Solved

Trojan Horse DWH####.tmp w/Symantec Corp 10.2.0.298

Posted on 2009-04-06
5
9,837 Views
Last Modified: 2013-11-22
I am running Symantec Corp 10.2.0.298 with updated signatures.  I'm getting multiple notifications a day, the filename is always DWH####.tmp and always with a count of 2.  The action taken by the my AV is to quarantine.  Does anyone know what is Trojan is or know of a removal tool?  Thanks
0
Comment
Question by:markswelch
5 Comments
 
LVL 29

Expert Comment

by:QPR
ID: 24076012
0
 
LVL 15

Accepted Solution

by:
xmachine earned 50 total points
ID: 24076051
Hi,

1) Check the following KB article:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5acc619d5a30571b882573980069a3cd?OpenDocument

2) Download & run CCleaner to clean junk temp files

http://www.ccleaner.com/download

3) Download & run "Symantec Intelligent Updater" to update and overwrite any corrupted definitions

http://definitions.symantec.com/defs/20090405-003-i32.exe

Or visit this link and choose the correct antivirus software version

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce


A Symantec Certified Specialist @ your service
0
 
LVL 2

Author Closing Comment

by:markswelch
ID: 31566961
Great response.  Thanks!
0
 

Expert Comment

by:EternalMycah
ID: 24273117
NOTE: for people trying the steps in this solution, please make sure that in CCleaner's advanced options that you UNCHECK the box "Only delete files in Windows Temp folders older than 48 hours".  Otherwise you will keep the last couple of days worth of temp files in that folder.

Sorry, but this didn't work for me.  I have been dealing with this problem showing up intermittently for over a year now on several different user's machines.  Unfortunately, it is hard to test if any "solution" (none have worked for me still) has worked or not because I have to wait until the next day until the problem pops back up.

Although I did the steps recommended in the solution yesterday, I had CCleaner's default setting to leave the last 48 hours of temp files.  So, I'll have to wait until tomorrow to see if it works by changing that setting.

However, I "THINK" the real problem is that the quarantined files are still sitting there and getting rescanned each time.  So, in addition to running CCleaner set to delete all temp files I deleted all the files listed in quarantine.  SAV > View > Quarantine.

System: Vist SP1, SAV 10.2
0
 

Expert Comment

by:EternalMycah
ID: 24306545
I got this taken care of FINALLY!!!

The key here is to delete all the files listed in quarantine.  SAV > View > Quarantine

Otherwise, everytime you get new virus definitions, you will continue having this problem.  Since by default, SAV rescans your Quarantine folder after receiving new definitions.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dropbox,Google Drive cloud system protection 2 72
Anti-virus for Linux Server 15 123
Windows Defender Accessing Excluded Drives 5 22
Ransomeware 11 56
Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now