cut virus

    Broadcom Employee
    Posted Apr 23, 2013 02:31 AM

    Hi,

    Even after formatting external drive if shortcuts are getting created it means virus is active on system.

    Shortcuts are getting created on pen drive but source file might be present on the system.

    Need to find out that source file and submit it to the Symantec for further analysis.

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files in SEP 12.1  and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/u...

    Symantec Help (SymHelp)

    http://www.symantec.com/docs/TECH170752

    You can scan the machine using Symantec power eraser tool.

    Use Power Eraser to detect threat and remove them

    http://www.symantec.com/theme.jsp?themeid=spe-user...

     



  • 11.  RE: Short cut virus

    Posted Apr 26, 2013 12:27 AM

    hello Vinu,

    Try this a word of Mr K s Sharma,You can install below patch

    Hi Santosh,

    also check this

    With reference to recent virus/worm issues, Symantec has strongly
    recommended us to update the below mentioned patches on priority as this
    helps worms/viruses to gain advantage of the vulnerabilities found on
    unpatched machines. Also recieved virus defination from symantec for submitted worm.

    Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
    Vulnerability
    Microsoft Security Bulletin MS10-046/ (KB2286198)
    http://www.microsoft.com/en-in/download/details.aspx?id=14416

    Microsoft Windows Server Service RPC Handling Remote Code Execution
    Vulnerability
    Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
    http://www.microsoft.com/en-in/download/details.aspx?id=3205

    https://www-secure.symantec.com/connect/forums/shortcut-folders-creating-virusworm#comment-8584351