FCS not removing Tupym.A and Tupym.A!

Hi, we are seeing lots of infections of Tupym.A and Tupym.A! at our company. The two identified files that Forefront Client Security detects and cleans are system_3.exe and autorun.ini, located on the user desktop. These are not removed by FCS, despite them being detected and receiving a 'successfully cleaned' message. Definitions are up to date.

The only way I am able to remove this is to use MalwareBytes Anti-Malware which detects the same two files, and also a reg key @ HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yahoo Messengger (Forefront is not detecting this). Unfortunately because so many machines are infected, as soon as the machine connects again to an infected share, it is infected again.

I have submitted the malicious files to Microsoft already in case they have evolved or changed but have been told the latest definitions will remove these files. Is anyone else seeing this issue? At the moment it is a big problem for us, as it is infecting and spreading via NTFS shares, and we are unable to manually clean the machines quickly enough.

January 8th, 2014 3:49am

Hi,

Unfortunately, i think we need to wait for MS updates, this is not related to configuration. Addtionally, FCS is too old, why not try to deploy FEP 2010 or SCEP 2012.

Best Regards

Quan Gu

Free Windows Admin Tool Kit Click here and download it now
January 9th, 2014 6:31am

Hi Dave,

I am with the anti-malware team. Would you please try to select (or set policy) to explicitly remove and not clean/quarantine this threat and let me know how that goes? Also, could you give me the submission ID for the files you submitted? I would like to take a look at them myself. Thanks!

January 10th, 2014 5:25am

Dear all,

Thank you for the responses. In the end a Premier call was raised and I submitted the files again to the person working the case. The files were added to the definitions and are now successfully cleaning the machines.

We will be pushing SCEP 2012 as soon as our environment is ready.

Thanks again
Rob

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2014 6:23am

Dear all,

Thank you for the responses. In the end a Premier call was raised and I submitted the files again to the person working the case. The files were added to the definitions and are now successfully cleaning the machines.

We will be pushing SCEP 2012 as soon as our environment is ready.

Thanks again
Rob

January 13th, 2014 2:21pm

Dear all,

Thank you for the responses. In the end a Premier call was raised and I submitted the files again to the person working the case. The files were added to the definitions and are now successfully cleaning the machines.

We will be pushing SCEP 2012 as soon as our environment is ready.

Thanks again
Rob

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2014 2:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics