Jump to content
Neph

.tmp files in Malewarebyte's folder

Recommended Posts

Hi,

after Malwarebytes (Premium, latest version) detected a PuP today, I started a full scan of my C: drive during which two files were found:

00015723.tmp

00023946.tmp

Both were classed as Trojan.Agent.EMN and they were in my old "Program Files(x86)\Malwarebytes" folder - currently Malwarebytes is installed in the 64bit "Program Files" folder.

A couple of minutes later, while the original scan was still running, a Norton window (yes, I use both because they each detect different kinds of nasty stuff) suddenly popped up, saying that it was working on removing a Trojan.Cryptolocker. Yes, that almost gave me a heart attack! When it was done, I got really surprised by what the actual file was:

00023946.tmp

So the same file Malwarebytes had already found, only with a different classification.

I already read about Norton sometimes saving tmp files in Malwarebyte's folder, please tell me this is what I am/was experiencing here! Btw, there's still a single .tmp file left and I let both Malwarebytes and Norton run a scan but neither found anything wrong with it. Should I delete it and the folder (it's empty otherwise) while I'm at it just to be safe?

Share this post


Link to post
Share on other sites

Hi,

I don't believe there's anything to worry here. I believe it's indeed this same case scenario that we have seen in the past where .tmp files are created by Norton. So if that folder is indeed empty, please go ahead and delete it manually.

Share this post


Link to post
Share on other sites

Pew, glad to hear that! I wonder why Norton hasn't fixed this and why both programs even detect these files as nasty stuff.

There's still one more .tmp file left in the folder, should I delete it anyway?

Share this post


Link to post
Share on other sites

Update:

I didn't completely delete the last .tmp file (forgot to empty the bin) and today Malwarebytes detected it as another Trojan.Agent.ENM (sorry, not "EMN"), even though it hadn't before.

Share this post


Link to post
Share on other sites

Hi,

That could have been a valid detection by Malwarebytes, still, this is a detection for a threat where it's only a leftover component, and won't do anything on its own anyway.

 

Share this post


Link to post
Share on other sites

The other 2 files had been created earlier too and only got detected on April 4th, while the third and last file (00015723.tmp) wasn't detected until yesterday. Do you think that it could have been an actual trojan after all (didn't get any symptoms or noticed anything weird and Malwarebytes never found anything until April 4th)?

In what folder do the logs get saved (no "logs" folder in "Roaming" and "Program Files" and the latest logs are missing in "ProgramData")? Is it possible to have Malwarebytes store them longer than just one month?

Share this post


Link to post
Share on other sites

Hi,

If you are using MB2, then logs are stored under the following folder: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

If you are using MB3, then logs are stored under the following folder: C:\ProgramData\Malwarebytes\MBAMService\ScanResults

Malwarebytes keeps the logs, unless you of course decide to use a clean install of Malwarebytes or manually delete the logs. Or you could have set to "Don't export log information" as well. 

It looks like above detection was only added recently which explains why it wasn't detected before. But as I said, this is a detection of a trace, so nothing to worry. :)

Share this post


Link to post
Share on other sites

Ah, I found a bunch of ".json" files in "ScanResults", thanks. Are there no .txt files anymore or do I have to enable a setting for that? I didn't find "Don't export log information" (MB3) and there's only a separate "Export" button when I open the log through MB.

I've never had a virus/trojan/... on this PC (at least none that I noticed or got detected), so that's really weird. Thanks for the infos, I hope that with MB's self protection setting enabled Norton won't be able to create any more files like that (must have happened a while ago because of the 32bit version).

I just found a bunch of files (a ".data" and a ".quar" for each name) that were create between 2014 and January 2017 in "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine", I guess they are leftovers of another old MB version (possibly simply MB2). Can I delete those too or is there a way to import them in MB3, so I can look at what files they were?

Share this post


Link to post
Share on other sites

Well, you can also always export a log from the Malwarebytes interface when you look at the details. Then you're able to export (as text) or copy to clipboard :)

The json standard format in the logs folder is just so it displays nicely in the Malwarebytes interface :)

Yes, you can delete those quarantine files, as the new MB3 handles these quite differently. The only way to look at these is by reinstalling malwarebytes 2 again, but honestly, I don't see why you would do that as MB3 is a big improvement (detection wise) to MB2. And I don't think you need these quarantine files anyway :).

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.