Endpoint Protection

 View Only

  • 1.  some suspicious

    Posted Oct 29, 2011 07:06 AM

    I am in trouble with some suspious in my network. They are spreading automaticly in a pen drive or another PC in network. SEP 11.0.600.754 version cann't detect them.I tried in another pc wich has SEP 12.1 version installed .But that also failed to detect those virus from a affected pen drive Even I've tried symantec power eraser & also norton power eraser but those both tools failed to detect those suspicious. What should I do now ? You can check those file from my attached zip file . please somone help me..................

     

    [Edited by Admin - please do NOT upload a known, or suspected known malicious file to Connect - file has been removed from post]



  • 2.  RE: some suspicious

    Posted Oct 29, 2011 09:01 AM

    Hi, Trend Micro Titanium Internet Security detect 'Window.exe' as TROJ_GEN.R47C2GQ

    Submit the file to Symantec as a suspicious file so they can add it to next definition.



  • 3.  RE: some suspicious

    Posted Oct 29, 2011 08:22 PM

    Please find the comprehensive report from VirusTotal here: http://www.virustotal.com/file-scan/report.html?id=4416ecd52e24d197d8e68de4b59d7f9041f7b1c6c5208ac7d36a4777629a3607-1319933343

    Detection Details are also summarized below:

     

    Antivirus Version Last Update Result
    AhnLab-V3 2011.10.29.00 2011.10.29 Worm/Win32.Rimecud
    AntiVir 7.11.16.201 2011.10.28 TR/Crypt.XPACK.Gen5
    Antiy-AVL 2.0.3.7 2011.10.29 Worm/Win32.Palevo.gen
    Avast 6.0.1289.0 2011.10.29 Win32:FoldRun [Trj]
    AVG 10.0.0.1190 2011.10.30 Generic23.CAJV
    BitDefender 7.2 2011.10.30 Gen:Variant.Kazy.28857
    ByteHero 1.0.0.1 2011.09.23 Trojan.Malware.Obscu.Gen.002
    CAT-QuickHeal 11.00 2011.10.29 Trojan.Rimecud.BB
    ClamAV 0.97.3.0 2011.10.29 -
    Commtouch 5.3.2.6 2011.10.30 W32/Rimecud.T.gen!Eldorado
    Comodo 10598 2011.10.29 UnclassifiedMalware
    DrWeb 5.0.2.03300 2011.10.30 Win32.HLLW.Autoruner.44048
    Emsisoft 5.1.0.11 2011.10.30 Trojan.Win32.Inject!IK
    eSafe 7.0.17.0 2011.10.26 Win32.GenVariant.Kaz
    eTrust-Vet 36.1.8645 2011.10.28 -
    F-Prot 4.6.5.141 2011.10.30 W32/Rimecud.T.gen!Eldorado
    F-Secure 9.0.16440.0 2011.10.29 Gen:Variant.Kazy.28857
    Fortinet 4.3.370.0 2011.10.30 W32/Sasfis.G!tr
    GData 22 2011.10.30 Gen:Variant.Kazy.28857
    Ikarus T3.1.1.107.0 2011.10.29 Trojan.Win32.Inject
    Jiangmin 13.0.900 2011.10.29 Worm/Generic.jck
    K7AntiVirus 9.116.5354 2011.10.29 Riskware
    Kaspersky 9.0.0.837 2011.10.29 P2P-Worm.Win32.Palevo.dhak
    McAfee 5.400.0.1158 2011.10.30 W32/Rimecud.gen.br
    McAfee-GW-Edition 2010.1D 2011.10.29 W32/Rimecud.gen.br
    Microsoft 1.7801 2011.10.29 Trojan:Win32/Rimecud.A
    NOD32 6586 2011.10.29 a variant of Win32/Kryptik.RTT
    Norman 6.07.13 2011.10.29 sample\sys\shine.bin
    nProtect 2011-10-29.01 2011.10.29 Gen:Variant.Kazy.28857
    Panda 10.0.3.5 2011.10.29 Generic Trojan
    PCTools 8.0.0.5 2011.10.30 -
    Prevx 3.0 2011.10.30 -
    Rising 23.81.04.01 2011.10.28 -
    Sophos 4.70.0 2011.10.30 Mal/Palevo-A
    SUPERAntiSpyware 4.40.0.1006 2011.10.29 -
    Symantec 20111.2.0.82 2011.10.30 WS.Reputation.1
    TheHacker 6.7.0.1.335 2011.10.28 W32/Palevo.dhak
    TrendMicro 9.500.0.1008 2011.10.30 TROJ_GEN.R47C2GQ
    TrendMicro-HouseCall 9.500.0.1008 2011.10.30 TROJ_GEN.R47C2GQ
    VBA32 3.12.16.4 2011.10.25 Worm.Palevo.dhak
    VIPRE 10912 2011.10.29 Trojan.Win32.Generic!BT
    ViRobot 2011.10.29.4745 2011.10.29 -
    VirusBuster 14.1.37.0 2011.10.29 Trojan.Kryptik!avM5IVwsuBw


  • 4.  RE: some suspicious

    Posted Oct 31, 2011 06:26 AM

    Hi Forum Community Members,

    Please, NEVER attach suspicious files to a forum post - that can lead to the unintentinal spread of a threat.  The correct way to get a file to Security Response depends on your contract:

    How to Use the Web Submission Process to Submit Suspicious Files
    Article: TECH102419 | Created: 2007-01-07 | Updated: 2011-10-06 |
    Article URL http://www.symantec.com/docs/TECH102419
     

    Fariduzzaman, I see that you have also submitted this sample correctly.  It is being processed by Symantec Security Response.  They will send you an email with their findings when the analysis is complete.

      



  • 5.  RE: some suspicious

    Posted Oct 31, 2011 12:27 PM

    Best practices for troubleshooting viruses on a network
    Article: TECH122466 | Created: 2010-01-15 | Updated: 2011-08-02 |
    Article URL http://www.symantec.com/docs/TECH122466