Hey Guys, we have been seeing this on several workstations that we manage. The files all start with DWH. We have taken the machines offline and scanned them heavily with multiple products and nothing comes back. We cannot figure out what these are all about. Has anyone else seen these DWH*.tmp files in the windows temp folder? I have attached event data from two different workstations at different customers. Both running Windows XP SP3. Seems to get detected once or twice a day. Possibly tied to a logon on the system.
ALERT DETAILS
-----------------------------------
CATEGORIES:
DEVICE:
ALERT CONFIGURATION: Symantec Antivirus - Security Risk Handled
TIMESTAMP: 6/10/2010 10:20:32 PM (Eastern Standard Time)
WINDOWS EVENT
-----------------------------------
TIME OF EVENT: 6/10/2010 10:18:30 PM
EVENT LOG: Application
EVENT SOURCE: Symantec AntiVirus
EVENT ID: 51
SEVERITY: Error
DESCRIPTION:
Security Risk Found!Trojan.Gen in File: C:\WINDOWS\Temp\DWH1975.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.
ALERT DETAILS
-----------------------------------
CATEGORIES:
DEVICE:
ALERT CONFIGURATION: Symantec Antivirus - Security Risk Handled
TIMESTAMP: 6/11/2010 6:19:57 AM (Eastern Standard Time)
WINDOWS EVENT
-----------------------------------
TIME OF EVENT: 6/11/2010 6:18:17 AM
EVENT LOG: Application
EVENT SOURCE: Symantec AntiVirus
EVENT ID: 51
SEVERITY: Error
DESCRIPTION:
Security Risk Found!Trojan Horse in File: C:\WINDOWS\Temp\DWH104D.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.