Endpoint Protection

Hi Support,

I have one Symantec client machine. Now i am going to attach my extrnal drive, But its showing shortcut folder on my extrnal drive. I am not able to copy my data by extrnal drive.

Please provide the suitable solutions to resolve the issue.

Hi 

try this link its very helpful

https://www-secure.symantec.com/connect/forums/external-drive-pendrives-folders-become-shortcuts

https://www-secure.symantec.com/connect/forums/shortcut-virus-removal

https://www-secure.symantec.com/connect/forums/usb-flash-drive-shortcut-virus-0

https://www-secure.symantec.com/connect/forums/flash-drive-shortcut-virus

update with microsoft batchs and scan again.

hi,

Check this thread for same issue releated

https://www-secure.symantec.com/connect/forums/short-cut-virus

Virus on your external drive

run the power eraser

http://www.symantec.com/business/support/index?page=content&id=TECH134803

Hi Sachin,

I know the some security paches are missing, But that security patches are not include with windows update. Last time Symantec support team provide the download link for resolve the issue. But i have lost the link. Please provide me if you have.

hi,

check this

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.microsoft.com/en-in/download/details.as...

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.microsoft.com/en-in/download/details.as...

Hi

Pleasch this below link:

https://www-secure.symantec.com/connect/forums/usb-flash-drive-shortcut-virus-0

Check if this forum help

https://www-secure.symantec.com/connect/forums/shortcut-folders-creating-virusworm

Try giving the command ATTRIB-H-R-SC: \ your folder name \ *. *

Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution

Microsoft Windows Server Service RPC Handling Remote Code Execution
Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution

Hi

Please submit the shortcut to Symantec Security Response for analysing

Regards

hi sachin,

Your mantioned links are not able to open, Its showing outlook web access windows on my IE page.

Do you have the sample which you can submit to Symantec?

http://www.symantec.com/security_response/submitsa...

How to Use the Web Submission Process to Submit Suspicious Files

How to collect and submit to Symantec Security Response suspicious files found by the SymHelp utility

You can use an application and device control policy to block programs from running from the infected USB as well. There is one already built in SEPM 12.1, it's called Block Programs from running from removeable drives [AC2]

Have you updated to the latest defs and scanned the machine in safe mode?

You can run Symantec Power Eraser on it as well:

How to run Symantec Power Eraser with the SymHelp utility

Hello,

W32.Changeup.C  is a worm that spreads through removable and shared drives by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

W32.Stuxnet!lnk is a detection for .lnk files created by the W32.Stuxnet worm.

Bloodhound.Exploit.346 is a heuristic detection for files attempting to exploit the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (BID 41732).

New Trojan.Shylock wave

https://www-secure.symantec.com/connect/blogs/new-trojanshylock-wave

The Shylock “LNK” Awakening

https://www-secure.symantec.com/connect/blogs/shylock-lnk-awakening

Could you please zip each of the files and submit the zip files (without password) to the Symantec Security Response Team on : 

https://submit.symantec.com/websubmit/essential.cgi

We also offer a self-service site to analyze files, at http://www.threatexpert.com, which can give you more information on the files you submit to it.

Check these Articles:

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/docs/TECH99222

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

So, as we see these above Threats appears when there are open vulnerabilities on the machines.

In your case, I would suggest the below Plan of Action:

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

4) Disable Auto play with GPO

http://support.microsoft.com/kb/953252

5) Disable the System Restore with GPO

http://support.microsoft.com/kb/283073

6) Disable Scheduled Tasks with GPO

http://support.microsoft.com/kb/310208

7) Incase of any shared / mapped drives present, make sure these are password protected.

8) Scan ALL the machines...

Here are some excellent suggestions on how to keep your computers, their users and data safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

Hope that helps!!