MachineLearning/Anomalous.100% detected in temp folder on 2nd scan

[Vip]

On boot after a few mins malwarebytes automatically performs a threat scan(I think it does an auto check for updates too). Which it did and did not detect anything.

I then did a manual check for updates, it reported malwarebytes was already up to date.  

I then ran a manual threat scan which completed in approx 7 mins and detected the following.

MachineLearning/Anomalous.100%
in
C:\USERS\profile\APPDATA\LOCAL\TEMP\BIT8EC.TMP
I chose to quarantine it.

However when I now go to view quarantined items there is nothing present and BIT8EC.TMP is not present in C:\USERS\profile\APPDATA\LOCAL\TEMP\

Please see attached screenshots

Are there any recommended next steps?

Thanks.

[Vip]

Forgot to add the malwarebytes scan logMalwarebytes20220118.txt

[Vip]

Further threat scans with Malwarebytes did not detect anything.

I ran a full scan with McAfee Antivirus (took a few hours) and it did not detect anything.

I checked the date\time modified on the C:\ProgramData\Malwarebytes\MBAMService\Quarantine folder and it shows 18/01/2022 09:00.

When I asked again if anyone had moved or deleted anything this morning at around 09:00, this time I was told they used the Malwarebytes option on the quarantine screen to delete the file at around 09:00. Apologies.

Please can you let me know if there is anything further I should do to ensure the computer is clean. 

I can run a Full malwarebytes scan with all options ticked, however last time it took about 10 hours to complete.

Thanks.

[Maurice Naggar]

Hello @Vip

The .tnp file is a temporary file within a TEMPORARY sub-folder.  It is fair game for removal. That is to say, you may delete all content of %userprofile%\appdata\local\temp  sub-folder & then Restart Windows.

I would like a report set for review.   This is a report only.

Please download MALWAREBYRES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.
• To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.

 

 

The set of data from the report will provide much needed information.

Please always attach reports as we go along.

Cheers.

[Vip]

Hi @Maurice Naggar

Please find mbst-grab-results.zip attached,

 

Thanks, 

Vipmbst-grab-results.zip

[Maurice Naggar]

I am not seeing signs of malware on the FRST Farbar reports.  One presumption I have is that the Bitxxx.tmp file could perhaps be a temporary file from the McAfee antivirus, or, perhaps from some game that you play online.  That is a assumption.  Again, I do not see traces of malware. But, we will do like a housekeeping scripted run.

I would remark that this pc is protected with Malwarebytes Premium + Privacy + Mcafee VirusScan with Mcafee firewall.

^

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[   2   ]

Next, a custom script to do other checks & some other cleanups.

We will use FRSTENGLISH.exe  on your Downloads folder     to run a custom script.    The system will be rebooted after the script has run.

This custom script is for  VIP  only / for this machine only.

 

This custom script has some specific things, plus some general aspect to help the system overall.  Hoping it will not exceed 60 minutes in execute time.

NOTE-1:  This script will  run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .  It will run the Windows DISM tool to check the system.  

NOTE-2: It will attempt to remove .tmp files if found. It will remove 1 scheduled task to autostart the Edge browser. It will clear the Cache for Edge & Chrome browsers.

•  
• Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

• If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.
• Please save the (attached file named) FIXLIST.txt   to the   user Downloads  folder

Fixlist.txt

 

Then, Start the Windows Explorer and then, go  to the Downloads   folder.

RIGHT click on FRSTEnglish.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

• IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

• on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

[Vip]

Hi,

Please find Fixlog.txt attached.

Thanks.

Vip

Fixlog.txt

[Maurice Naggar]

The run good. The Syetem File Checker ( Windows SFC) and DISM checks are all very good. The run is as intended.

 I would suggest that you do this next scan. This is a known respected tool. It will scan for viruses as well as for potentially unwanted applications.   ( P U A  or  P U P ).

You may want to temporarily turn off the real-time protection of McAfee VirusScan  ( to rule out potential deadlock or slowdown or conflict ). Just temporarily for this next run.

I would suggest a free scan with the ESET Online Scanner.  This will be another check for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

• Save the file to your system, such as the Downloads folder, or else to the Desktop.
• Go to the saved file, and double click it to get it started.

 

• When presented with the initial ESET options, click on "Computer Scan".
• Next, when prompted by Windows, allow it to start by clicking Yes
• When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

• Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

• When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
• Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done.

You should decline the offer for “periodic scanning”.   ( if offered)

Please make sure you attach the log report.   

[Vip]

Hi, 

It didn't detect anything, please find the eset log attached.

Thanks, 

Vip

 

esetOnlineScanLog20220119.txt

[Maurice Naggar]

Hello.  Thank you for the ESET run log.  The result is excellent.  

19/01/2022 09:54:40
Files scanned: 895892
Detected files: 0
Cleaned files: 0
Total scan time: 00:48:54
Scan status: Finished

Your system has McAfee Virusscan.   Kindly do a quick scan with it.  Let's see what it says.

Also, let me know if Malwarebytes for Windows flagged something Today.  Do a new Threat scan with Malwarebytes for Windows.

[Vip]

Hi, 

McAfee Quickscan did not detect anything please see screenshot.

Malwarebytes Threat Scan did not detect anything please see attached text file.

Thanks, 

Vip

Malwarebytes20220119.txt

[Vip]

Meant to say, the Malwarebytes Threat scan this morning did not detect anything either.

[Maurice Naggar]

Thanks.  That is re-assuring.  

I would recommend getting a readout report as to update status of some key apps.

• Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

• and save the tool on the desktop.
• If Windows's  SmartScreen block that with a message-window, then
• Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

[Vip]

Hi, 

Please find securitycheck.txt

Thanks, 

Vip

SecurityCheck.txt

[Vip]

Hi, I've just seen this thread is marked as solved.  Is the computer now OK to use again?

Thanks.

[Maurice Naggar]

11 minutes ago, Vip said:

Hi, I've just seen this thread is marked as solved.  Is the computer now OK to use again?

Thanks.

Yes.  I am not seeing malware on this machine.  Keep in mind, we've run a number of scans.

[Maurice Naggar]

The SecurityCheck report is very good.  There is only one app that needs your attention.

7-Zip 19.00 (x64) v.19.00   Warning! Download Update
Uninstall old version and install new one.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• You may attach that file to your next reply. (not compulsory)

Sincerely.

Edited January 19, 2022 by AdvancedSetup
Corrected font issue

[Vip]

1 hour ago, Maurice Naggar said:

Yes.  I am not seeing malware on this machine.  Keep in mind, we've run a number of scans.

That's great thankyou.

[Vip]

1 hour ago, Maurice Naggar said:

The SecurityCheck report is very good.  There is only one app that needs your attention.

7-Zip 19.00 (x64) v.19.00   Warning! Download Update
Uninstall old version and install new one.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

• right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• You may attach that file to your next reply. (not compulsory)

Sincerely.

Hi, 

Updated 7 zip and ran KpRm please find log attached.

Vip

kprm-20220119224854.txt

[Maurice Naggar]

Your pc is good-to-go.  I am closing the case.  My best to you.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you