LondonHack Posted October 28, 2016 ID:1068842 Share Posted October 28, 2016 So I was cleaning out the temporary files left from Visual C++ on my C:/ drive, when I found 4 files all ending with .tmp that were there as well. Their names are as follows: EC8.tmp E831.tmp BF30.tmp 4C4B.tmp Looking the names of these online said they were something to do with malware, so I'm paranoid now. Are these files dropped by a piece of malware or are they system files that can be infected? Can I delete them? Link to post Share on other sites More sharing options...
LondonHack Posted October 28, 2016 Author ID:1068843 Share Posted October 28, 2016 I am scanning the entirety of my C:/ with MBAM right now, nothing found just yet. Link to post Share on other sites More sharing options...
David H. Lipman Posted October 28, 2016 ID:1068852 Share Posted October 28, 2016 You can't do a search on Google on TMP files names. One must always remember that Google will return misinformation as much as information and one has to discriminate the misinformation results. By definition they are TeMPorary files and are randomly named. Their mere existence is not an indicator of malware. While malware and malicious processes will use the TEMPorary folder, pointed to by the Operating System ( OS ) Environmental Variables %TMP% and %TEMP%, legitimate software also use the Logged-In User Account TEMPorary folder for installation of software and for files created by legitimate running processes. Because you cited files using 4 digit file names ending with .TMP, it is highly likely that the randomized names have been used before and possibly with a malicious process. However that is not a strong indicator that the files you have are malicious. The first thing to do is loom at their SIZE and DATE. The DATE is self explanatory. However the SIZE can be significant. For example if the size is less than 4KB or 0 Bytes then they are nothing. If the size is significant like equal to or greater than 10's of Kilobytes then you can send the files to Virus Total and see if the many vendors used by this service detect anything. If the file can't be uploaded an/or the size of the uploaded file is 0KB then the file handle is held open by the OS and a Process is using it. If a Process is using a TMP file, you may determine what process that is by using the Microsoft Sysinternals utility Process Explorer. This is done by running Process Explorer and using the Pull-Down menu item "Find" ---> "Find Handle or DLL" and entering in the full name of the TMP file [ Ex. BF30.tmp ] What I have done is give you the information and tools to help you make the decisions on TMP files by yourself. Link to post Share on other sites More sharing options...
LondonHack Posted October 28, 2016 Author ID:1068873 Share Posted October 28, 2016 Thanks for the reply! The files were replaced by a file just called END. It's 1 KB (the other files were 1KB too) and opening it with Notepad++ just showed nothing but 2 brackets. My guess is that the (probably harmless) process that dumped those temporary files had finished and just left it. I'm probably going to leave it, too. Link to post Share on other sites More sharing options...
David H. Lipman Posted October 28, 2016 ID:1068878 Share Posted October 28, 2016 You can delete them. Link to post Share on other sites More sharing options...
David H. Lipman Posted October 30, 2016 ID:1069256 Share Posted October 30, 2016 Is thee anything else ? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 3, 2016 Root Admin ID:1069949 Share Posted November 3, 2016 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts