Endpoint Protection Small Business Edition

 View Only
  • 1.  Shortcut of folders creating by virus/worm

    Posted Mar 18, 2013 02:21 AM

    Hi,

    I am facing virus/worm issue. Shortcut of folders creating by virus/worm . I have googles and searched in symantec connect but still no resolution.

    Do I need any ADC policy to prevent this. Pleasehelp urgently as it is spreading day by day and our resorces consuming this worm.

    Also find the snapshot and sample of shortcut of files.

    <<<<CMD.rar file removed - Mithun Sanghavi>>>>

    Attachment(s)

    rar
    cmd.rar   92 KB 1 version


  • 2.  RE: Shortcut of folders creating by virus/worm

    Broadcom Employee
    Posted Mar 18, 2013 02:25 AM


  • 3.  RE: Shortcut of folders creating by virus/worm

    Posted Mar 18, 2013 02:28 AM

    Hi,

     

    Please disable autorun.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

     

    Check the below articles on handling infections.

    Best practices for troubleshooting viruses on a network

    http://www.symantec.com/business/support/index?page=content&id=TECH122466

    Security Best Practice Recommendations
    http://service1.symantec.com/support/ent-security.nsf/docid/2009010808340848?Open&seg=ent

    How to Use the Web Submission Process to Submit Suspicious Files

    http://www.symantec.com/business/support/index?pag...

    Security Response recommendations for Symantec Endpoint Protection settings
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948



  • 4.  RE: Shortcut of folders creating by virus/worm

    Posted Mar 18, 2013 06:15 AM

     

    Hi Santosh,

    I also facing same issue of shortcut creation of folders.Please let me know the the name of virus and its ipacts til. What are u doing prevent  spraed of this



  • 5.  RE: Shortcut of folders creating by virus/worm

    Trusted Advisor
    Posted Mar 18, 2013 12:50 PM

    Hello,

    I would advise not to upload any .exe file on the Symantec Threads.

    I would advise you to upload this suspicious file to the Symantec Security Response Team on - 

    https://submit.symantec.com/essential

    OR

    http://www.threatexpert.com

    Secondly in your case, it is advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 6.  RE: Shortcut of folders creating by virus/worm



  • 7.  RE: Shortcut of folders creating by virus/worm

    Posted Mar 24, 2013 01:41 PM
    Hi Santosh , This issue is resolved and will share the resolution soon. till refer below thread https://www-secure.symantec.com/connect/forums/virus-infection-removable-disk-shortcuts-folders-are-creating


  • 8.  RE: Shortcut of folders creating by virus/worm
    Best Answer

    Posted Apr 06, 2013 03:27 PM

    Hi Santosh,

    also check this

    With reference to recent virus/worm issues, Symantec has strongly
    recommended us to update the below mentioned patches on priority as this
    helps worms/viruses to gain advantage of the vulnerabilities found on
    unpatched machines. Also recieved virus defination from symantec for submitted worm.

    Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
    Vulnerability
    Microsoft Security Bulletin MS10-046/ (KB2286198)
    http://www.securityfocus.com/bid/41732/solution

    Microsoft Windows Server Service RPC Handling Remote Code Execution
    Vulnerability
    Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
    http://www.securityfocus.com/bid/31874/solution