Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp Fles Cleaner (tfc.exe) infected


  • Please log in to reply
15 replies to this topic

#1 BobTroll

BobTroll

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, UK
  • Local time:02:09 PM

Posted 03 December 2015 - 03:26 PM

I run Temp Fles Cleaner (tfc.exe) from time to time on my Windows 7 64-bit laptop computer.  It has never caused problems until today, when Avast! detected an infection and prevented the program from running. Then, it deleted the file and when I tried to download the file again from www.bleepingcomputer.com /  http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/, Avast! blocked the download.

 

I don't know whether this is a false positive.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:09 PM

Posted 03 December 2015 - 03:36 PM

Hello,

 

It is a false positive.

 

https://www.virustotal.com/en/file/c6592c2061c39ea8ed94d1f6854e16a722dc461f4d5b907b0230452d07d4cce3/analysis/1449174897/

 

Can you post name of detection?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 03 December 2015 - 03:45 PM

Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However depending on the product some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case.

Let me explain why....certain embedded files that are part of legitimate programs and specialized fix tools (like TFC), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time for the reasons noted above.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.


Note: TFC was last updated by OldTimer 6/23/12...that was version 3.1.9.0 which supported Windows XP/Vista/Windows 7. TFC has become outdated to some extent as the Windows operating system has continued to be updated with critical security patches. As time has passed, there have been more reports of various issues with running TFC to include unexpected freezing, hanging, unresponsiveness, etc. especially on newer operating systems so I would not recommend using it on Windows 8 or above. If you have problems using it, then consider an alternative like CCleaner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 BobTroll

BobTroll
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, UK
  • Local time:02:09 PM

Posted 03 December 2015 - 03:57 PM

Avast reports:

 

http://www.geekstogo.com/forum/files/go/dc282b1ec5f8bfe9971e25f6ed08e699/tfc-temp-file-cleaner-by-oldtimer

Infection:  FileRepMalware


Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free. However depending on the product some anti-virus software and other security scanners may flag certain programs as a threat for a variety of reasons when that is not the case.

Let me explain why....certain embedded files that are part of legitimate programs and specialized fix tools (like TFC), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time for the reasons noted above.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.


Note: TFC was last updated by OldTimer 6/23/12...that was version 3.1.9.0 which supported Windows XP/Vista/Windows 7. TFC has become outdated to some extent as the Windows operating system has continued to be updated with critical security patches. As time has passed, there have been more reports of various issues with running TFC to include unexpected freezing, hanging, unresponsiveness, etc. especially on newer operating systems so I would not recommend using it on Windows 8 or above. If you have problems using it, then consider an alternative like CCleaner.

 

Thank you.  I do use CCleaner.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 03 December 2015 - 05:43 PM

You're welcome on behalf of the Bleeping Computer community.

BTW...According to avast forums, FileRepMalware means the file has a low reputation score so it isn't a specific file detection but one more related to avast's reputation services option. For example...Chrome, Macromedia Flash and League of Legends .exe's all have been detected as FileRepMalware. They typically advise users to upload the detected file to virustotal for a second opinion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 05 December 2015 - 08:56 PM

@ quietman7 and severac ..

 

TFC by Old Timer was last updated as per below (if you need to alter your directions). Not sure if it was due to the "false positive" or just an upgrade ..

 

Submitted: May 28 2009 11:25 AM .. Last Updated: Mar 22 2015 12:15 PM - - Not 6/23/12 as mentioned.

 

I would think that BleepingComputer should have the current upgrade listed ..



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#7 BobTroll

BobTroll
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, UK
  • Local time:02:09 PM

Posted 06 December 2015 - 03:35 AM

The download site for TFC.exe is www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer.  Consequently, all attempts to download the file from BleepingComputer divert to www.geekstogo.com.

 

I submitted the file to Avast as a suspected false positive.  However, Avast still blocks the file as FileRepMalware.

 

The latest version of TFC.exe, available from geekstogo.com, is 3.1.9.0.  I don't know the creation date, because the File Properties menu on my Windows 7 computer reports the creation date as 06 ‎December ‎2015, ‏‎08:22:55 (i.e. the date and time that I downloaded the file).



#8 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 06 December 2015 - 04:43 AM

Hello Bob Troll,

I do not wish to dispute the data, but it is all listed as below.

 

Below is the Full Information from the page at Geeks to Go Forum (where I am also a member)
Submitter
OldTimer
File Information

    Submitted: May 28 2009 11:25 AM (Original Version)
    Last Updated: Mar 22 2015 12:15 PM (Current Version)
    File Size: 438KB
    Views: 1358202
    Downloads: 645,423

http://www.geekstogo.com/forum/files/go/ad9911a3ff1446cf85b8e1f4d714bd57/tfc-temp-file-cleaner-by-oldtimer
or This TFC link should display the item I have added

 

I have deleted my older version, and installed the newer version on my Windows 7 and 8.1 recently.

