Endpoint Protection

 View Only

  • 1.  virus in clients

    Posted Jun 07, 2012 07:15 AM

     Hi

    below virus found in our network, pls provide the Resolution.

    W32.Imaut

    W32.Imaut.AA

    Suspicious.Emit

    Trojan.Gen

    Trojan Horse

    StealthMBR.a

    Bloodhound.Olexe

     Trojan.ADH.2



  • 2.  RE: virus in clients



  • 3.  RE: virus in clients
    Best Answer

    Trusted Advisor
    Posted Jun 07, 2012 07:49 AM

    Hello,

    I would request you to make sure you to follow the Plan of Action:

    STEP 1 - CHECK FOR KNOWN OS VULNERABILITIES AND DOWNLOAD PATCHES TO PROTECT THEM:

    Begin by checking your network for known, patchable OS vulnerabilities that may be exploited to spread virus infections. The Microsoft Baseline Security Analyzer is a free tool from Microsoft that you can use to analyze your vulnerability to known security exploits in the Microsoft Windows operating environments. This tool centrally scans Windows-based computers for common security mis-configurations and generates individual security reports for each computer that it scans. MBSA will scan for common security mis-configurations in the following products: Windows 2000, Windows XP, Windows Vista Windows Server 2003, Windows Server 2008, Internet Information Server (IIS) 5.0, and 6.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003. MBSA also scans for missing security updates, update rollups and service packs published to Microsoft Update.

    You can download the MBSA free from Microsoft at the following link:

    http://technet.microsoft.com/en-us/security/cc184924.aspx

    Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

    STEP 2 - SUBMIT SUSPICIOUS FILES FOR ANALYSIS TO SYMANTEC SECURITY RESPONSE:

    Provided in the Article below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    STEP 3 - Disable Auto play with GPO
    http://support.microsoft.com/kb/953252

    STEP 4 - Disable Scheduled Tasks with GPO
    http://support.microsoft.com/kb/310208

    STEP 5 - Enable Security Auditing with GPO
    http://support.microsoft.com/kb/300549

    STEP 6 - Scan ALL the machines...

     

    Please Check the write-ups for these Threats -

    W32.Imaut - http://www.symantec.com/security_response/writeup.jsp?docid=2006-091915-1213-99

    W32.Imaut.AA - http://www.symantec.com/security_response/writeup.jsp?docid=2007-060717-3202-99

    Suspicious.Emit - http://www.symantec.com/security_response/writeup.jsp?docid=2010-042920-5108-99

    Trojan.Gen - http://www.symantec.com/security_response/writeup.jsp?docid=2010-022501-5526-99

    Trojan Horse - http://www.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99

    StealthMBR.a - http://www.symantec.com/security_response/writeup.jsp?docid=2008-010718-3448-99

    Bloodhound.Olexe - http://www.symantec.com/security_response/writeup.jsp?docid=2012-050814-3052-99

     Trojan.ADH.2 - http://www.symantec.com/security_response/writeup.jsp?docid=2011-030906-0727-99

    Hope that helps!!



  • 4.  RE: virus in clients

    Posted Jun 07, 2012 12:09 PM

     good action plan



  • 5.  RE: virus in clients

    Posted Jun 08, 2012 04:52 AM

    Hi Happy_Blaze,

    Much good advice, above.

    This link also has excellent advice from Security Response:

    Symantec Endpoint Protection – Best Practices

    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0



  • 6.  RE: virus in clients

    Posted Jun 08, 2012 07:02 AM

    All links are really healpful. Thanks for the help.