Spyware, Viruses, & Security forum

General discussion

TMP file in Windows\Temp directory infected?

by danawenco / December 9, 2009 1:35 PM PST

Hi,

MBAM has reported one of my c:\Windows\Temp\TMP files as infected (with Trojan.Dropper). I tried removing it with MBAM and after that some of my programs are blocked at start up. Restoring that file followed by a System restore put my PC back to normal.

Neigher my AVG nor SuperAntiSpyware scans reported any malware, I suspect that it is a FP, therefore I am thinking of doing a disk cleanup to try to get rid of that file instead. My question is, if that file is indeed infected, would it be sufficient to get rid of it using disk cleanup?

Many thanks.

OS: Vista SP2

Post a reply
Discussion is locked
You are posting a reply to: TMP file in Windows\Temp directory infected?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: TMP file in Windows\Temp directory infected?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Questionable file
by Carol~ Forum moderator / December 9, 2009 9:26 PM PST

danawenco..

Unless I'm misunderstanding you, you stated when you removed the file MBAM detected as infected, some of your programs were blocked from start up. You suspected it might have been a false positive. Why would you want to try to (again) remove the file, without confirming whether (or not) it was a false positive?

It would help if you update MBAM, and then run another scan. Please post a copy of the log.

Thanks!
Carol

Collapse -
Re: temp file
by Kees Bakker / December 9, 2009 9:32 PM PST

1. System restore normally shouldn't monitor (so not restore either) temporary files, I think.
2. What's the full name (including extension) of this suspected file?

Kees

Collapse -
Thanks
by danawenco / December 10, 2009 12:59 AM PST
In reply to: Re: temp file

Thanks Kees and Carol,

This is what I see in my log file:

Files Infected:
C:\Windows\Temp\TMP00000001E383AE0526BADEF (Trojan.Dropper) -> Quarantined and deleted successfully.

I am trying to get rid of the file because I don't know how to confirm if that's a FP so I'd like to be safe. I have been updating my MBAM and doing my scans for a number of days and this file keeps coming back up as a threat.

I tried opening that file and see a lot of strange symbols (as expected), and I can't tell if it contains any personal information, so I am reluctant to post it to MBAM's forum to see if it is a FP.

Thank you.

Popular Forums
icon
Computer Help 51,224 discussions
icon
Computer Newbies 10,453 discussions
icon
Laptops 20,090 discussions
icon
Security 30,722 discussions
icon
TVs & Home Theaters 20,937 discussions
icon
Windows 10 1,295 discussions
icon
Phones 16,252 discussions
icon
Windows 7 7,684 discussions
icon
Networking & Wireless 15,215 discussions

GAMING MUCH?

Enter for your chance to win* a game hardware bundle

One lucky winner will walk away with a gaming monitor, keyboard and mouse. Two lucky runners-up will score a gaming headset.