False Positives in temp?

Viruses and worms
1

Hi,

UPATED W/ MORE INFO

Avast picked up the following tonight, despite the fact that I am extremely careful…I am very selective opening email attachments & downloading anything online. I use my Ubuntu machine for much of that. I run a hard & soft firewall, Avast, MBAM & SAS…so, considering my protection & safe internet practice, I am hoping these are FP’s.

\temp\WER44a0.dir00\mbam.exe.hdmp
\temp\WER9a2c.dir00\mbam.exe.hdmp
\temp\WERd8b8.dir00\mbam.exe.hdmp

Infection= MSIL:Crypt-N

Avast detected these shortly after I tried updating MBAB & the program was not responsive…

Any thoughts? Thanks!

2

You might want to consider running this Temp File Cleaner to delete your temp files.
It’s surprising how much junk is in there. I gained back 251 MB.

http://oldtimer.geekstogo.com/TFC.exe

3

These (.hdmp file types) are dump files that are associated with a problem with MBAM and it is possible that they contain the contents of memory related to MBAM at the time of the problem. So have you in the recent past experiences a problem with MBAM ?

It is entirely possible at that time it had virus signatures loaded into memory, these would be included in the dump file and subsequently detected on a scan. So if this is the case it isn’t a false positive detection, but a detection on a loaded set of signatures and only the first gets flagged from that file. Clear the temp files as suggested and I don’t believe you have anything further to worry about.

Of course you could upload one or more of these files to virustotal for confirmation.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the [b]C:[/b] drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder.

4

Thanks!

So have you in the recent past experiences a problem with MBAM ?

Nope…But I would tend to agree that I don’t actually have an infection although it would be nice if MBAM could confirm a problem last night w/ there program/updates :o

5

You’re welcome.