Not what you were looking for? Ask our experts!
Reply
Visitor
audreystyle
Posts: 4
Registered: ‎08-11-2011
Accepted Solution

Trojan Gen 2 Warnings by the hundreds - help?

Hi everyone,

 

In the past week, I have received daily episodic flooding of Norton autoprotect warnings about Trojan Gen 2 viruses infecting my temporary files.  I updated both browsers (Firefox and Internet Explorer), emptied caches and temporary internet files, and disabled "keep temporary files" in Java.  The warning messages persist.  Full scans reveal that no other files are harmed.  Is my computer compromised?  Where are they coming from, and how can I prevent them?  Thanks in advance for your help.

delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Trojan Gen 2 Warnings by the hundreds - help?

Did you also empty your Windows temp file?  C;/Windows/temp.  Check the history for resolved threats, click on one of the entries, click on more details and check the path.  Check unresolved threats as well for any entries.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Visitor
audreystyle
Posts: 4
Registered: ‎08-11-2011

Re: Trojan Gen 2 Warnings by the hundreds - help?

I've just emptied the contents of the windows temp folder and emptied the recycling bin.  Checking the logs, all infected items resided in the temp files (c:\users\me\appdata\local\temp) -- is this the same temp folder you mentioned?  I also changed the purge option on Norton to delete quarantined items after just 1 day.   Thanks again!

delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Trojan Gen 2 Warnings by the hundreds - help?

c:\users\me\appdata\local\temp) 

 

You may need to  go to Control Panel>Folder Options>view and scroll down until you find an option to "show hidden files and folders."  You should then be able to navigate to that folder and delete what you find there.  If your machine is infected, the files might not be able to be deleted or they may rebuild.  If Norton is removing them and they are still there, that is what is likely to be happening.  Trojan Gen 2 is a heuristic detection so it should get looked at to see what it is identifying.  Was there a specific file named in the Norton entries?

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Visitor
audreystyle
Posts: 4
Registered: ‎08-11-2011

Re: Trojan Gen 2 Warnings by the hundreds - help?

No, they were all temporary files (.tmp), and they appear to have been deleted after I emptied the temporary folder.  Thanks for the map to the hidden temporary folder.  I deleted the contents there.  So far, the Trojan Warnings have stopped, but I will confirm this tomorrow.  Thank you again for your help. 

Stu Rootkit Eradicator
Rootkit Eradicator
Stu
Posts: 5,210
Registered: ‎04-08-2008

Re: Trojan Gen 2 Warnings by the hundreds - help?

Please do let us know. Although I really think it will be gone now after you emptied the folder

"All that we are is the result of what we have thought"
Visitor
audreystyle
Posts: 4
Registered: ‎08-11-2011

Re: Trojan Gen 2 Warnings by the hundreds - help?

I've rescanned my laptop, and I'm happy to report that I think the problem has been solved by emptying contents of the temp folder.  I learned a lot about preventive mechanisms.  Thanks very much for your assistance!

delphinium
Posts: 9,859
Kudos: 2,955
Solutions: 293
Registered: ‎11-21-2008

Re: Trojan Gen 2 Warnings by the hundreds - help?

Glad to be of help.

 

Best wishes

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
lmacri
Posts: 1,446
Kudos: 535
Registered: ‎05-05-2009

Re: Trojan Gen 2 Warnings by the hundreds - help?

[ Edited ]

audrestyle:

 

Just a thought, but this might have occurred if you have your Adobe Flash Manager (Start | Control Panel | Flash | Advanced) configured to automatically download updates.  Macromedia released the v. 10.3.183.5 update for Flash a few days ago and the following notice just appeared on the Adobe support site here in an article titled Troubleshoot Flash Player Installation (see Advanced Troubleshooting):

2. Antivirus Software

Issue: Antivirus software from  vendors like Comodo, Jiangmin and Rising are incorrectly identifying the Adobe Flash Player installer as  malware. False reports from these vendors include “TrojWare.Win32.Trojan.Agent.Gen,” “Trojan/JmGeneric.bcy,” and “Suspicious.” Users are also reporting “Failed to Initialize” errors and the installer getting quarantined.

Workaround: Antivirus software vendors and service providers are currently addressing this issue so that the installer is recognized as being legitimate. Ensure that your antivirus signatures are up to date.

 

______________________

 

If you suspect the Flash updater might have triggered false positives for Trojan Gen 2, you can find more information in m1crtd's post here in the NIS forum.  Based on reports in that thread, the problem was resolved yesterday (13-Aug-2011), but I'm not sure if Symantec updated their virus definitions or if Adobe released a revised Flash installation file.

 

-----------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G