Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting random named temp files


  • Please log in to reply
5 replies to this topic

#1 pegasis

pegasis

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 26 September 2016 - 10:31 AM

Hello

 

here is the old thread: http://www.bleepingcomputer.com/forums/t/627422/viruses-in-temp-folder/#entry4090715

 

I am still getting random names temp files and bitdefender is quarantining them.

 

I have scanned my computer probably 20 times to find the source

 

they are listed as Eicar_test _file.files in bitdefender 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:59 AM

Posted 27 September 2016 - 04:41 PM

Hi,

​Next time you see some in a temp directory. Try uploading a few of them to one of these sites below by browsing for the file then uploading it. It will be checked out by a dozen or so scanners. Or upload them out of Bitdefenders quarantine. Just to get some verification about the files. We will go from there.

https://virusscan.jotti.org/

https://www.virustotal.com/


How Can I Reduce My Risk to Malware?


#3 pegasis

pegasis
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 28 September 2016 - 11:05 AM

seems to be zero bytes files in temp folders;   (like several created each day)

EX: tmp00000002.vir

 

file has a detection of 100 in 100 scale, all scanners show green pluses  whatever that means

 

I am confused, how can I find the process creating the files

 

I can not scan the actual file, as a program seems to have permission on the files

 

I can't open the files native on my machine, I don't have permissions??

 

 



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:59 AM

Posted 29 September 2016 - 04:44 PM

Did this just start happening? Is that the free version of bitdefender. I think its also possible that other antimalware apps could be the source of the file also and BD is just quarantining the files.

 

Could you turn off real time protection in bit defender and see if and whats creating the temp files. Or maybe disable any other antimalware apps that may be running and see if the temp creation stops. What icons do you see down by the clock other than BD?

You could also disable them all except one at boot time and see if temps get created. Narrow it down to the software thats causing it.


How Can I Reduce My Risk to Malware?


#5 pegasis

pegasis
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 30 September 2016 - 11:43 AM

No, evidently this has been gong on a while, and i just recently noticed it

 

I have scanned the computer 20 times, with 10 different scanners, and I get a few hits, the scanner removes a few files

but the temp folder/files persist.

 

There are several posts about bitdefender and this temp folders on the internet and in the bleepingcomputer forum

 

The only active scanning app is bitdefender, and the other scanners are manually launched

 

Is there a way to track down the process creating the folders/files

 

Bitdefender does show events in the log with times of discovery



#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:59 AM

Posted 30 September 2016 - 04:31 PM

I would suspect its BD itself. If it was malware related one of the other scanners you used would have flagged something. Dont think malware would escape 20 different scanners. You might try running Sysinternals Process monitor which can monitor in real time. May provide some clues. Process Explorer also might prove useful.

Or you could uninstall BD and go with another AV just to make sure that BD is the cause.

 

https://technet.microsoft.com/en-us/sysinternals/default


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users