We’re getting many instances of the following message with random file names. It continues to happen despite moving them to the chest. I’m not able to determine what’s putting these files in the temp directory.
17/12/2009 6:41:40 PM SYSTEM 1148 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\1034fd05338f83c5e8a14e96586f724f.exe” file.
17/12/2009 6:35:50 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\14b10a32c6ac18ac4e5db74dd5c1520e.exe” file.
17/12/2009 6:30:43 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\211f74e30e60e4919512ef303c863800.exe” file.
17/12/2009 6:25:13 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\eb4577a6fd28097cbac1f8201b131378.exe” file.
17/12/2009 6:20:02 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\6a20a71e44745646dbe001792b2bd98f.exe” file.
17/12/2009 6:17:53 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\Temp\8d54fd38af38df54d558f075ff5b34ce.exe” file.
17/12/2009 6:17:50 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\Temp\88b0717aef5765c07719fde940a144ba.exe” file.
17/12/2009 6:17:45 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\Temp\76a5ac7e650b13d3585e3e1d39e4289a.exe” file.
17/12/2009 6:14:53 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\9b0f32fc681daebc241a6f341518b896.exe” file.
17/12/2009 6:09:26 PM SYSTEM 1160 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\cb5197525004204d4ad83529c0dcc006.exe” file.
17/12/2009 6:04:24 PM SYSTEM 1264 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\8d54fd38af38df54d558f075ff5b34ce.exe” file.
17/12/2009 6:01:57 PM SYSTEM 1264 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\8d54fd38af38df54d558f075ff5b34ce.exe” file.
17/12/2009 5:56:54 PM SYSTEM 1144 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\88b0717aef5765c07719fde940a144ba.exe” file.
17/12/2009 5:56:54 PM SYSTEM 1144 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\88b0717aef5765c07719fde940a144ba.exe” file.
17/12/2009 12:53:37 PM SYSTEM 1152 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\249d4932fd5e7cb8f577e727a4074a2a.exe” file.
17/12/2009 12:48:16 PM SYSTEM 1152 Sign of “Win32:Malware-gen” has been found in “C:\WINDOWS\TEMP\73c038d35f7099b4c803f21db9c1ee3f.exe” file.
- How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
This message comes up when doing a large number of things, sometimes nothing
- What was the source of the file, where did the file come from?.: e.g. address, URL, source.
Unsure.
- When was it downloaded or received?
Dec 16th
- What is the exact file name with extension.
See above
- What was the exact wording of the message that the AV program came up with? This is important for later.
See above
- Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
Scanning of selected files
Program will try to scan 1 selected file(s) in the Chest
Move files to temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp_avast4_\unp72168339.tmp
FileID: 0000000037 Original file name: C:\WINDOWS\TEMP\1034fd05338f83c5e8a14e96586f724f.exe New folder: C:\DOCUME~1\Owner\LOCALS~1\Temp_avast4_\unp72168339.tmp\37.exe
Scan files in the temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp_avast4_\unp72168339.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp_avast4_\unp72168339.tmp\37.exe Win32:Malware-gen
Action was completed successfully!