Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus in temp windows folder? Help me, pc-guys


  • Please log in to reply
5 replies to this topic

#1 Christian339

Christian339

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 14 April 2016 - 01:20 PM

Hello BC.

For the past week I have been getting this message about an infected or corrupted file in my temp folder. I'm currently using Bitdefender, and every time it suggests me with an infected file, I choose the option to delete it, however it keeps on being infected or something like that. I have looked at other solutions regarding the same issue as I and I have tried doing what people told them to do, but nothing seems to work for me. I downloaded many anti virus programs and such, but nothing seems to fix the virus and getting it deleted, as the pop-up message keeps happening.

Hope someone can help me with this issue 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:02 AM

Posted 14 April 2016 - 02:35 PM

Christian339:
 
:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum.  My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.

I use Bitdefender myself. Is it Bitdefender that is issuing the warning, or is it a pop-up when you are on (a) website(s)?

Would you be so kind as to post the actual message that your are seeing? A screenshot would be even better, but the text of the message would be helpful, to help me, help you.

It may not be a virus. It could be adware. I suggest that we run a few preliminary scans.
 

 

 

:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2: Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

I would like you to paste the logs from both scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 Christian339

Christian339
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 15 April 2016 - 08:28 AM

Hey Phil

I got the message of the so called "threat" this morning, and the screenshot of the pop-up message is as follows https://gyazo.com/83137d60ad1f69073d9e60f1d842e489 . When I proceed to click the message, I can choose what i want to do with the threat, as seen in this screenshot: https://gyazo.com/5d12a66b72fefc861edfceaea27ca329 . I click the "delete" option, and it tells me that im safe, but an hour or two later, it pops up again.
I scanned my computer with the different programs you suggested. The ESET scan is looking rather small, and I'm not sure if i did something wrong there. Here are the logs:

 

ESET scan:
C:\Users\Christian\Downloads\6d7187a1.zip a variant of Win32/Packed.Themida.AAD trojan deleted
C:\Users\Christian\Downloads\ccsetup516pro (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Christian\Downloads\ccsetup516pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
 
MBAM scan:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15-04-2016
Scan Time: 15:03
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.04.15.03
Rootkit Database: v2016.04.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394485
Time Elapsed: 13 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Thanks for helping me out Phil
- Christian


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:02 AM

Posted 15 April 2016 - 11:53 AM

Christian:

 

Thank you for the logs.  I "like" small ESET logs; in fact, I prefer it when there are no ESET logs because that means nothing was found.:)

 

Your computer looks pretty clean to me.  This could be a Bitdefender issue.  I use Bitdefender Total Security 2016.

 

My advice is to research, and possibly post your issue over at the Bitdefender Antivirus Free Edition Forum, if you don't find an answer by searching that Forum first.  The Forum can be found here.

 

If you do find out the answer concerning this pop-up, please be sure to post back here and further the education of all Bleeping Computer Forum users.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Christian339

Christian339
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 15 April 2016 - 03:21 PM

I'll do some research on the subject, and if I find out what was causing it, I will be sure to post it here. I haven't gotten the pop-up message today after I did the ESET and MBAM scans, so I don't know if that means that the virus got deleted or quarentined or what

Anyways, thanks for the help Phil, I appreciate it :)

- Christian



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:02 AM

Posted 16 April 2016 - 11:52 AM

Christian:

 

Thank you for your post.  I am really happy that your problem seems resolved.  If you do find out anything over at the Bitdefender Forum, I would really appreciate you sharing the information here to benefit all of us.

 

You are most welcome for my assistance.  It has been my pleasure.  On behalf of the Bleeping Computer community, thank you for having chosen Bleeping Computer to help you with your computer issues.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users