Hi all,

I found this virus on some computers. It locates in folder "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\".

Unfortunally SEP doesn't detect this virus. Also this virus creates file "autorun.ini" and folder "recycler" on all removable disks.

Thanks for help

Hi,

submit the file to symantec team. You can disable autorun using the Application & Device control policy from SEPM.

Also disable any kind of sharing that's taking place from that machine.

It may be new varient of this -http://www.threatexpert.com/report.aspx?md5=527e63b63e13b02766a623c8dcb1b583

Also make sure you are running SEP with the Security Response recommended settings.

http://bit.ly/SecuritySettings

How to prevent a virus from spreading using the "AutoRun" feature

http://www.symantec.com/business/support/index?page=content&id=TECH104447

1> set your system to show hidden and system files.

2> open Taskmanager

3> kill all explorer.exe process 

4> click on newtask button and go the C:\

5> delete recycler folder ( you will not be able to delete this folder when explorer.exe is loaded)

6> if you have multiple drives do the same for other drives.

7> do not load explore.exe yet

8> open regedit from newtask button.

9> find key c:\recycler and delete it(you will find c:\recycler\s-????\svchost.exe or  service.exe)

10> find all the keys and delete it.

11> load explorer.exe now.

this will remove this virus from you PC but its temperary basis as no antivirus software is able to delete it.

Best way to save your PC from infection is never open drive by double clicking on it, because its loads autorun.inf file during this, instead open drive in folder view and select drive from leftpane to open it.

Hello,

TRY THIS.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Symantec Support Tool is not a Scanning Tool, however, it may find the suspicious Files from your machine and may assist you Submitting the unknown and undetected files by Symantec as well.

Once you know the suspicious files, you could upload them to the Symantec Security Response Team and they would assist you with the same.

Well, in regards to why Symantec not detecting that Threat, you may read the Symantec Knowledgebase Article below:

Scanning a file with a competitor's antivirus program detects a virus, but scanning with Symantec AntiVirus or Symantec Endpoint Protection does not

http://www.symantec.com/business/support/index?page=content&id=TECH98929&actp=search&viewlocale=en_US&searchid=1301410542550