Hello,
With reference to recent virus/worm issues, Symantec has strongly recommended us to update the below mentioned patches on priority as this helps worms/viruses to gain advantage of the vulnerabilities found on
unpatched machines. Also recieved virus defination from symantec for submitted worm.
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
Microsoft Security Bulletin MS10-046/ (KB2286198)
http://www.securityfocus.com/bid/41732/solution
Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
Nortel Response to Microsoft Security Bulletin MS08-067/ (KB958644)
http://www.securityfocus.com/bid/31874/solution
Secondly, I would advise you to upload this suspicious file to the Symantec Security Response Team on -
https://submit.symantec.com/essential
OR
http://www.threatexpert.com
Secondly in your case, it is advisable to follow few important steps:
1) Make sure all these machines are Patched with ALL Latest MS security patches and service packs.
2) Make sure the machines are installed with the Latest Symantec virus definitions.
3) Disable the Autorun Feature on the machine.
Preventing a virus from using the AutoRun feature to spread itself
http://www.symantec.com/business/support/index?page=content&id=TECH104447
Later, incase of suspicious activity still happening, then follow the steps provided in the Article below:
Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
If you have ADC in use with your SEP, you can block that file's MD5 by policy: How to use Application and Device Control to limit the spread of a threat.
A few more recommendations...
Two Reasons why IPS is a "Must Have" for your Network
https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
IPS can help prevent the spread of many threats, including ones that are copied up to file servers / shares. Please ensure that it is in use in your environment!
Once you have found the suspicious file (and hopefully any additional suspicious files from the computer which originally copied it up to those shares) here's some best practice advice on the best way to submit them:
Symantec Insider Tip: Successful Submissions!
https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions
Hope that helps!!