Avast found various infected .tmp files, just making sure I'm clean.

Well I guess I haven’t been nearly as safe as I should be lately. Maybe a few of the sites I’ve visited lately aren’t so savory, although I also noticed various wikia sites have been infected with some fake adobe trojan that seems to be getting around, which normally wouldn’t be a problem but I use Steam’s browser to check things from time to time, so they don’t necessarily get blocked like in firefox. Even so, I’ve not specifically noticed anything wrong with my machine, but I’d still like a second opinion and if I should take any additional recautions.

I’ve got the boot log and file system shield logs here, not sure if thy are all relevant but they all seem somewhat recent:

  • Started on: Wednesday, March 9, 2016 4:25:56 AM

3/10/2016 12:03:28 AM C:\Users\Victor\AppData\Local\Temp\qkopiNTV.exe.part [L] Win32:Adware-gen [Adw] (0)
3/10/2016 12:03:28 AM C:\Users\Victor\AppData\Local\Temp\qkopiNTV.exe.part [L] Win32:Adware-gen [Adw] (0)
File was successfully moved to chest…
File was successfully moved to chest…

  • Started on: Wednesday, May 4, 2016 6:14:57 PM

5/8/2016 10:37:27 PM C:\Users\Victor\AppData\Local\Temp\CB50.tmp [L] Win32:Trojan-gen (0)
File was successfully moved to chest…
5/10/2016 11:02:52 AM C:\Users\Victor\Documents\NBGI\DSCM-2016-05-06-01.exe [L] FileRepMalware (0) (TC Note: this file is actually safe to my knowledge and I use it regularly)
File was successfully moved to chest…
5/10/2016 11:16:17 AM C:$RECYCLE.BIN\S-1-5-21-1109383580-4101226291-3731906273-1001$RHOYIT3.exe [L] Win32:Malware-gen (0)
File was successfully moved to chest…

05/20/2016 00:23
Scan of all local drives

File C:\Users\Victor\AppData\Local\Temp\B17F.tmp is infected by Win32:Injector-CUL [Trj], Moved to chest
File C:\Users\Victor\AppData\Local\Temp\1461.tmp is infected by Win32:Injector-CUM [Trj], Moved to chest
File C:\Users\Victor\AppData\Local\Temp\2FE9.tmp is infected by Win32:Trojan-gen, Moved to chest
File D:\Nexus Mod Manager\DarkSouls\Mods\downloads\Ultimate Catarina Set - UHD - Tan-852-1.rar.partial|>dsfix\tex_override\37a7ff79.dds Error 42126 {RAR archive is corrupted.}
Number of searched folders: 64964
Number of tested files: 3303932
Number of infected files: 3

Avast also initially caught this before I just decided to halt the scan and switch to a boot scan:
C:\Users\Victor\AppData\Local\Temp\DBC8.tmp Win32:Injector-CUM [Trj], Moved to chest

I did submit that file to VirusTotal and the results are pretty clear across the board:
https://www.virustotal.com/en/file/d9437454318f2ba8fe9f96a9e46923347f8d91f1a9eaa64ac3bd52f754da4ef6/analysis/1463721655/

As Kovter seemed to show up in the detection of multiple AV programs I went ahead and followed these steps, but nothing was found:
http://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan

I also noticed another tmp file with a similar naming scheme to the others, but it seems clean, so I guess names are nothing to go on:
https://www.virustotal.com/en/file/5232827cbde8d18adfc3f66191fe2a0ce75a85a1189beb646725214f3860cd81/analysis/1463741970/

Naturally I’ve also included all the required logs in the attachments as well. Thank you for your time.

5/10/2016 11:02:52 AM C:\Users\Victor\Documents\NBGI\DSCM-2016-05-06-01.exe [L] FileRepMalware (0) ([b]TC Note: this file is actually safe to my knowledge and I use it regularly)[/b]
Upload and test file at virustotal ... if scanned before, click rescan for a fresh result
C:\[b]$RECYCLE.BIN[/b]\S-1-5-21-1109383580-4101226291-3731906273-1001\$RHOYIT3.exe [L] Win32:Malware-gen (0)
empty your recycle bin

Essexboy should be online soon :wink:

This was an older version of the file. Newer ones do not trip antivirus programs as much.

Old:
https://www.virustotal.com/en/file/330bad1c62f693571f4eec3a7f3ea740904f6c45f72b530c2e302b19b8ac5c62/analysis/1463751561/

Latest version:
https://www.virustotal.com/en/file/6137423249b061b70a054344d81af45cfdb86f54b06ea00b0fbc586ac00fe5ef/analysis/1463751036/

DSCM offers remedies for connection issues in Dark Souls. By entering a player's Steam64 ID you can find and pair with a specific player, even if both start with 0 nodes. To help gather random connections, connecting to another player who has successfully built up some nodes should then help kickstart your own node growth.
Again, to my knowledge it was always safe, though the method it uses/used to execute it's intended function often tripped heuristic scans. Avast no longer detects the original file anyway. I can also provide the author's site and github page if you'd like.

I’ve also emptied my recycling bin, but I don’t ever remember having such a file. ???

Nothing apparent there, are you experiencing any problems ?

Nothing outside of the ordinary I believe.

Seeing as most of these detections originated from the temp folder I went ahead and used OldTimer’s Temp File Cleaner.

If all’s well I’ll continue about my business as usual, I was just a little extra concerned because of the fake adobe trojans floating around seemingly everywhere and you may recall how paranoid and dimwitted I can be. :-[

Thanks for the help and sorry for troubling you. :smiley:

Thanks for the help and sorry for troubling you. :D
No trouble, this is why we are here :)