Jump to content

realfromthestart

Members
  • Content Count

    16
  • Joined

  • Last visited

About realfromthestart

  • Rank
    New Member
  1. So far my scans haven't picked up those tmp.exe files anymore since I uninstalled the WD Utilities. That was probably it. I'll let you know if there's another issue, thanks for your help!
  2. It comes back every time I restart. It's been a day or two since my last scan and now I see a lot more of them. What I also noticed is it might possibly be a false positive. I put the view on thumbnail and I saw that the icon is the same one for WD Drive which is for the external hard drive I have. I'm thinking these files are created from one of the WD Drive Utilities program for my external drive. It just seems that hitmanpro picks it up as malware. This is just a hunch at the moment, I'm not sure if I'm right. I'm running scans after I uninstalled the WD programs and see if the same tmp.exe files show up.
  3. Here are the results https://www.virustotal.com/#/file/61a50eb30c2b391f1f620d0d915137d9e4eaf7734cb7e071bf14a438eeb0a27f/detection
  4. Alright, here is the zip file with the autoruns file in it. DESKTOP-OMRH27L.zip
  5. Would it be helpful if I turned my computer off and turn it back on without running any scans?
  6. I'm pretty sure these files generate everytime I turn the laptop back on.
  7. I'm not sure if my scans using Hitmanpro is affecting the results since it quarantines the files generated.
  8. Ran the search, this nothing really came up. Below is the results from notepad. Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by Windows 10 (08-11-2017 18:33:54) Running from C:\Users\Windows 10\Downloads\FRST Boot Mode: Normal ================== Search Registry: "tmp.exe" =========== ====== End of Search =====
  9. Yeah, I ran a scan of Hitmanpro again, there's two tmp.exe files detected again, I'm going to attach a screenshot of the history of malware from Hitmanpro.
  10. Let me know if there's anything else I need to download or provide.
  11. Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by Windows 10 (08-11-2017 14:14:46) Run:2 Running from C:\Users\Windows 10\Downloads\FRST Loaded Profiles: Windows 10 (Available Profiles: Windows 10) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: GroupPolicy: Restriction <==== ATTENTION C:\ProgramData\mntemp EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "C:\Windows\system32\GroupPolicy\Machine" => not found. "C:\ProgramData\mntemp" => not found. =========== EmptyTemp: ========== BITS transfer queue => 7364608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7488560 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 3122 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 26690489 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 3620 B Windows 10 => 506610 B RecycleBin => 1578 B EmptyTemp: => 40.1 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:14:52 ====
  12. So these two text files were generated after the scan and I uploaded them. FRST.txt Addition.txt
  13. Ok, so here are the results after the scan. Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2017.11.08.12 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.674.15063.0 Windows 10 :: DESKTOP-OMRH27L [administrator] 11/8/2017 1:05:24 PM mbar-log-2017-11-08 (13-05-24).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 306323 Time elapsed: 14 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Windows 10\Downloads\Lets Drift 3.EXE (CheatTool.CETTrainer) -> Delete on reboot. [2bf1916f2f7b8caa06132f4de819f30d] Physical Sectors Detected: 0 (No malicious items detected) (end)
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.