 

Thank You.



Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#9 BobTroll

BobTroll
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, UK
  • Local time:02:09 PM

Posted 06 December 2015 - 05:12 AM

Many thanks.

 

Avast! still doesn't like the new version.  They probably haven't had sufficient time to check the file that I submitted as a suspected false positive, so I will await developments.



#10 Jaycan

Jaycan

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 PM

Posted 06 December 2015 - 05:43 AM

Hi :

I always use Virus total or a similar program to check these items.

 

A simple rejection from an Antivirus program is not a very good check for this.

 

Have you asked on the Avast forum as to why there is a problem since I always use TFC daily regardless of th Antivirus I have installed..

 

Regards -


Edited by Jaycan, 06 December 2015 - 05:49 AM.


Acer Computer with LG Monitor and Toshiba Laptop with Windows 7.1

Windows 64bit  8.1 - Always fully updated

Firefox / Google Chrome / Internet Explorer Browsers

Usually a home helper here or with friends and nimble fingered ladies who would rather sew or dust, but not clean the bugs out of a computer ...


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 06 December 2015 - 07:48 AM

The first version of TFC was released 05/28/09. v3.1.9.0 was released 6/23/12 and that is the version which is still available for download at GTG and BC. There is no record of any more updates in the private discussion topic for experts and malware removal staff at GTG since then and no record here. In fact the last real discussions were in November 2012. However in April 2014 there were comments about running the tool on Windows 8.1.

I have no idea where the last updated date of Mar 22 2015 under file information at GTF comes from. It may be related to the redesign of their website and when it was reposted for download. The modified date would be the date you downloaded the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 BobTroll

BobTroll
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, UK
  • Local time:02:09 PM

Posted 06 December 2015 - 08:10 AM

The first version of TFC was released 05/28/09. v3.1.9.0 was released 6/23/12 and that is the version which is still available for download at GTG and BC. There is no record of any more updates in the private discussion topic for experts and malware removal staff at GTG since then and no record here. In fact the last real discussions were in November 2012. However in April 2014 there were comments about running the tool on Windows 8.1.

I have no idea where the last updated date of Mar 22 2015 under file information at GTF comes from. It may be related to the redesign of their website and when it was reposted for download. The modified date would be the date you downloaded the tool.

I have been using the original version for several years.  Avast has only just started to block the file as FileRepMalware.  The detection is probably a false positive.  Having submitted the file to Avast for checking, I intend to await developments.



#13 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:06:09 AM

Posted 06 December 2015 - 08:12 AM

Please go back into your collected data and painstakingly re-examine the possibility that the "Last Updated" field may quite simply stand for the last date the entry in geekstogo.com was entered on that forum, and not the last update of the TFC.exe file. Furthermore, please re-establish if the File Version (and not the Product Version field) is 3.1.9.0
 
Continuing, is it in the realm of possibility that in the world of Avast! "FileRepMalware" stands for File Reputation Malware which in the entire world of malware is not an infection of any kind?
 
As is quoted many times per year in this and other subforums, utilities used by IT Techs, Malware Removal Helpers, Ad Nauseam frequently are awarded a rating of suspicious and even worse. Possibly because it artificially boosts the number of objects that anti-virus, anti-malware and anti-spyware can "proudly" point to in a misguided attempt to elevate their own product reputations.


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 AM

Posted 06 December 2015 - 08:13 AM

I have been using it for years too and it is a false positive as I explained in detail in Post #3.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Marc Meshurle

Marc Meshurle

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 AM

Posted 23 August 2017 - 02:43 PM

When I go the site for geekstodo dot com, I immediately get two new randomly named files in my C: Drive and two in my users drive. Cyber Reason Ransom picks it up as a crypto virus. I am still trying to determine if I have cleared it from my PC.

USE Caution if going to this site. I know that Bleepingcomputer.com verifies that all downloads are safe, but when I was redirected to their site, It appears that I got a driveby download.

 

UPDATE--- For those running Cybereason - here's the dirt - https://www.bleepingcomputer.com/forums/t/637573/virus-creating-randomly-named-folders-not-windows-update/

 

Yes there are some ransomware protection software which deliberately create dummy folders containing specific or randomly named .bmp, .png, .gif, .docx, .xlsx, .rtf, .txt files in various locations (and partitions) on your computer as part of its functionality. These are actually trap folders and files...patterns of files and hidden virtual files that ransomware is attracted to and the feature is more commonly referred to as "Entrapment Protection".

Ransomfree by Cybereason and CryptoMonitor by Nathan (DecrypterFixer) (but no longer supported) were among the first tools to include this feature (but no longer supported) were among the first tools to include this feature...see this related discussion.


Edited by Marc Meshurle, 23 August 2017 - 03:22 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users