Endpoint Protection

 View Only
  • 1.  Shortcut Virus Removal

    Posted Jun 03, 2013 12:07 PM

    I am using symantec endpoint protection, recently my external hard drive got compromised by a virus, which hides the original folder and creates their shortcuts. I can see that its slowly affecting 'My Documents' folder too in my system.

    In my hard drive there is this unknown folder 'c2c2' is getting created with 2 .js files in it. I believe the autorun.inf file is infected and is re-activating the virus again, even after deleting the folder.

    I tried scanning my hard drive using Norton Endpoint, but of no use. Can anyone please suggest me a solution as i cannot afford to format my external hard drive.



  • 2.  RE: Shortcut Virus Removal

    Posted Jun 03, 2013 12:11 PM

    Try using the tools mentioned here:

    https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

    If you have a copy of the malicious file, you can submit to Symantec Security Response

    https://submit.symantec.com/websubmit/gold.cgi

    Have you located the malicious files?



  • 3.  RE: Shortcut Virus Removal

    Trusted Advisor
    Posted Jun 03, 2013 12:23 PM

    Hello,

    Are running the SEP 12.1 client with latest definitions and carry all the latest Microsoft updates and security patches on the machine?

    Run a scan in safe mode with networking to remove the virus.

    Could you zip each of the folders and submit the zip files (without password) to the Symantec Security Response Team on : 

    https://submit.symantec.com/websubmit/essential.cgi

    We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

    What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

    http://www.symantec.com/docs/TECH99222

    In your case, it is also advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine via GPO. http://support.microsoft.com/kb/967715

    4) Disable System Restore before you do this as the virus also creates entries in the System Restore Points store volumes.

    Also, check this Article:

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!



  • 4.  RE: Shortcut Virus Removal

    Posted Jun 03, 2013 01:21 PM

    Check if this forum help

    https://www-secure.symantec.com/connect/forums/shortcut-folders-creating-virusworm

    Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
    Vulnerability
    Microsoft Security Bulletin MS10-046/ (KB2286198)
    http://www.securityfocus.com/bid/41732/solution

    Microsoft Windows Server Service RPC Handling Remote Code Execution
    Vulnerability
    Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
    http://www.securityfocus.com/bid/31874/solution



  • 5.  RE: Shortcut Virus Removal

    Posted Jun 03, 2013 01:23 PM

    Hello,

    Check this artical

    Eliminating viruses and security risks

    Article:HOWTO27280  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27280

    Also check this discussion

    https://www-secure.symantec.com/connect/forums/short-cut-virus