Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

are these legit temp files? CR.FD3F0.tmp, SETUP_PATCH.PACKED.7z


  • Please log in to reply
No replies to this topic

#1 keyes528

keyes528

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 13 September 2014 - 02:12 PM

I found the .tmp folder in appdata/local/temp, and inside was the 7z file setup_patch.packed.7z


Also, in windows/temp there was another .7z file by the same name. The .tmp folder and file had been created at the same time of a google chrome update (same minute). The other .7z file in windows temp was made about10 days go, and I think there was a new update then aswell.


I uploaded the files to virus total. The detection for both was 0/55 however one of them had a negative downvote.
Are these legimate files? The one in windows temp was about 4kb, and the one in the .tmp folder was 2kb.


Using Event Viewer for the first .7Z file, I could find the gupdate service (google updater) was active within 10s of seconds of when these files were modifiedand ceqted. For the second one that was in windows/temp/(another cr_xxxx) I couldnt find a gupdate log in event viewer, howver I found a log for service control manager stating the google update service entering a running state, 20 seconds before the file was created.


It seems to me its googles bidding but I would like a second opinion, thank you.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users