08-11-2011 09:04 PM
In the past week, I have received daily episodic flooding of Norton autoprotect warnings about Trojan Gen 2 viruses infecting my temporary files. I updated both browsers (Firefox and Internet Explorer), emptied caches and temporary internet files, and disabled "keep temporary files" in Java. The warning messages persist. Full scans reveal that no other files are harmed. Is my computer compromised? Where are they coming from, and how can I prevent them? Thanks in advance for your help.
Solved! Go to Solution.
08-11-2011 11:42 PM
Did you also empty your Windows temp file? C;/Windows/temp. Check the history for resolved threats, click on one of the entries, click on more details and check the path. Check unresolved threats as well for any entries.
08-12-2011 10:35 AM
I've just emptied the contents of the windows temp folder and emptied the recycling bin. Checking the logs, all infected items resided in the temp files (c:\users\me\appdata\local\temp) -- is this the same temp folder you mentioned? I also changed the purge option on Norton to delete quarantined items after just 1 day. Thanks again!
08-12-2011 10:55 AM
You may need to go to Control Panel>Folder Options>view and scroll down until you find an option to "show hidden files and folders." You should then be able to navigate to that folder and delete what you find there. If your machine is infected, the files might not be able to be deleted or they may rebuild. If Norton is removing them and they are still there, that is what is likely to be happening. Trojan Gen 2 is a heuristic detection so it should get looked at to see what it is identifying. Was there a specific file named in the Norton entries?
08-12-2011 10:37 PM
No, they were all temporary files (.tmp), and they appear to have been deleted after I emptied the temporary folder. Thanks for the map to the hidden temporary folder. I deleted the contents there. So far, the Trojan Warnings have stopped, but I will confirm this tomorrow. Thank you again for your help.
08-13-2011 10:39 AM
I've rescanned my laptop, and I'm happy to report that I think the problem has been solved by emptying contents of the temp folder. I learned a lot about preventive mechanisms. Thanks very much for your assistance!
08-14-2011 03:32 PM - edited 08-14-2011 03:47 PM
Just a thought, but this might have occurred if you have your Adobe Flash Manager (Start | Control Panel | Flash | Advanced) configured to automatically download updates. Macromedia released the v. 10.3.183.5 update for Flash a few days ago and the following notice just appeared on the Adobe support site here in an article titled Troubleshoot Flash Player Installation (see Advanced Troubleshooting):
2. Antivirus Software
Issue: Antivirus software from vendors like Comodo, Jiangmin and Rising are incorrectly identifying the Adobe Flash Player installer as malware. False reports from these vendors include “TrojWare.Win32.Trojan.Agent.Gen,” “Trojan/JmGeneric.bcy,” and “Suspicious.” Users are also reporting “Failed to Initialize” errors and the installer getting quarantined.
Workaround: Antivirus software vendors and service providers are currently addressing this issue so that the installer is recognized as being legitimate. Ensure that your antivirus signatures are up to date.
If you suspect the Flash updater might have triggered false positives for Trojan Gen 2, you can find more information in m1crtd's post here in the NIS forum. Based on reports in that thread, the problem was resolved yesterday (13-Aug-2011), but I'm not sure if Symantec updated their virus definitions or if Adobe released a revised Flash installation file.
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 126.96.36.199 * IE 9.0 * Firefox 5.0 * Adobe Flash 10.3.183.5
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 G