I have no idea what this is, but as it says setup, and I am definitely not try to set up anything (as I am not around when it happens!) I am really worried about it. I have ran a couple of scans, and each time it found 2 things. I have stopped going to pretty much any sites except for facebook and my email accounts (where I NEVER open anything suspicious), so I have no idea where they are coming from.
If anyone can give me any incite on this program and such, it would be much appreciated!
I can’t seem to find the file. I wrote down what was in the sandbox, but it wouldn’t let me access it or anything. I hadn’t clicked on anything when it showed up, so I really have no idea what it is.
Open your Window Explorer and look for a Tools. Under tools you will see Folder options. When that window opens look for a tab named View. Slide down until you see Hidden files and Folders and check show files and folders.
Then look for C:\user(your name)\AppData\Local\Temp\pft226F.tmp[b]Setup.exe[/b]
If you find it go to virus total and ingress the same address in the box.
He… He… don’t be sad. No, I did not mean to use the search option. Did you unhide files and folders ? if you have not done it yet, it is not going to show in your search.
No in Avast! free. It just allows you run a suspicious process completely isolated from your sistem. Once it is ran and you close the sandbox it is eliminated. The weird thing here is that the file is not in your temps. Unless the file was erased when you reboot your comp. You will have to see when Autosandbox alerts you again. Try to get a screenshot of the alert. Wait for tomorrow and see if someone else with more knowledge can give you an input.
Sorry I couldn’t do more. I already notified Essexboy. He is the specialist in malware removal in this forum. He will joint this conversation around 7 pm UK time.
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*
C:\commands.txt echo list vol /raw /hide /c
/wait
C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs