Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan which can't be removed by Symantec Endpoint Protection


  • Please log in to reply
3 replies to this topic

#1 johnbz

johnbz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:53 PM

Posted 26 March 2014 - 03:44 AM

Symantec Endpoint Protection found DWH116.tmp (Trojan.Gen.3) in
 
C:\Documents and Settings\JZ\Local Settings\Temp\
 
but was unable to clean it. When I search i can't find the file. The same thing happened a few weeks ago but the infected file was not found again.
 
Symantec Endpoint Protection logs the file but can't fix it. When I scanned again 3 days later Symantec Endpoint Protection didn't find it (? because it was logged?).
 
Comodo doesn't find it.
 
I'm running XP SP3 on a Dell PC.
 
Any help or advice would be appreciated.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 26 March 2014 - 02:47 PM

Hello John

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Run Symantec again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 johnbz

johnbz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney
  • Local time:01:53 PM

Posted 28 March 2014 - 07:03 AM

Thanks for the help. SAV has found nothing after that process.

Can I ask another question.

 

SAV has found 3 of these infected DWxxxx.tmp files in the ...\temp directory in the past few weeks.  However, whenever I got the alert and ran  SAV again it didn't find the file again.  Is that because something else removed it, it made itself disappear even to SAV, SAV had learned to ignore it, or something else?  Is there another search tool that would find it if it's still there?

 

Many thanks,

 

John



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 28 March 2014 - 03:10 PM

It is possible that after SAV was updated at the fort that it no longer detects that as a threat and cleaned up after itself. Plus we just cleaned the Temp folder.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users