Generic Trojan – DWH****.tmp in Temp folder

I am troubleshooting a SAV 10.2.0.276 client with scan engine 71.4.0.15 and up-to-date definitions , except that SAV successfully quarantines all of the .tmp files, so there are no files to delete when I boot into safe mode.

Once or twice daily, Auto-Protect nags dozens of these files, all of them like this with DWH***.tmp in the Temp folder:
Scan type:  Auto-Protect Scan
Event:  Security Risk Found!
Risk: Trojan Horse
File:  C:\Users\Zeke\AppData\Local\Temp\DWH6C6.tmp
Location:  Quarantine
Computer:  ZEKE-E1405
User:  SYSTEM
Action taken:  Quarantine succeeded : Access denied

Scan type:  Auto-Protect Scan
Event:  Security Risk Found!
Risk: W32.Almanahe.B!inf
File:  C:\Users\Zeke\AppData\Local\Temp\DWHACD4.tmp
Location:  Quarantine
Computer:  ZEKE-E1405
User:  SYSTEM
Action taken:  Quarantined

Scan type:  Auto-Protect Scan
Event:  Security Risk Found!
Risk: W32.Virut.U
File:  C:\Users\Zeke\AppData\Local\Temp\DWH3A6A.tmp
Location:  Quarantine
Computer:  ZEKE-E1405
User:  SYSTEM
Action taken:  Reboot Required – Partial
They keep on popping up once or twice daily, and I cannot figure out what is creating them, or if it really is a Trojan Horse in the first place. I suspect it is a false positive, but cannot be sure.

Anybody know what might be creating these files, and how I can either stop the malicious software, or fix SAV to not call it out if it is a false positive?

Solution

Hello, i am having same problem, try this…. this works for me

I have Windows Vista Enterprise and Symantec End Point Protection 11.0.780.1109

1. User Log on with administrative privileges, and uninstall the Symantec Antivirus and restart.

2. User Log on with administrative privileges, download and run the Norton Removal Tool.

3. User Log on with administrative privileges, delete all temporary files of the next path: C:\Users\User Profile\AppData\Local\Temp

4. Reinstall Symantec Antivirus.

5. Go to path C:\Program Files\Symantec\Symantec Endpoint Protection, find the DWHWizrd.exe file and replace it with the same file of another machine (this doesn´t have much sense, but if you doesn´t make this action, didn´t works). If you are a home user, install the symantec in another machine and copy the file in a flash drive.

Its important that another machine is not infected. I hope that this fix works for you.

Edited by Me

Source : http://www.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

W32.Almanahe.B!inf
Dengan kaitkata , ,

3 thoughts on “Generic Trojan – DWH****.tmp in Temp folder

  1. RixMaxewell mengatakan:

    Check out the informations about how to remove them Trojan Virus
    http://www.bitztoday.com/2010/02/how-to-remove-trojan-virus.html

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: