virus Name - Trojan.Gen
Created: 21 Oct 2012 | Updated: 25 Oct 2012 | 8 comments
This issue has been solved. See solution.
Virus detected in system reportedto server in Risk
Virus Name - Trojan.Gen
Version - 11.0.6005
Regard
Ashok
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Trojan horse programs pose as legitimate programs or files that users may recognize and want to use. They rely on this trick to lure a user into inadvertently running the Trojan. Often a Trojan will mimic a well known legitimate file name or pose as a particular type of file, like a .jpg or .doc file to trick a user.
Distribution of Trojans on to compromised computers occurs in a variety of ways. From email attachments and links to instant messages, drive-by downloads and being dropped by other malicious software. Once installed on the compromised computer, the Trojan begins to perform the predetermined actions that it was designed for.
http://www.symantec.com/security_response/writeup.jsp?docid=2011-082216-3542-99&tabid=3
Removal Tool
If you have an infected Windows system file, you may need to replace them using from the Windows installation CD.
How to reduce the risk of infection
The following resource provides further information and best practices to help reduce the risk of infection.
Protecting your business network
MANUAL REMOVAL
The following instructions pertain to all current Symantec antivirus products.
1. Performing a full system scan
How to run a full system scan using your Symantec product
2. Restoring settings in the registry
Many risks make modifications to the registry, which could impact the functionality or performance of the compromised computer. While many of these modifications can be restored through various Windows components, it may be necessary to edit the registry. See in the Technical Details of this writeup for information about which registry keys were created or modified. Delete registry subkeys and entries created by the risk and return all modified registry entries to their previous values.
Have you seen these file with the name of dwh*.tmp
If the file is with this name then read the below link
This issue is fixed in RU7MP2 ..
http://www.symantec.com/business/support/index?page=content&id=TECH92399&locale=en_US
This build's version is: 11.0.7200.1147.
Release notes for Endpoint Protection and Network Access Control 11
Regards
Sumit G.
Hi,
DWH***.tmp files are detected in the user profile temp directory
http://www.symantec.com/docs/TECH92399
These detections do not indicate a new outbreak of a threat. The .tmp files are created by the Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV) Quarantine scan. The scan is normally initiated by a virus definition update.
There are also several known methods to work around the issue:
Best practice to troubleshoot virus on the network
http://www.symantec.com/docs/TECH122466
IF not helped,
Use Symantec endpoint Protection Support Tool with Power Eraser (eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect) following the article:
Support Tool with Power Eraser Tool included
http://www.symantec.com/business/support/index?pag...
Check the loadpoints on your machine:
How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files
http://www.symantec.com/business/support/index?pag...
If you manage to identify infected files and thay are not detected by SEP, please submit the files using this link:
http://www.symantec.com/business/security_response...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hello Ashoka,
You have provided very limited details.
Could you please provide us the file name and path of the file located on? If possible please provide us a screenshot.
Trojan.Gen is a generic detection for many individual but varied Trojans for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics.
Understanding the file location and file name may give us some idea to assist you with the Threat.
Secondly, is the name of the file starting from DWH***?
If yes, you may check the links provided by Chetan above.
I doubt this is the known issues. The issue of multiple DWH files being created and retained has been improved in SEP 11 Release Update 7 Maintenance Patch 2 (RU7 MP2) and SEP 12.1 RU1 MP1.
Check these Articles below:
When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect
http://www.symantec.com/docs/TECH102953
DWH***.tmp files are detected in the user profile temp directory.
http://www.symantec.com/docs/TECH92399
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
I am agree with aobve comments if your systems are infected with dwh.tmp related virus then updgrade the Sepm version with (SEP 11 Release Update 7 Maintenance Patch 2 (RU7 MP2)). It will fixup .tmp file issue.
Thanks & Regard
Honey Jack
If your issue has been solved, please use the "Mark as Solution" for the valid thread.
What was the action taken? If cleaned, deleted, or quarantined than SEP did its job and no further action is needed.
SEP Knowledge Base
Endpoint SWAT
Hi- What is the current status of virus?
Removed or still pending?
Virus has removed after scanning in safe mode but it was the daily acitivty so i have raise the concern.
I will update to senior team that upgrade the SEPM with RU7MP2 for the permanent fixup the issue
thanks all for your valuable comments
Would you like to reply?
Login or Register to post your comment.