Spyware, Viruses, & Security forum

General discussion

TMP file in Windows\Temp directory infected?

by danawenco / December 9, 2009 1:35 PM PST

Hi,

MBAM has reported one of my c:\Windows\Temp\TMP files as infected (with Trojan.Dropper). I tried removing it with MBAM and after that some of my programs are blocked at start up. Restoring that file followed by a System restore put my PC back to normal.

Neigher my AVG nor SuperAntiSpyware scans reported any malware, I suspect that it is a FP, therefore I am thinking of doing a disk cleanup to try to get rid of that file instead. My question is, if that file is indeed infected, would it be sufficient to get rid of it using disk cleanup?

Many thanks.

OS: Vista SP2

Post a reply
Discussion is locked
You are posting a reply to: TMP file in Windows\Temp directory infected?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: TMP file in Windows\Temp directory infected?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Questionable file
by Carol~ Forum moderator / December 9, 2009 9:26 PM PST

danawenco..

Unless I'm misunderstanding you, you stated when you removed the file MBAM detected as infected, some of your programs were blocked from start up. You suspected it might have been a false positive. Why would you want to try to (again) remove the file, without confirming whether (or not) it was a false positive?

It would help if you update MBAM, and then run another scan. Please post a copy of the log.

Thanks!
Carol

Collapse -
Re: temp file
by Kees Bakker / December 9, 2009 9:32 PM PST

1. System restore normally shouldn't monitor (so not restore either) temporary files, I think.
2. What's the full name (including extension) of this suspected file?

Kees

Collapse -
Thanks
by danawenco / December 10, 2009 12:59 AM PST
In reply to: Re: temp file

Thanks Kees and Carol,

This is what I see in my log file:

Files Infected:
C:\Windows\Temp\TMP00000001E383AE0526BADEF (Trojan.Dropper) -> Quarantined and deleted successfully.

I am trying to get rid of the file because I don't know how to confirm if that's a FP so I'd like to be safe. I have been updating my MBAM and doing my scans for a number of days and this file keeps coming back up as a threat.

I tried opening that file and see a lot of strange symbols (as expected), and I can't tell if it contains any personal information, so I am reluctant to post it to MBAM's forum to see if it is a FP.

Thank you.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.