Spyware, Viruses, & Security forum

General discussion

TMP file in Windows\Temp directory infected?

by danawenco / December 9, 2009 1:35 PM PST

Hi,

MBAM has reported one of my c:\Windows\Temp\TMP files as infected (with Trojan.Dropper). I tried removing it with MBAM and after that some of my programs are blocked at start up. Restoring that file followed by a System restore put my PC back to normal.

Neigher my AVG nor SuperAntiSpyware scans reported any malware, I suspect that it is a FP, therefore I am thinking of doing a disk cleanup to try to get rid of that file instead. My question is, if that file is indeed infected, would it be sufficient to get rid of it using disk cleanup?

Many thanks.

OS: Vista SP2

Post a reply
Discussion is locked
You are posting a reply to: TMP file in Windows\Temp directory infected?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: TMP file in Windows\Temp directory infected?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Questionable file
by Carol~ Forum moderator / December 9, 2009 9:26 PM PST

danawenco..

Unless I'm misunderstanding you, you stated when you removed the file MBAM detected as infected, some of your programs were blocked from start up. You suspected it might have been a false positive. Why would you want to try to (again) remove the file, without confirming whether (or not) it was a false positive?

It would help if you update MBAM, and then run another scan. Please post a copy of the log.

Thanks!
Carol

Collapse -
Re: temp file
by Kees Bakker / December 9, 2009 9:32 PM PST

1. System restore normally shouldn't monitor (so not restore either) temporary files, I think.
2. What's the full name (including extension) of this suspected file?

Kees

Collapse -
Thanks
by danawenco / December 10, 2009 12:59 AM PST
In reply to: Re: temp file

Thanks Kees and Carol,

This is what I see in my log file:

Files Infected:
C:\Windows\Temp\TMP00000001E383AE0526BADEF (Trojan.Dropper) -> Quarantined and deleted successfully.

I am trying to get rid of the file because I don't know how to confirm if that's a FP so I'd like to be safe. I have been updating my MBAM and doing my scans for a number of days and this file keeps coming back up as a threat.

I tried opening that file and see a lot of strange symbols (as expected), and I can't tell if it contains any personal information, so I am reluctant to post it to MBAM's forum to see if it is a FP.

Thank you.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.