Endpoint Protection

 View Only

  • 1.  Unable to fully remove Trojan.Gen.2 with SEP

    Posted Dec 14, 2011 10:32 AM

    Hi, I about a week and a half ago my computer caught what I am assuming to be Trojan.Gen.2. At that time it coopted my computer screen with a fake antivirus program and removed all icons from my homescreen; I restarted the computer in Safe mode and was able to go to a previous system restore point and do a full scan with both symantec endpoint protection and Ad-Aware.

    Since then, intermittently symantec pops up telling me it has identified and quarantined Trojan.Gen.2, all of the files are said to be in my AppData/local/temp folder and begin with DWH####.tmp. I've read about how dangerous this virus can be and wish to get rid of it but everywhere I've looked for solutions online has been archaic, to me, at best. If someone could walk me through the steps to remove this I'd greatly appreciate it.



  • 2.  RE: Unable to fully remove Trojan.Gen.2 with SEP
    Best Answer

    Trusted Advisor
    Posted Dec 14, 2011 10:44 AM

    Hello,

    This is a known issue with the older versions of Symantec Endpoint Protection version 11.x

    Incase, if you are carrying an older version of SEP, it would be adviced to install the Latest version of SEP 11.0.7101 OR Migrate to the SEP 12.1.1000

    Check this:

    DWH***.tmp files are detected in the user profile temp directory

     

    http://www.symantec.com/docs/TECH92399

    When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

    http://www.symantec.com/docs/TECH102953

     

    AND 

    Create a policy as suggested below:

    1. Open Symantec Endpoint Protection Manager (SEPM)
    2. Select Policies
    3. Select Antivirus and Antispyware Policy
    4. Select Quarantine
    5. Click on the Cleanup Tab
    6. Under Quarantined Files check mark "Delete oldest file to limit folder Size at ( X ) MB (Instead of X mentioned the Size of Quarantine Folder normally selected.)

     

  • If you have frequent recurrences of this issue and would like to disable re-scanning of the quarantine folder please follow these steps:

    •  

    Disable re-scanning of quarantine files.

    From the SEP-Manager:
    - Edit the Antivirus and Antispyware policy of affected clients.
    - In the policy editor click "Quarantine" on the left-hand menu.
    - On the general tab click "Do nothing" under the heading "When new Virus Definitions Arrive"

     

    Also, to remove the DWxxxxxx.tmp, follow the steps as provided in the Article below:

    https://www-secure.symantec.com/connect/articles/issue-related-low-disk-space

    Hope that helps!!



  • 3.  RE: Unable to fully remove Trojan.Gen.2 with SEP

    Posted Dec 14, 2011 11:34 PM

    If you are facing problem in your machine due to trojan virus

    1.Check wether your SEP client is get update sith latest update are not

    2.Scan your system with thired part tools like NSS, stinger ,combofix,trojen remover...etc

    3.even your facing same problem after you scan your system also take sampel of that virus and send to compressed file and send to Symantec

    4.Go to browser and type this link  https://submit.symantec.com/websubmit/retail.cgi

    5. fill your personeal details and add that zip file.

     

     



  • 4.  RE: Unable to fully remove Trojan.Gen.2 with SEP

    Broadcom Employee
    Posted Dec 15, 2011 12:59 AM

    Thumbs up to Mithun Sanghavi  !

    if it's DWH, follow his advice.