Symantec Encryption Product Community

 View Only
Back to discussions
Expand all | Collapse all

SEPM 11.0.6005 Trojan.Gen

  • 1.  SEPM 11.0.6005 Trojan.Gen

    Posted Jan 27, 2011 02:27 PM

    I have this Tojan coming up on some pc's but Symantec can't seem to get rid of it?



  • 2.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 27, 2011 06:40 PM

    We'll need some more information on order to assist you. 

    What files are being detected?

    What location are they being detected in? 

    Are multiple clients detecting this or just one?



  • 3.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 07:22 AM

    www.symantec.com/business/security_response/submitsamples.jsp

    The above link allows you to submit suspected malware to Symantec.If this is new,undetected malware,Security Response will develop virus definitions for it.

    I would also advise you to enable network threat protection which helps prevent malware infection on the network level.

    Consider running the SEP support tool to identify potential malicious code:

    http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

    You can also try Norton Power Eraser :

    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

    Copy the above links in your web browser to access those sites.

    Regards



  • 4.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 07:40 AM

    What is the name of the file which is getting detected as trojan?



  • 5.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 08:22 AM

    C:\Documents and Settings\"user"\Local Settings\Temp\DWH23.tmp

    Trojan.Gen

    This has happened on 5 pcs. If I go to that location nothing is there.



  • 6.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 08:33 AM

    Also this location

    C:\Documents and Setting\"User"\Local Settings\Temp\DWH46.tmp



  • 7.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 08:54 AM

    You are definitely using an old build of SEP on the affected machines.

    This seems like a bug in SEP that has been fixed in RU6 MP1.

    These files are harmless,just a false positive.

    UPGRADING TO AT LEAST SEP RU6 MP1 SHOULD REMEDIATE THIS.

    Go to symantec file connect to obtain the patch or alternatively upgrade through SEP manager

    http://fileconnect.symantec.com/



  • 8.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 08:57 AM

    This document provides list of bugs fixed by upgrades

    http://www.symantec.com/business/support/index?page=content&id=tech103087



  • 9.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 09:33 AM

    How can I obtain s user name and password for Symantec FIle Connect



  • 10.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Jan 28, 2011 09:55 AM

    You should first register by entering the serial number associated with your product.

    Select a username and password of your choice.

    Note these down,these will be required each time you wish to connect to fileconnect to obtain hotfixes.

    You should look for the upgrade path for your actual SEP version to RU6 MP1

    I would strongly advise you to upgrade to RU6 MP2 instead, which is the most current build for SEP.

    In both cases,this should remediate the situation.



  • 11.  RE: SEPM 11.0.6005 Trojan.Gen

    Posted Feb 01, 2011 11:23 AM

    Those evil little trojan buggers might be hiding in the quarantine file or log, in which case you can delete them and clear the infected status of the machines in question. 



  • 12.  RE: SEPM 11.0.6005 Trojan.Gen

    Broadcom Employee
    Posted Feb 02, 2011 06:41 AM

    Hi,

    If you don't have any plan for upgrade then for time being you can create centralized exception on 5 affected computers.

    You can create centralized exception for following path.

    C:\Documents and Settings\"user"\Local Settings\Temp\DWH23.tmp