Endpoint Protection

 View Only
  • 1.  USB Flash Drive Shortcut Virus

    Posted Mar 30, 2012 11:43 AM

    Hi All,

    10% of users in our network have recently been affected  by the USB Flash Drive shortcut virus (i.e. creates shortcut of folders and hides the folders... and in RECYCLER bin there is something like 0x2978F.exe created).

    I do not know why then that the Symantec EP 11 does not try to stop this virus in USB and does not find it on the PC... but manually i can find it in on the affected PC plus the associated registry entry.

    Symantec please assist... users are complaining about this antivirus now.

     



  • 2.  RE: USB Flash Drive Shortcut Virus
    Best Answer

    Posted Mar 30, 2012 11:57 AM

    as a first step, disable autorun.

    Preventing a virus from using the AutoRun feature to spread itself

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

     

    Check the below articles on handling infections.

    Best practices for troubleshooting viruses on a network

    http://www.symantec.com/business/support/index?page=content&id=TECH122466

    Security Best Practice Recommendations
    http://service1.symantec.com/support/ent-security.nsf/docid/2009010808340848?Open&seg=ent

    How to Use the Web Submission Process to Submit Suspicious Files

    http://www.symantec.com/business/support/index?page=content&id=TECH102419

    Security Response recommendations for Symantec Endpoint Protection settings
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

     

    Hope this helps



  • 3.  RE: USB Flash Drive Shortcut Virus

    Posted Mar 30, 2012 12:16 PM

    I have already configured the application control to block autorun, and most computers are now deployed with the autorun feature disabled.

     

    I have submitted the virus file to symantec... will wait for their response.



  • 4.  RE: USB Flash Drive Shortcut Virus

    Posted Mar 30, 2012 12:29 PM

    Symantec will come back with the definitions hopefully.



  • 5.  RE: USB Flash Drive Shortcut Virus

    Posted Apr 02, 2012 02:14 AM

    Symantec indeed responded saying it was a Trojan.gen virus... and recommended that i immediately download the Rapid Release Definition. Does it mean that the protection was updated into this download??? Of course I am downloading it now, and will monitor the notifications.



  • 6.  RE: USB Flash Drive Shortcut Virus

    Posted Apr 02, 2012 03:51 AM

    Does it mean that the protection was updated into this download???

     

    Yes. Did they mention a sequence number? If so, you can download that sequence or a later one from the below link.

    ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/rapidrelease/sequence/

    These are rapid release definition and this will be added to the daily definition usually within 24 hrs.



  • 7.  RE: USB Flash Drive Shortcut Virus

    Posted Apr 02, 2012 04:24 AM

    After downloading and applying the definitions, i have hundreds of 'deleted' , 'blocked', cleaned logs. It seems the antivirus is finally working.. 

     

    Thanks guys.



  • 8.  RE: USB Flash Drive Shortcut Virus

    Posted Apr 02, 2012 05:48 AM

    Glad it worked :)



  • 9.  RE: USB Flash Drive Shortcut Virus

    Trusted Advisor
    Posted Apr 02, 2012 07:19 AM

    Hello,

    In your case, it is advisable to follow few important steps:

    1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.

    2) Make sure the machines are installed with the Latest Symantec virus definitions.

    3) Disable the Autorun Feature on the machine.

    Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    Hope that helps!!