WordPress 4.4 iis7 symantec detecting trojan in c:\windows\temp

I’m not so sure a securi scan would be touching your “c:\windows\temp” directory.

Why aren’t you utilizing your antivirus detection log to identify the file(s) it’s alerting on for further investigation?

Yeah, thats what i figured.

I am utilizing my AV but the problem is when it shows me the location of the file, its only showing me .tmp files as the location of the infection, but all of the names are to do with WordPress features/add-ins that i dont have installed, so thats why i was wondering if its a false positive perhaps.

when i scan my entire system everything comes back clean, but that happened last week as well and then a auto system scan on saturday detected the same infections which my av removed

sorry i should add that when i look up my issue online, i see others have had the same issue with infections being detected in their c:\windows\temp with the same file names, so thats why i was curious if this was a false positive or not

I’m not sure I would treat it as a false positive. It seems like there’s something going on that might be trying to automatically update/install/download some potentially harmful files to your site. Symantec seems to be catching it in the act.

Yeah, i am thinking of throwing Malware Bytes on there to scan as well. Realtime symantec isnt picking it up, nor is scheduled daily scans