• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Trojan.Gen.SMH.2 in PE_ROM.DLL

Every time I start Windows 10 N360 gives a message saying its removed "Trojan.Gen.SMH.2" in c:\windows\pe_rom.dll.  I think this is part of Asus Bios update as PEUpdater.exe (which seems to be using the dll) is in "C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback".  I don't know if this a false positive or not.  If I delete the dll it magically comes back.

File Attachment: 

Replies

Kudos0

Re: Trojan.Gen.SMH.2 in PE_ROM.DLL

Has this detection just started?

Are you restarting Win 10 or shutting down and then starting the computer? I shutting down, there can be an issue with the Fast Start feature in Win 10. See more information here.

If you have had this file on your system for some time, you can report false positive indications here https://submit.symantec.com/false_positive/

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trojan.Gen.SMH.2 in PE_ROM.DLL

Hello

I really don't think this is a false positive due to the fact that if he deletes the .dll, it comes back again. I have just done a Google search on that .dll. I have come across cases where this behavior was malware and it even turned out to be a rootkit. This just happened a year ago.

You can glance over this link just to see what went on. It is from Bleeping Computers. Please do not try and copy any of the instructions given to this user. Cleaning up of malware is a individualistic thing. Each case is different.

http://www.bleepingcomputer.com/forums/t/600889/pe-romdll-trojan-not-sure-if-its-a-false-positive/

I would submit the .dll to virus total and see what they say. I would also sign up with one of the free malware removal sites and get your computer checked out. To me, the fact that the .dll keeps recreating itself indicates malware. Please sign up with one of these sites and please let us know how you made out.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations 

Please do look at that Bleeping Computer case. It sounds just like yours does.

Thanks.






 

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.
Kudos0

Re: Trojan.Gen.SMH.2 in PE_ROM.DLL

This happens not long after I start Windows  and it's only just started.  It might be in relation to Asus update - I don't know for sure.  I have connected Asus and waiting for a response.

Kudos0

Re: Trojan.Gen.SMH.2 in PE_ROM.DLL

Whatever Asus says, I suggest you visit one of the free malware sites listed, and get your computer checked out.

Windows 10 Home X 64 Norton Security Premium Latest Version
Kudos0

Re: Trojan.Gen.SMH.2 in PE_ROM.DLL

Hello

I have an Asus motherboard and also have the same suite, but I am not having any issues like you have and like the link I have provided you with. If you do a Google search of that .dll, you will see others who have this malware known as different names depending on the security program you use. You do need to get to one of those free malware removal sites.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.19.8.65 Core Firmware 282 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.