Jump to content

Malware is fast populating my TEMP folder, bogs down MB scanner


Go to solution Solved by kevinf80,

Recommended Posts

New MBAM member. Searching for cause of current PC issues on Win7 Pro 64 SP1. I tried to install MB stand alone scanner but it wouldn't install. Then bought MB personal suite; v4 wouldn't install, but v3 would, so I did and ran the internal scanner which bogged down on the TEMP folder showing me what/where it was. Tried DEL /F/Q/S which only seemed to cause the folder to grow. Write protect did nothing so I assume there's some sort of Malware within the folder. There's currently over 800K files in the folder. What next? Thanks Jim

Link to post
Share on other sites

Hello jimkkk and welcome to Malwarebytes,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"

     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

Hiya jimkkk,

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

Next,

Boot your system to Normal mode, continue:

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here
 
When the install completes, continue:
 
Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....
 
Let me see those logs...
 
Thank you,
 
Kevin..

fixlist.txt

Link to post
Share on other sites

Kevin,

 

Try my best, I can't get the MBAM scanner to complete a scan. The best its done is freeze during the HA scan. I found a couple user remarks about a problem with updates, so I turned those off, rebooted and tried again. This time, it hung up early in "files." Meanwhile, you initial FBAR script successfully killed the self-generating TEMP folder, SFC finds nothing and the computer has more life. I still can't install MB4. It opens, confirms its for personal use, starting installing.....no progress bar, and shuts off.  It did produce a report which I have attached, but doesn't appear to have quarantined the items.  Windows updates fail, too. So what next? Thanks again for your help!  Jim

MBAM scan 9.31.20.txt

Link to post
Share on other sites

Kevin.

 

v4 won't install at all. Even after running the Support Tool. That said, v3 does install, so that's what I've been using. In v3, it freezes at random points during the scan. I've run 5 scans so far. Each freezing at a different point. I'm running the Support Tool again now as I type this. After the reboot, I will re-install v3, accept the updates and run the scanner again. If I can get the Scan to complete, I'll let you know. Meanwhile, attached are the other logs as requested.  Jim

AdwCleaner[C00].txt msert.log

Link to post
Share on other sites

Hiya Jim,

Can I also see the log from FRST fix frst.log Copies of logs are saved here: C:\FRST\Logs. If possible boot your system to Normal mode and run Malwarebytes again, even if V3 is is the only version you can install. When prompted after the scan make sure to Quarantin all found entries..

Thank you,

Kevin...

 

 

Link to post
Share on other sites

Hello Jim,

Wow, FRST fix removed 62 GB of temp stuff. That is a big chunk of data..

As you are running Windows 7 Windows defender does not have any anti-virus components, therefore if Malwarebytes is not installed correctly you have no AV protection.

From Addition.txt it does show two instances of Malwarebytes in Security Center, but in the installed programs list no instances of Malwarebytes show as installed...

Quote

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

Have look at the following link for a free version AV program to keep you protected until we can find out why Malwarebytes will not install...

https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629

Thank you,

Kevin...

Link to post
Share on other sites

v2 scanner ran and completed successfully. Then, I ran the Clean program and installed v3, but it hangs as before. Attached is the v2 log. 

 

62G in temp files.....HAH! .....and each time I'd make an effort to delete them, they folder would grow a couple more 

 

Thanks for the list of free versions. I'm installing Kaspersky.

 

Also, if it helps, be aware I'm also unable to install Windows updates. Also, I'm unable to install drivers for a couple printers I'm trying to test drive.....which I suspect is related to un-installed updates.

 

Thanks again for everything.

 

Jim

MB2 scan 191920.txt

Link to post
Share on other sites

Kevin.

Update: Kaspersky wouldn't install, either. Avast seems to be working. Trying to think if there's been any other "symptoms" that might provide some clues.  A couple little things: Firefox quit remembering logins. All the typical reasons have been checked and are fine. Outlook boots slow. Runs fine once its completely loaded. 

Link to post
Share on other sites

Not sure if you are aware but Microsoft stopped supporting Windows 7 14th January 2020. That does mean software and security updates also cease. 

https://support.microsoft.com/en-gb/help/4467761/windows-what-happens-when-windows-7-support-ends

Now might be a good time to upgrade your Windows 7 to Windows 10:

https://www.howtogeek.com/266072/you-can-still-get-windows-10-for-free-with-a-windows-7-8-or-8.1-key/

Link to post
Share on other sites

Another update: Total AV almost installs, but the last step is that it wants to get to the Internet to look for updates., but can't. I get an Total AV popup that says" Completing setup..... 0%......waiting for Internet connection.

But I have plenty of bandwidth.  

 

Link to post
Share on other sites

Yea.... I have 10 on my laptop. Maybe its just that I'm just an old IT guy...... over the hill and stuck in my ways, but I just don't like it much. Meanwhile, I have another PC with 7 which has been getting updates as recently as last week. This one got "one" update about 3 weeks ago amidst 20 that failed. Fortunately, I have everything backed up x2.  I've been using the laptop so this one can sit for hours making sure the software is locked, so at least I'm making an effort to "get with the times" but then again, I'm not a big fan of tablets, either.......so maybe I'm just a lost cause. Jim

Link to post
Share on other sites

Problem solved...or at least greatly improved! I needed to walk away from it for a bit and think about it while driving somewhere....when it came to me. I'm familiar with MS's "Repair Install" and knew I kinda wanted to avoid that. One small program I tried installing threw an error message that the computer didn't have a Temp folder to set up shop in. I'd seen that before which was how I discovered the 80g (and growing) folder....and contacted you. But trying to load it recently, threw the same error, so I looked at the Environmental Variables and spotted it. The local TEMP value syntax was wrong and the way it was written, had no target.   So, that was easy to correct and now, MBv4 (and everything else I've tried including Windows Updates) loads without issue. I have attached the scan results for your consideration. If there's anything else you'd like me to do, please let me know. Thanks for all your time and assistance.  Jim

Malware v4 scan.txt

Link to post
Share on other sites

  • Solution
Hiya Jim,

Good to hear your problems are gone, if no remaining issues or concerns continue to clean up..

Right click on FRST here: C:\Users\Jim\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.