Endpoint Protection

 View Only

  • 1.  Virus information

    Posted Nov 27, 2012 06:23 AM
      |   view attached


    Attached is the virus found which symantec detected and deleted. KIndly find which virus is this.



  • 2.  RE: Virus information
    Best Answer

    Posted Nov 27, 2012 06:28 AM

    HI,

    32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and block access to security-related Web sites.

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99&tabid=2



  • 3.  RE: Virus information

    Trusted Advisor
    Posted Nov 27, 2012 06:40 AM

    Hello,

    Work on the Plan of Action as given below for a 100% result.

    Plan of Action:

    1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and

    2) Install MS08-67 patch download [KB 958644] on ALL computer.

    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

    3) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines

    4) Disable Auto play with GPO

    http://support.microsoft.com/kb/953252

    5) Disable Scheduled Tasks with GPO

    http://support.microsoft.com/kb/310208

    6) Enable Security Auditing with GPO

    http://support.microsoft.com/kb/300549

    7) Scan ALL the machines...

    NOTE: *ALL means ALL client machines and server machines (make sure you don't miss any machine)

    Inaddition to this, please check the Article provided below and work upon the same.

    1) Best Practice for Downadup.B and Additional information on the same.

    https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

    2) Simple steps to protect yourself from the Conficker Worm

    http://www.symantec.com/docs/TECH93179

    Hope that helps!!



  • 4.  RE: Virus information

    Posted Nov 27, 2012 06:40 AM

    Hi,

    Access denied wt exact ?



  • 5.  RE: Virus information

    Posted Nov 27, 2012 06:43 AM

    Hi,

    Check same problem thread

    https://www-secure.symantec.com/connect/forums/w32downadupb-risk-logs



  • 6.  RE: Virus information

    Posted Nov 27, 2012 12:57 PM
      |   view attached

    For future reference, the blue link in the detection results takes you a write-up about the threat that was detected (see attached).

    "Access denied" means the file was actually prevented from writing to the disk. See

    http://www.symantec.com/docs/TECH102052

    Access Denied
    Specifies the events where Auto-Protect prevented a file from being created.

    sandra



  • 7.  RE: Virus information

    Posted Nov 28, 2012 05:14 AM

    W32.Downadup is a threat that Symantec has examined in great depth.  Details about it can be found from the following link:

    The Downadup Codex, Edition 2.0
    https://www-secure.symantec.com/connect/blogs/downadup-codex-edition-20