I apologize if this post goes long I just want to make sure I include as much information as possible.
I have been battling a couple of viruses lately that just wont go away. There have been 3 in total but I reinstalled windows to get one of them to go away. I really would prefer not to have to go through that again if possible. That is why I am turning to you all.
We had a desktop that kept getting bombarded with "Bloodhound.Exploit.213." If I recall the files that were being flagged were all in the folder C:\Users\UserID\AppData\Local\Temp. According to Symantec documentation all you needed to do was update virus definitions and do a full scan. This never cleaned the system. It would remove the file but the problems returned almost immediately. I tinkered with this for a long time and finally had enough and reinstalled windows etc.
I am having almost the very same symptoms on 2 other desktops. However symantec is labeling the viruses differently. One is, "Trojan Horse," and the other one is, "Trojan.Malscript!html." They both act very similar.
Here is the deal. When the user logs on to the computer they get the AutoProtect pop up saying that Trojan.Malscript!html or Trojan Horse has been found.. The files are always .tmp files in the C:\Users\UserID\AppData\Local\Temp folder. A couple examples of the file names are, DWHD4EC.tmp, DWH84E9.tmp, and DWH14D9.tmp. And we are not talking just a few files, we are talking thousands. If you use windows explorer and watch that folder, you can see them just coming in every couple of seconds. I have ran full scans with Symantec in normal windows and safe mode with no luck.
I "Think," I remember reading someplace about Symantec and false positives in the Temp folder, and there being a patch but I am not sure. I saw the post about the upgrade to 11.0.5002.333,
here. I am not sure if we can install this on our clients or not. Currently I am running, 10.2.0.276.
If anyone can help point me in the right direction I would be very happy!
Thank you for your time,
Mike