Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Is This I Found When Went To %temp%


  • Please log in to reply
11 replies to this topic

#1 sabuthefuture

sabuthefuture

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mexico
  • Local time:12:10 PM

Posted 01 December 2007 - 10:00 AM

i delete stuff from %temp% and this one remains 689211B7.TMP . i went to look at its properties and it indicates an earlier date. So i went to restore and picked an earlier date to when it says created. But it still does not disappear. i remove it to recycle bin, it leaves and comes back. Have no idea where it came from, what is its purpose, or whatever. i google it on the web browser and i get three or four responses in another language. Can someone help me figure this puzzle out. Is big brother now watching me because of a few anti-Bush statements i made on the Internet? Thanks ahead of time for anyone who has the genious to figure this one out!!!

BC AdBot (Login to Remove)

 


m

#2 sabuthefuture

sabuthefuture
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mexico
  • Local time:12:10 PM

Posted 01 December 2007 - 10:08 AM

i delete stuff from %temp% and this one remains 689211B7.TMP . i went to look at its properties and it indicates an earlier date. So i went to restore and picked an earlier date to when it says created. But it still does not disappear. i remove it to recycle bin, it leaves and comes back. Have no idea where it came from, what is its purpose, or whatever. i google it on the web browser and i get three or four responses in another language. Can someone help me figure this puzzle out. Is big brother now watching me because of a few anti-Bush statements i made on the Internet? Thanks ahead of time for anyone who has the genious to figure this one out!!!


i forgot to mention that i ran Spybot-Search and Destroy, Adaware, Registry Booster 2 and did not help.

#3 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 01 December 2007 - 10:22 AM

Submit the file to Jotti and they will scan it with multiple programs.
http://virusscan.jotti.org/

I saw something on the web that mentions Trojan Conhook.
Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Post back with what Jotti and SAS found.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:10 PM

Posted 01 December 2007 - 11:01 AM

i forgot to mention that i ran...Registry Booster 2

Registry cleaners are extremely powerful applications. There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on your operating system such as preventing it from ever starting again. For routine use by those not familiar with the registry, the benefits to your computer are minimal while the potential risks are great.

Files that cannot be deleted in a temp folder are actively in use and you will get an error message stating as such when you try to delete them. That is normal and they usually have the date when you logged on to your computer.

Although malware can hide in your temp folders, there are legit reasons for files being there. See Temp Files Explained and Where Do All Of These Temp Files Come From?.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 sabuthefuture

sabuthefuture
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mexico
  • Local time:12:10 PM

Posted 02 December 2007 - 12:03 PM

Submit the file to Jotti and they will scan it with multiple programs.
http://virusscan.jotti.org/

I saw something on the web that mentions Trojan Conhook.
Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Post back with what Jotti and SAS found.



i ran Super Antispyware in Safe Mode and nothing came up. 689211B7.TMP still keeps popping up. For all i know it might be from an anti-virus program or the like. Clicking on it and checking properties tells me nothing about it. i found mysell unable to use Jotti. Thanks any one who can figure what this file is.

#6 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 02 December 2007 - 01:04 PM

Sometimes Jotti is very busy, making it almost impossible to get an answer. I just checked and it is not busy.
Was this the problem you had with it or was it something else that you could describe?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:10 PM

Posted 02 December 2007 - 01:39 PM

An alternative to jotti is to use virustotal.com.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 sabuthefuture

sabuthefuture
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mexico
  • Local time:12:10 PM

Posted 03 December 2007 - 12:30 AM

An alternative to jotti is to use virustotal.com.



i am sorry. i went to run, typed in %temp%, and got 689211B7.TMP . When i clicked on properties, it told me nothing about what it is connected to except it is located in C:\DOCUME~1\test\LOCALS~1\Temp which is the temp file. When i put it in Jotti, got back FOUND NOTHING

When i put that in Virustotal.com, i got
Result: 0/31 (0%)

Loading server information...
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.12.1.0 2007.12.03 -
AntiVir 7.6.0.34 2007.12.02 -
Authentium 4.93.8 2007.12.02 -
Avast 4.7.1074.0 2007.12.02 -
AVG 7.5.0.503 2007.12.02 -
BitDefender 7.2 2007.12.03 -
CAT-QuickHeal 9.00 2007.12.01 -
ClamAV 0.91.2 2007.12.03 -
DrWeb 4.44.0.09170 2007.12.02 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.12.02 -
FileAdvisor 1 2007.12.03 -
Fortinet 3.14.0.0 2007.12.03 -
F-Prot 4.4.2.54 2007.12.02 -
F-Secure 6.70.13030.0 2007.12.03 -
Ikarus T3.1.1.12 2007.12.03 -
Kaspersky 7.0.0.125 2007.12.03 -
McAfee 5175 2007.11.30 -
Microsoft 1.3007 2007.12.02 -
NOD32v2 2697 2007.12.02 -
Norman 5.80.02 2007.11.30 -
Panda 9.0.0.4 2007.12.02 -
Rising 20.20.62.00 2007.12.02 -
Sophos 4.23.0 2007.12.02 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.12.03 -
TheHacker 6.2.9.147 2007.12.01 -
VBA32 3.12.2.5 2007.12.02 -
VirusBuster 4.3.26:9 2007.12.02 -
Webwasher-Gateway 6.6.2 2007.12.02 -

Additional information
File size: 183 bytes
MD5: cee0c3d7664e5beec05284068d34adae
SHA1: bfac698788f67e9612ea33d1b1b9e30058a5969d

Edited by sabuthefuture, 03 December 2007 - 12:33 AM.


#9 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 03 December 2007 - 07:21 AM

Thanks for posting back with results.
The file is not malware so ignore it.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:10 PM

Posted 03 December 2007 - 10:28 AM

As buddy215 said, the file does not appear to be malware related. Its probably associated with another program on your system which you are using. There are many programs which create temp files in your temp folders and its not always easy to track them down without investigating each program and how it affects those folders.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 jhsmurray

jhsmurray

  • Members
  • 383 posts
  • OFFLINE
  •  
  • Location:6,378 km above the Earth's core
  • Local time:02:10 PM

Posted 03 December 2007 - 04:11 PM

Although malware can hide in your temp folders, there are legit reasons for files being there. See Temp Files Explained and Where Do All Of These Temp Files Come From?.


fyi the Temp Files Explained article has apparently been moved:
http://www.compukiss.com/basics/temporary-...xplained-2.html

Acer Aspire 5732z
OS: Windows 7 Ultimate
Processor: Intel Pentium III Xeon, 2200 MHz
RAM: 3 GB
Display: Mobile Intel GMA 4500M

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:10 PM

Posted 03 December 2007 - 05:54 PM

Thanks. I will update the link in my notes. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users