Worm_Renadoc.B

We received a call from a customer saying his file server has been infected with a virus/worm which OfficeScan can't detect.

Symptoms:
- All document files (.doc) were converted to executable file (.exe), and the file size was 19KB
- Task Manager and Registry Editor were disabled
- Folder Options in Windows Explorer > Tools menu was missing

Based on the escalation process from the previous post, what you need to do?

1. Record all the symptoms (you can screen shot or have it in words)
2. Run the SIC tool
3. Forward the relevant files and folder from the SIC analysis to Trend Support. Make sure you include the description on the symptoms and information on the product installed (i.e OfficeScan 8.0 with SP1)

What next?

1. Once you submitted the case to Trend Support, please allow for at least 24 hours to receive the reply.
2. Follow the instruction/suggestion given. You may be requested to supply other information if the one given not sufficient.
3. If you received a reply from them saying that the pattern file is available for you to download, go ahead download the pattern file and verify that OSCE now is able to detect the malware. However, if the footprint of the damages done by the malware still presence (i.e Task Manager and registry editor still disabled), you need to specifically tell Trend Support about the situation and request for DCT/DCE.

You have to go through the whole processes. Help us to help you. Happy Supporting Trend products!