Although I have not noticed any symptoms or performance issues on PC, Norton keeps finding Poweliks in windows\syswow64 tmp files. Any help is appreciated. This is the Norton details of infection:
Filename: 00030741.tmp
Threat name: Trojan.Poweliks!gm
Full Path: c:\windows\syswow64\00030741.tmp
____________________________
Details
Very Few Users, Very New, Risk High
Origin
Downloaded from
Unknown
Activity
Actions performed: 16
____________________________
On computers as of
11/8/2014 at 12:54:55 AM
Last Used
11/8/2014 at 12:56:58 AM
Startup Item
No
Launched
No
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Source: External Media
Source File:
00030741.tmp
____________________________
File Actions
Infected file: c:\windows\syswow64\ 00030741.tmp Removed
Infected file: c:\windows\syswow64\ 00010203.tmp Removed
____________________________
Registry Actions
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
____________________________
File Thumbprint - SHA:
1632702aa132dcc238e70fb1414cb833919442fbf7ab3af271c181354789ac8b
File Thumbprint - MD5:
Not available
Filename: 00030741.tmp
Threat name: Trojan.Poweliks!gm
Full Path: c:\windows\syswow64\00030741.tmp
____________________________
Details
Very Few Users, Very New, Risk High
Origin
Downloaded from
Unknown
Activity
Actions performed: 16
____________________________
On computers as of
11/8/2014 at 12:54:55 AM
Last Used
11/8/2014 at 12:56:58 AM
Startup Item
No
Launched
No
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Source: External Media
Source File:
00030741.tmp
____________________________
File Actions
Infected file: c:\windows\syswow64\ 00030741.tmp Removed
Infected file: c:\windows\syswow64\ 00010203.tmp Removed
____________________________
Registry Actions
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32->a Removed
Registry change: HKEY_USERS\S-1-5-19\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-21-3691088006-1802016298-1202900279-1001\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\S-1-5-20\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_USERS\.DEFAULT\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
Registry change: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ localserver32 Removed
____________________________
File Thumbprint - SHA:
1632702aa132dcc238e70fb1414cb833919442fbf7ab3af271c181354789ac8b
File Thumbprint - MD5:
Not available