Jump to content

____.tmp file in C:\Windows\SoftwareDistribution\Download\***********


Beaker1024
 Share

Recommended Posts

So for some reason yesterday (after 9 months of paid version scanning daily) I had two "trojan" hits.  They are both the same time of file found in:

c:\Windows\SoftwareDistribution\Download\bunch_of_letters_and_numbers_folder

 

The files are both the same size looking like:
BIT61D1.tmp

 

When you open in Notepad they look like normal temp files from MS windows updates being applied.  I decided to upload one to "VirusTotal" and got a full clean (all green check marks) even from MalwareBytes.

 

So I believe they are both Temp files created when I "uninstalled" KB3035583 (didn't want the GWX on my one PC).

 

Since these are just Temp files I figured I'd let my local MalwayreBytes go ahead and quarantine both of them just because I don't see it hurting anything.

 

I have a screen capture of VirusTotal saying the tmp file is all clean (0/54).

 

I am also uncertain if the Temp files had any personal data in them so I have requested VIrustotal to remove it when possible.  Like I said MalwareBytes found 2 of these exact same temp files that I believe were generated by the two times I had to uninstall the same KB Win7 update.

Link to post
Share on other sites

Here's a copy paste of the log.  Sorry it's in the XML format.  I did change the username, PC name & IP.  The rest I promise is untouched.

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/02/10 14:35:32 -0500</date>
<logfile>mbam-log-2016-02-10 (14-35-32).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2016.02.10.05</malware-database>
<rootkit-database>v2016.02.08.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>enabled</self-protection>
</engine>
<system>
<hostname>PC</hostname>
<ip>192.168.1.xx</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>**Removed**</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>9654</objects>
<time>375</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>disabled</memory>
<startup>disabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Windows\SoftwareDistribution\Download\b4cfbeff3736ba2990142a0029960c9e\BIT7B5F.tmp</path><vendor>Trojan.Agent.Generic</vendor><action>success</action><hash>917cea75dabf6cca269594559071aa56</hash></file>
<file><path>C:\Windows\SoftwareDistribution\Download\d937e328b45ba30759f04fac28b32b5e\BIT61D1.tmp</path><vendor>Trojan.Agent.Generic</vendor><action>success</action><hash>40cdbba43267a4929d1ed7129a679769</hash></file>
</items>
</mbam-log>
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.