Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

ScanMail for Exchange (SMEX) solution for TROJ_UPATRE.YYRJ virus outbreak

    • Updated:
    • 28 Dec 2014
    • Product/Version:
    • ScanMail for Exchange 10.2
    • ScanMail for Exchange 11.0
    • Platform:
    • N/A N/A
Summary
Trend Micro noticed that there is a virus outbreak named "TROJ_UPATRE.YYRJ". The virus spreads within an email attachment, either it uses an .scr extension or hides itself into a zip file. Once customer clicks this SCR file, the virus will infect the host machine and will spread itself by sending out emails to all the recipients of Outlook.
Details
Public
ScanMail for Exchange (SMEX), which uses 11.353.00 pattern with at least 9.7 scan engine or later, can now detect and remove this virus.
To resolve the issue:
  1. Ensure that the virus pattern is updated to the latest version, and the VSAPI version is above 9.7.
  2. Add a temporary attachment blocking rule to block the screen saver file or SCR extension and enable the Block attachment types or names within compressed file option.
  3. Perform a manual scan to all the Exchange mail store to clean up all the mailboxes that may contain the virus that arrived prior to the virus pattern update.
  4. For Exchange 2010 SP1 or above with installed SMEX 10.2 SP2 or SMEX 11.0, use the Search & Destroy feature of SMEX to find the infected attachment and delete it manually.
  5. For infected endpoint computers, quarantine the infected machine by disconnecting it from the network. Then, run the endpoint virus scan tools like OfficeScan (OSCE) with latest virus pattern to remove the virus.
Premium
Internal
Rating:
Category:
Troubleshoot; Remove a Malware / Virus
Solution Id:
1106645
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.