Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


TEMP folder full of rouge files

  • Please log in to reply
1 reply to this topic

#1 -jiman


  • Members
  • 21 posts
  • Local time:06:10 PM

Posted 30 March 2017 - 01:54 AM

HI , 


Need some expert advise. 


My harddisk is full because of rogue files in temp folder.  Bitdefender do detect it as malware of type Gen:Application.Heur2.ecW@baaaaaaab and also Trojan.GenericKD.4662123. It never manage to delete or fix the issue. 


1) I am running on BitDefender Gravity Zone on server 2008 r2

2) Malwarebytes free edition ( also never manage to detect anything) 

3) used the TFC.exe to remove temp files and reboot but it will appear again after sometime. 



BitDefender Detected as below




























BC AdBot (Login to Remove)



#2 buddy215


  • BC Advisor
  • 12,727 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:10 AM

Posted 30 March 2017 - 04:47 AM

Welcome to BC...


After running TFC again...do this:


  1. Please download the latest official version of Kaspersky TDSSKiller.
    KASPERSKY TDSSKILLER DOWNLOAD LINK(This link will automatically download Kaspersky TDSSKiller on your computer.)
  2. Double-click on tdsskiller.exe to open this utility, then click on Change Parameters.
  3. In the new open window,we will need to enable Detect TDLFS file system, then click on OK.
  4. Next,we will need to start a scan with Kaspersky, so you’ll need to press the Start Scan button.
  5. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
  6. To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.A reboot will be require to completely remove any infection from your system.
  7. Please copy and paste the results of the scan into your next post if anything was found and removed.

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatic

IF the malware is blocking your ability to download and run the scans do this:

Boot into safe mode with networking.

Download RKill (iExplore.exe) and run a scan using it.....when RKill completes its scan DO NOT REBOOT. Proceed with downloading and running scans using

MBAM Rootkit remover, AdwCleaner and JRT.


iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users