Endpoint Protection

Hi

sysmantec detected a troajn but it has failed to delete

Computer using

OS:windows 7 enterprise

Symantec endpoint version: 11.0.6100.645

Virius name: trojan.gen.2
File names:starts with DWH****.tmp

I state **** is because it always deletes the name and make a new namee.

It could not delete it. Please help as i have no idea what this is doing to my computer.

Hi NG Han Wei,

So dear friend, you have to put your windows to run in safe mode and try to run inside the antivirus. If you run it in normal mode, the virus will continue to self installing or naming folders. In safe mode, it can not, because you all services that run on your desktop.

Also use this page here

http://www.symantec.com/security_response/detected_writeup.jsp?name=Trojan.Gen.2

will help you a lot in this case.

If you give the solution, as slução check in my name.

Big hug.

Hi NG Han Wei,

Just some information you should know about this trojan.

is a fake security software that spreads primarily through P2P channels or browsing untrusted sites. Symptoms that a PC was the victim of Trojan.Gen.2 are:

system slowed

changed the browser settings

Continuous opening pop-ups while browsing

in some cases impossible, to connect to the Internet

If you can not take it for nothing, let me know what I taught you to remove it manually.

hugs

Hi NG Han Wei,

I'll teach you just trying to sweep this trojan manually if I'm no longer here and you can address your question.

Do the following:

First note the name of the Trojan. path and do the following Start> Run> regedit> click the + key HKEY_LOCAL_MACHINE, look for subkey Software and do the same, then Microsoft, then Current Version, and then the RUN folders on the right side must be written Win32. Trojan-Gen. {Other}, so delete it.

hugs

Is your system infected? Symantec tools to help clear an infection

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Hi all

Thanks to Fabiano.Pessoa for the replies, will try the steps mention :).

how do i run in safe mode. i check online for a guide. they say to press F8 while the system is botting up. but it only makes a button being press sound and nothing else.

Hi NG

When it is booting, press F8 until it shows a black screen with options of choice, and there will be SAFE MODE. enter it without connecting to that says connect the network. Your PC will get a little weird, with a large format screen, do not be alarmed, this is how even the safe mode of Windows. With that turn their security and be able to run successfully. You also can use that link I put on top of Symantec solutions that are good and I think that will give viously result.

Any questions, I am available.

hugs

Please Follow this steps in the Article:

How to block known virus executables that run from %UserProfile% using Application and Device Control

You don't have a virus.

It's a well known problem that can emerge when SEP tries to re-check the quarantine with newly downloaded virus signatures.

Here are some documents about it:

DWH***.tmp files are detected in the user profile temp directory

http://www.symantec.com/docs/TECH92399

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/docs/TECH102953

Interesting reading why it's difficult to solve this issue:

https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder#comment-5191661

You can do the following:

1. Activate Antivirus and Antispyware policy > Quarantine > General > "When New Virus Definitions Arrive" > "Do nothing"
2. Upgrade to the latest SEP version (SEP 11.0.7200 or SEP 12.1.1101), where the issue should be mitigated.

HTH!

Known issue. See this thread, particularly at the end:

https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

I got this error. What do I do?

scan in safe mode. if the file is not required delete the file.

Use Symantec Endpoint Recovery Tool. To Obtain it and use please visit the link below:

http://www.symantec.com/business/support/index?page=content&id=S%3ATECH131732&actp=search&viewlocale=en_US&searchid=1355292637375

It is asking me for a serial number, but I dont know how to get that. Thanks

contact technical support for serial number

As last thing you could load from other OS and delete file manually. Hope that could help!