Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



DWH*.tmp a generic Trojan created in temp folder

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 28-05-2011
Member
 
Join Date: May 2011
Posts: 52
DWH*.tmp a generic Trojan created in temp folder
  

I'm troubleshooting a SAV client 10.2.0.276 with the help of scan engine 71.4.0.15 and up to date definitions. Seems to be the same problem described here, unless successful SAV quarantine all files. Tmp, so that no files to delete when you boot in safe mode. Once or twice a day, upset tens of Auto-Protect of these files, all of this forms with DWH ***. tmp in the Temp folder. The link leads to a specific KB Trojan horse generic entry in the type of Trojan. Still appear once or twice a day, and I can not understand what is being, or is actually a Trojan horse in the first place. I suspect it is a false positive, but can not be sure. Does anyone know what could be the creation of these files, and how I can stop the malicious software, or fix SAV not call if it is a false positive?

Reply With Quote
  #2  
Old 28-05-2011
Member
 
Join Date: Jul 2009
Posts: 1,177
Re: DWH*.tmp a generic Trojan created in temp folder

The first thing to realize about this issue is: It's not one, particular issue. There have been various unusual reasons for the DWH files showing up in various locations. Eventually, the basic cause is the same, but several root causes have been found over the years. Try scanning your system daily with having some good antivirus with latest updates. I hope this solves your problem.
Reply With Quote
  #3  
Old 28-05-2011
Member
 
Join Date: Jul 2009
Posts: 1,118
Re: DWH*.tmp a generic Trojan created in temp folder

It is not always the fault of Symantec software. This requires a little explanation of what happens behind the scenes. When new defs, checks the files in quarantine to see if there are new remedial measures, false positives, etc. quarantined files simply can not scan. Quarantine should be removed first. The expected behavior is as follows: SEP extracts files, scans them, and moves back to the quarantine. There have been cases of an error in SEP would make DWH files that are mishandled. SEP abandon the process because it can no longer rely on the files, as it does with all the files that are written to disk, it scans the file with Auto-Protect. Auto-Protect is the code of the virus in the DWH file and acts on it. There have been other cases, however, that other software 3 rd party scanners or indexing services, try to get in the way and make files that are mishandled DWH. This is something Symantec simply can not always be avoided. Sorry about it and did not want to be, but that's just the way it is. The correct answer is to fix the offending software third party.
Reply With Quote
  #4  
Old 28-05-2011
Member
 
Join Date: May 2009
Posts: 1,081
Re: DWH*.tmp a generic Trojan created in temp folder

I want to address a point obsurd advice on SEP reinstallation to solve the problem. In most cases, this simply is not necessary ... and also no real Symantec technology will recommend this as a first solution. The first thing to do is look for 3rd party software that may be the cause of SEP to stop relying on DWH files. Exclusions installation directories as the SEP. If that does not, the purge quarantine and guide the work of the SEP. If you want to be more surgical, DWH.tmp only delete files in the working still need to clear the quarantine. If you just can not stand DWH detection, exploration off defs when new but it is not best practice. If you want to go even further, adjust your settings do not use detection of quarantine. Finally, if all else fails and you still get detections DWH, reinstall the client in SEP but realizes he is re-install because there is something very wrong with the software at this time ... political corruption, permissions problems, etc. At this point, you probably should contact support to work on a full investigation.
Reply With Quote
  #5  
Old 28-05-2011
Member
 
Join Date: Nov 2009
Posts: 948
Re: DWH*.tmp a generic Trojan created in temp folder

I do not think it has anything to do with the quarantine folder, which is something like C: \ Documents and Settings \ All Users \ Application Data \ Symantec \ Symantec Endpoint Protection \ quarantine and not Zeke user profile as shown by the user. I also want to know what makes this application. Or that vulnerability. Therefore, it can take action, in addition to patches and updates. I just received a report that a user has this Trojan horse. He has 40 tmp files in the same way.
Reply With Quote
  #6  
Old 28-05-2011
Member
 
Join Date: May 2008
Posts: 945
Re: DWH*.tmp a generic Trojan created in temp folder

If you can not migrate until this moment, here are solutions that should alleviate the problem. These are listed in order of preference. Disable rescanning of the quarantine to receive new virus definitions. Ensure that no processes or services such as Indexing Service, can access / monitor file. Make sure the folder% TEMP% is not open for receipt of virus definitions and scan quarantine. Restart in safe mode; delete files in the temporary folder DWH, clearing the quarantine folder.
Reply With Quote
  #7  
Old 29-05-2011
Member
 
Join Date: Jun 2009
Posts: 910
Re: DWH*.tmp a generic Trojan created in temp folder

DWH files are temporary files that are created by our process called defwatch.exe. These files are quarantined threats to get us out of quarantine for consideration during a quick scan. This usually occurs when applying the new defs. The document says is public facing and offers different solutions to solve the problem. What we have seen in most cases is the indexing service, or any other realtime scanner is in contact with the file and self-protection is re-exploration.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "DWH*.tmp a generic Trojan created in temp folder"
Thread Thread Starter Forum Replies Last Post
Trojan horse created problem AxelF Networking & Security 4 01-03-2011 06:51 AM
Fake svchost.exe trojan created in windows temp folder Delgado Networking & Security 5 20-07-2010 01:08 PM
Trojan Horse Generic 12 Tungesh Networking & Security 3 13-08-2009 10:11 PM
Where is my temp files folder & cookies folder? aftab1 Operating Systems 2 05-11-2008 11:58 AM
wpdnse folder appears automatically in temp folder Charlie R Windows XP Support 2 18-11-2006 08:09 PM


All times are GMT +5.5. The time now is 05:10 AM.