1 Reply Latest reply on Sep 16, 2012 7:14 PM by dolphin203

    PWRM.exe and Post_Sysprep.exe, .done in Quarantine file as Trojan

      On 7/9/12 my "McAfee Security Center" started a scheduled full scan. While the scan was taking place I tried to continue using my system which slowed to a crawl. When I used "Task Mgr" ctl>alt>del it took about 2-3 minutes for the window to appear. It indicated only the McAfee scan was running other than what looked to be normal processes. I could not load any other programs. It appeared the scan took over all system resources. I'm running WIN XP w/SP3. When trying to close the window it would not close. I then tried ending the scan task because the indication was "not responding". After about 10-15 minutes I finally got t he scan cancelled. The report indicated 7 trojans were detected but only 5 were removed. The report indicated; "PWRM.exe" and "Post_Sysprep.exe" could not be deleted. I searched the McAfee site and Google but could find nothing of value to determine what these two files were. I did a check of the Mcafee "Quarantined and Trusted items" and found them both there. I did a search on my system for the files without using the ".exe" and found one of the files in the "Windows/Options" folder, but the extension was "post_sysprep.done". I then decided to do a system restore back to 7/3/12 where I don't remember having any problemss. The restore finished without error. I immediately went to the "Windows/Options" folder and both files were there momentarily. Before my eyes the "PWRM.EXE" file disappeared and the "Post_Sysprep.exe" changed to "Post_Sysprep.done". It appears when I openned the folder, McAfee scanned it and made the changes. I went to Security Center>Quarantined and Trusted sites and found the same files plus "A0090231.exe" entered with the same date 7/9/12 but a different time which I assume was associated with the restore. At about 12:50 PM on 7/10/12 I ran a custom scan while going to lunch. When I returned the scan was complete with indications 7 trojans were removed. A check of the "Quarantined and Trusted sites" indicated another quarantined item; "  A0090231.exe, Artemis! 6D485C9E17E6". I ran a scan with Windows Defender which showed no problems. I have not been able to determine where these quarantined items came from or what trojans McAfee deleted when it couldn't delete the original two files. The only info I could find through "Google" was on "SysPrep" which appeared to have something to do with a system restore.

        • 1. Re: PWRM.exe and Post_Sysprep.exe, .done in Quarantine file as Trojan

          Apparently these two files flagged by my Mcafee Security software were not trojans or malware. I found this out when my Windows XP stopped updates coming from Microsoft. Upon searching the web and microsoft nothing would correct the fact updates could not be accomplished. I viewed all previou updates on my computer and found the last time updating worked was the day before these two files were quarintined. I decided to restore these files and wa...la...Everything started working again. I quickly did a scan with McAfee and Windows Defender and no malicious software was detected. Even the Microsoft forums, (where I asked about the update problem), only recommended running their "Fixit" program. Of course that didn't work. And Microsoft never acknowledge the need for these two files. This problem is solved from my stand-point. I would suggest McAfee look into why they were flagged in the first place.