Results 1 to 7 of 7

Thread: DWH*.tmp a generic Trojan created in temp folder

  1. #1
    Join Date
    May 2011
    Posts
    52

    DWH*.tmp a generic Trojan created in temp folder

    I'm troubleshooting a SAV client 10.2.0.276 with the help of scan engine 71.4.0.15 and up to date definitions. Seems to be the same problem described here, unless successful SAV quarantine all files. Tmp, so that no files to delete when you boot in safe mode. Once or twice a day, upset tens of Auto-Protect of these files, all of this forms with DWH ***. tmp in the Temp folder. The link leads to a specific KB Trojan horse generic entry in the type of Trojan. Still appear once or twice a day, and I can not understand what is being, or is actually a Trojan horse in the first place. I suspect it is a false positive, but can not be sure. Does anyone know what could be the creation of these files, and how I can stop the malicious software, or fix SAV not call if it is a false positive?

  2. #2
    Join Date
    Jul 2009
    Posts
    1,179

    Re: DWH*.tmp a generic Trojan created in temp folder

    The first thing to realize about this issue is: It's not one, particular issue. There have been various unusual reasons for the DWH files showing up in various locations. Eventually, the basic cause is the same, but several root causes have been found over the years. Try scanning your system daily with having some good antivirus with latest updates. I hope this solves your problem.

  3. #3
    Join Date
    Jul 2009
    Posts
    1,118

    Re: DWH*.tmp a generic Trojan created in temp folder

    It is not always the fault of Symantec software. This requires a little explanation of what happens behind the scenes. When new defs, checks the files in quarantine to see if there are new remedial measures, false positives, etc. quarantined files simply can not scan. Quarantine should be removed first. The expected behavior is as follows: SEP extracts files, scans them, and moves back to the quarantine. There have been cases of an error in SEP would make DWH files that are mishandled. SEP abandon the process because it can no longer rely on the files, as it does with all the files that are written to disk, it scans the file with Auto-Protect. Auto-Protect is the code of the virus in the DWH file and acts on it. There have been other cases, however, that other software 3 rd party scanners or indexing services, try to get in the way and make files that are mishandled DWH. This is something Symantec simply can not always be avoided. Sorry about it and did not want to be, but that's just the way it is. The correct answer is to fix the offending software third party.

  4. #4
    Join Date
    May 2009
    Posts
    1,084

    Re: DWH*.tmp a generic Trojan created in temp folder

    I want to address a point obsurd advice on SEP reinstallation to solve the problem. In most cases, this simply is not necessary ... and also no real Symantec technology will recommend this as a first solution. The first thing to do is look for 3rd party software that may be the cause of SEP to stop relying on DWH files. Exclusions installation directories as the SEP. If that does not, the purge quarantine and guide the work of the SEP. If you want to be more surgical, DWH.tmp only delete files in the working still need to clear the quarantine. If you just can not stand DWH detection, exploration off defs when new but it is not best practice. If you want to go even further, adjust your settings do not use detection of quarantine. Finally, if all else fails and you still get detections DWH, reinstall the client in SEP but realizes he is re-install because there is something very wrong with the software at this time ... political corruption, permissions problems, etc. At this point, you probably should contact support to work on a full investigation.

  5. #5
    Join Date
    Nov 2009
    Posts
    955

    Re: DWH*.tmp a generic Trojan created in temp folder

    I do not think it has anything to do with the quarantine folder, which is something like C: \ Documents and Settings \ All Users \ Application Data \ Symantec \ Symantec Endpoint Protection \ quarantine and not Zeke user profile as shown by the user. I also want to know what makes this application. Or that vulnerability. Therefore, it can take action, in addition to patches and updates. I just received a report that a user has this Trojan horse. He has 40 tmp files in the same way.

  6. #6
    Join Date
    May 2008
    Posts
    945

    Re: DWH*.tmp a generic Trojan created in temp folder

    If you can not migrate until this moment, here are solutions that should alleviate the problem. These are listed in order of preference. Disable rescanning of the quarantine to receive new virus definitions. Ensure that no processes or services such as Indexing Service, can access / monitor file. Make sure the folder% TEMP% is not open for receipt of virus definitions and scan quarantine. Restart in safe mode; delete files in the temporary folder DWH, clearing the quarantine folder.

  7. #7
    Join Date
    Jun 2009
    Posts
    909

    Re: DWH*.tmp a generic Trojan created in temp folder

    DWH files are temporary files that are created by our process called defwatch.exe. These files are quarantined threats to get us out of quarantine for consideration during a quick scan. This usually occurs when applying the new defs. The document says is public facing and offers different solutions to solve the problem. What we have seen in most cases is the indexing service, or any other realtime scanner is in contact with the file and self-protection is re-exploration.

Similar Threads

  1. Trojan horse created problem
    By AxelF in forum Networking & Security
    Replies: 4
    Last Post: 01-03-2011, 07:51 AM
  2. Fake svchost.exe trojan created in windows temp folder
    By Delgado in forum Networking & Security
    Replies: 5
    Last Post: 20-07-2010, 01:08 PM
  3. Trojan Horse Generic 12
    By Tungesh in forum Networking & Security
    Replies: 3
    Last Post: 13-08-2009, 10:11 PM
  4. Where is my temp files folder & cookies folder?
    By aftab1 in forum Operating Systems
    Replies: 2
    Last Post: 05-11-2008, 12:58 PM
  5. wpdnse folder appears automatically in temp folder
    By Charlie R in forum Windows XP Support
    Replies: 2
    Last Post: 18-11-2006, 09:09 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,665,487.83249 seconds with 17 queries