There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Security -Expert installed multiple remo ...
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Solved: Trojan Horse infection????

Reply  
Thread Tools
wes0125's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Jul 2009
Location: Fayetteville, AR USA
Experience: Intermediate
06-Nov-2009, 11:14 AM #1
Solved: Trojan Horse infection????
We use Symantec Endpoint on our servers. My boss evidently opened an email, using Outlook, and got hit with Trojan Horse. Symantec keeps sending a notification the it has quarantined a XXXXXXXX.tmp file (x=variable name). Originally they were DWH#####.tmp. I found some of these and were able to delete them. Then they became APQ######.tmp. When I go to the path indicated, nothing shows. The quarantined files totaled 24,000+ before I shut it down (300+ mb of space). I have scanned with McAfee, Malwarebytes, and Spybot trying to find the Trojan itself, but they didn't found anything.

Is "Trojan Horse" a specific trojan and is this a generic term?

I had a similar problem with a friends PC an couple of weeks ago. But Malwarebytes found and fixed the prob. Not this time.

Has anyone come across this problem and found a solution?
Register for free to hide this ad!
Phantom010's Avatar
Computer Specs
Trusted Advisor with 25,000 posts.
  
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
06-Nov-2009, 02:06 PM #2
Read this. It's usually a generic name but I think there is a Trojan Horse specifically called Trojan Horse too.

I think you would be better served in the Malware Removal & HijackThis Logs forum.
wes0125's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Jul 2009
Location: Fayetteville, AR USA
Experience: Intermediate
06-Nov-2009, 03:49 PM #3
Thanks for the info. Will try the removal option. I was able to finally delete all the quarantines.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,272 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
07-Nov-2009, 12:53 PM #4
With regards to malware, we normally don't work on company computers as they have their own IT departments and also in the process we could delete and/or change some needed settings, permissions, etc.

Having said that, it seems this issue is likely not a virus at all but is to do with Symantec and there is a patch to correct this. Here is a link to the support article:

http://service1.symantec.com/SUPPORT...07111911135548

The APQ files are contained in the APTemp folder which is where Symantec moves the "infected" files before they are quarantined.

I'm confident the patch or workaround in the Symantec article will solve the problem for you. Please let us know how it goes.

Also, I assume you used the McAfee online scan and are not actually running two anti-virus programs as they would conflict with each other.
__________________
Microsoft MVP - Consumer Security
wes0125's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Jul 2009
Location: Fayetteville, AR USA
Experience: Intermediate
09-Nov-2009, 11:52 AM #5
This is without a doubt the answer but when I try to run the downloaded fix for a 32-bit machine, I get a msg that it is not a vaild 32-bit application (SEP32_56To33_clientMSPMSI.exe). The client is a Dell Vostro 32-bit running Vista Ultimate. ?????? ideas?
wes0125's Avatar
Computer Specs
Junior Member with 29 posts.
  
Join Date: Jul 2009
Location: Fayetteville, AR USA
Experience: Intermediate
09-Nov-2009, 01:46 PM #6
Problem solved. I ran the fix from the website instead on saving it to a flash drive and trying it. It works from the website.

THANKS A MILLION FOR YOUR HELP.

Wes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,272 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
09-Nov-2009, 01:57 PM #7
It's my pleasure and I'm glad it solved the problem for you.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:54 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.