Jump to content

Trojan File.Fill Detected


Recommended Posts

Malwarebytes detected a trojan file.fill .tmp file on my desktop.


I have done the following:

1. Rebooted into safe mode after detection.

2. Removed trojan via Malwarebytes while in Safe Mode.

4. Scanned again via Malwarebytes, nothing found, BUT there were (2) .tmp files on desktop that i deleted permanently.

5. Rebooted into safe mode with network access.

6. Downloaded Farbar Recovery Scan Tool and ran scan.


Attached are:

1. Malwarebytes log file (named: MalwareBytes-Trojan File.Fill.txt) from initial detection.

2. Farbar scan results: FRST.txt and Addition.txt


Thank you for your assistance.  Please let me know of any additional steps I need to take to ensure complete removal and if you see anything else suspicious.



MalwareBytes-Trojan File.Fill.txt



Link to post
Share on other sites




They call me TwinHeadedEagle around here, and I'll try to help your with your issue.




Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!




  warning.gif Rules and policies


We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!


Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and upload your next reply.
Link to post
Share on other sites

Good. Let's use FRST again:

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

Seems good.

Thank you so much for your time. Even with no results coming up it is comforting to have another set of eyes look at things. You never can tell how some of these things hang around if you are not fighting them on a daily basis. 


Also, I wasn't aware that MalwareBytes does not perform as well in SAFEMODE. Someone dropped me a message from the forum to let me know. I'll keep that in mind for the future as well as your other recommendations for safe computing.


Keep up the good fight! I'll visit your donation page :)

Link to post
Share on other sites

oops. i guess i spoke too soon!!! the dang thing is back!

Just ran MB as a daily check and bam, trojan.filefill came back as a .tmp file on the desktop.


i will attach the mb report and the 2 farbar reports.


i ran MB, it identified Trojan File.Fill and removed it. I have the report from that action. It then required a reboot, so i ran FARBAR after the reboot.



mbam-trojan filefill.txt

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.


Link to post
Share on other sites

the .tmp file that was on the desktop has now turned into 3 .tmp files. i uploaded on that was 383kb to www.virustotal.com and got the following info:


2 sources out of many found the tmp file to be bad:


Comodo: Heur.Corrupt.PE

TheHacker: w32/Behav-Heuristic-CorruptFile-EP






Link to post
Share on other sites

Thanbks againfor your help. so far there has been no return. i did end up running adwcleaner and tdsskiller last night just to see what turned up but i think it may be clean.


is there one report that is better than another to determine if it is completely clean?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.