Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd little piece of malware


  • Please log in to reply
1 reply to this topic

#1 6xSnake6x

6xSnake6x

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 28 May 2010 - 08:13 AM

Recently I have scanned my computer with malware bytes. All appeared to be clean. For a second opinion I turned to hitman pro, and it gives me this: screenshot. I have tried several times to remove it conventionally with the help of the antivirus, but it is still there. I wish to emphasise on where this file is located [ C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb ] because after a while of googleing I found that there is a file with the same name in some other folder and it is not my concern. This file can not be deleted because it is run by SearchIndexer.exe and if the process is shut down I have no access to it. This file does not appear in safe mode. I tried booting a live cd of ubuntu so that I can remotely delete it, again, it does not appear. I can not submit this file to virus total because it tells me it is an empty archive. I can not modify it in any way (rename, copy, cut, etc.). I have tried unlocker, I even ran combofix. Could this be a false positive ? I have googled it and a solution was nowhere to be found. Also, I don't think I'm willing to install another couple of antiviruses to try it out, I already know avira and kaspersky can not remove this from other threads.

EDIT: the computer seems to be running normally, with no additional services or processes, and apparently no change in memory usage either, and nothing unusual is trying to connect to the internet, but then again I'm only using the windows firewall.

EDIT2: with previous versions of hitman pro I would not get this file showing up as malware, which leads me to believe it is a false positive, seeing how the file is generated on every boot, maybe the updated version of the program picks it up by mistake (I definitely hope so).

Edited by 6xSnake6x, 28 May 2010 - 08:43 AM.


BC AdBot (Login to Remove)

 


#2 6xSnake6x

6xSnake6x
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 01 June 2010 - 02:33 PM

Please excuse my double post, but I think it might bring this topic up in the list (some people might be interested). Since I posted this I have not scanned my computer. Today I ran hitman pro and malware bytes again and everything appeared clean. So I believe I can conclude with saying that it was a false positive, so if you get this I don't think it should be any trouble.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users