Symantec Antivirus DWHxxxx.tmp Bogus Trojan Horse

Recently one of my users had thousdands and thousands of files in the quarantine
All of them aparently trojan horse risks
All the files began with DWH ending with .tmp
This is infact symantec live update wizard DWHWIZRD.EXE trying to download updates available for the symantec application group rather than obtain the latest virus update list.

In doing so the real time scanner Rtvscan.exe identifies the temp file as a trojan, so depending on the rules in the risk settings will depend on what should happen when risks are found, it either deletes the file or quarantines it, and low and behold the update wizard starts to download the file again.

To resolve the issue (this time), login as an administrator of sorts be it domain or local. Locate the symantec liveupdate folder typically %system%\progam files\symantec\liveupdate and run the LUALL.exe
This will kick off the live update manually, follow the wizard steps until its complete then reboot.

This will likely happen again in the future until symantec either come up with a solution in one of the updates.

Note: this only appears to happen to users that are not part of the “local admin” group of the pc in question.

2 thoughts on “Symantec Antivirus DWHxxxx.tmp Bogus Trojan Horse”

Leave a Reply

Your email address will not be published. Required fields are marked *