JeanInMontana Posted July 19, 2007 ID:6488 Share Posted July 19, 2007 Much to my surprise quick scan on my laptop came up with 34 items! I removed them and I'm doing a full scan now.Malwarebytes' Anti-Malware Version 0.54This logfile was saved before the removal process.Database version: 091Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 34Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Malware.Trace)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\temp\Upd10.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd11.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd12.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd13.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd14.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd15.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd16.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd17.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd18.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd19.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd1A.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd1B.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd1C.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd1D.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd1E.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd2.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd20.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd2E.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd3.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd3B.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd4.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd5.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd52.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd6.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd7.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd8.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd8B.tmp (Heuristics.Malware)C:\WINDOWS\temp\Upd9.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdA.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdB.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdC.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdD.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdE.tmp (Heuristics.Malware)C:\WINDOWS\temp\UpdF.tmp (Heuristics.Malware) Link to post Share on other sites More sharing options...
JeanInMontana Posted July 22, 2007 Author ID:6533 Share Posted July 22, 2007 New scan with updates.Malwarebytes' Anti-Malware Version 0.54This logfile was saved after the removal process completed.Database version: 094Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\temp\Upd2.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.Are all these files UPd update files of some sort? Where are they coming from? Also wonder about the reg key in the first scan. Link to post Share on other sites More sharing options...
joe53 Posted July 22, 2007 ID:6534 Share Posted July 22, 2007 Are all these files UPd update files of some sort? Where are they coming from?I too have been getting those Updxxx.tmp detections:Malwarebytes' Anti-Malware Version 0.54Database version: 096Files Infected: 1Files Infected:C:\WINDOWS\temp\Upd73A.tmp (Heuristics.Malware)By trial and error, I determined they were placed in my temp folder whenever I manually updated my backup (on-demand) AV, AntiVir PE Classic. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 22, 2007 Author ID:6535 Share Posted July 22, 2007 Hey Joe, welcome to MWB! Love that avatar.That makes sense because I use Avira too. Link to post Share on other sites More sharing options...
Recommended Posts