Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm not sure what these .tmp files that were copied are


  • Please log in to reply
15 replies to this topic

#1 Skreen32

Skreen32

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 01:42 PM

It happens every now and again, tmp files are being copied to my computer from who knows where. I get disconnected from my internet and my computer has to restart wireless (automatically) connections to find any joinable networks. Sometimes I wonder if there is a way that a hacker can corrupt original restore files to create fake windows updates. I'm using an HP system with a backup partition, and if i restore my computer it makes me wonder if one is able to tap into my regular hard drive, would they be able to create fake windows files on my restore partition and feed me fake windows updates? Avast never picks anything up but this has been happening over and over again. My step dad works with computers and has a knack for keylogging and watching mouse-clicks in the past. I have a feeling he would be responsible for something like this to happen for whatever reason.

I'm also extremely paraniod and feel like he has cameras all over the house and watches what everyone is doing with unknown technology. So maybe I'm getting into my head a bit, but back to the computer... This is fishy.


Edited by hamluis, 05 April 2014 - 02:29 PM.
Moved from Win 7 to Am I Infected - Hamluis


BC AdBot (Login to Remove)

 


m

#2 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 01:46 PM

HP tools also has come to me with errors now saying "HP Protect tools can only be run by one user at a time" ..

My windows explorer has crashed several times now and is asking me to install updates... windows updates normally shouldn't cause system failure like this. often its a smooth operation.



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 01:50 PM

The following is an excerpt from Wikipedia.

 

Temporary files, or foo files (.TMP), are files created to temporarily contain information while a new file is being made. It may be created by computer programs for a variety of purposes; principally when a program cannot allocate enough memory for its tasks, when the program is working on data bigger than the architecture's address space, or as a primitive form of inter-process communication.
Please download Temp File Cleaner by Old Timer and save it to your desktop.
 
1. Save any unsaved work. (TFC will close ALL open programs including your browser!)
 
2. Double-click on TFC.exe to run it. (If you are using Vista or Windows 7, right-click on the file and choose "Run As Administrator".)
 
3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
 
Important! If TFC prompts you to reboot, please do so immediately. If you are not prompted, manually reboot the machine to ensure a completion.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 01:52 PM

I'm aware of the purpose of temporary files, this is what concerns me... I'm not sure who or what is sending me tmp files and why they are currently necessary for my computer. It also appears i am infected with malware (malwarebytes scan reveals 9 malicious files so far)


Edited by Skreen32, 05 April 2014 - 01:52 PM.


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 02:02 PM

Please post the log for the malwarebytes scan.

 

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 02:10 PM

I'm performing a full scan... ive cleaned my tmp files (it didnt ask me to restart) 

previously mbam had done a quick scan to find 9 corruptions, and asked me to reboot, so i did (this was before you had edited your first post with temp cleaner and replied above) 

so after this full scan i'll post the log here. Thanks for all the help



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 02:35 PM

No problem, I'll be around until three o'clock PST when Kentucky plays Wisconsin.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 02:50 PM

My google chrome homepage is changing on its own.

 

:(



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 03:25 PM

I know you posted that you had already run Malwarebytes, but I want you to do this again.
 
Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 

Please download and install RogueKiller.
 
1. Open Internet Explorer.
 
2. Click on Tools, select F12 developer tools.
 
3. You will see a small pop up window on the bottom of the screen.
 
4. On the left hand side scroll down until you see a monitor. Click on it, you will see emulation on the right hand side.
 
5. Make sure Browser profile is set to desktop.
 
6. Under “User agent string” select Internet Explorer 10.
 
 

Please scan your machine with ESET OnlineScan
 
Please download ESET's OnlineScan.
           For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on ESET Smart Installer and Save it to your Desktop.
 
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives"and "Remove found threats"
Click Advanced settings and select the following:
 
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
 
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
 
 
           NOTE: Sometimes if ESET finds no infections it will not create a log. 
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 03:56 PM

Spoiler


This is the log for MBAM scan

Scanning again with all three (ESet, MbAM and RK) as you stated above. I'm also performing a full system scan with avast.

Where can i find the logs for these scans?

Edited by Skreen32, 05 April 2014 - 04:07 PM.


#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 04:12 PM

You should have restarted the computer so the what had been quarantined would be taken care of.  


Edited by dc3, 05 April 2014 - 04:16 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 05 April 2014 - 04:55 PM

Spoiler

 

What do i do now? i went to history (on MbAM) and deleted the PUPs. I've then restarted my computer and it seems that nothing has happened... I'll finish the rest of the tutorial, but if theres any further steps i should take i'll do so.


Edited by Skreen32, 05 April 2014 - 04:57 PM.


#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 05 April 2014 - 05:00 PM

I'll have to get back to you, NCAA final four is about to start.  My old school was the University of Kentucky.

 

I'll check later.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,016 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:15 AM

Posted 06 April 2014 - 09:41 AM

Please finish the requested scans and post the results.

 

I'm returning to your first post.  There is only one way, short of hacking into your computer, a person can make changes in your computer.  This would be using Remote Assistance.  

 

Right click on computer, then click on Properties.  

 

In the upper left portion of the pane there are options listed under Control Panel Home, one of these is Remote Settings, click on this.  

 

This opens System Properties.  With the Remote tabs chosen you will see Remote Assistance.  In this section you will see a check box for Allow Remote Assistance connection to this computer, if there is a check mark in this box you should remove it if you don't wish others to be able to access your computer.  If Apply is no longer grayed out click on it, then click on OK.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 Skreen32

Skreen32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 06 April 2014 - 11:46 AM

I quarantine the PUP.conduitA and it doesn't prompt me to reboot my machine. I scan and every time it tells me that it is present on my computer. I will perform the scan, quarantine again, reboot manually, and report the logs.

 

Spoiler

Edited by Skreen32, 06 April 2014 - 01:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users