Something showing up in sandbox

So, this program keeps popping up with sandbox, but it usually happens when I haven’t even been around my computer trying to access anything.

it’s listed under: C:\user(myname)\AppData\Local\Temp\pft226F.tmp\Setup.exe

I have no idea what this is, but as it says setup, and I am definitely not try to set up anything (as I am not around when it happens!) I am really worried about it. I have ran a couple of scans, and each time it found 2 things. I have stopped going to pretty much any sites except for facebook and my email accounts (where I NEVER open anything suspicious), so I have no idea where they are coming from.

If anyone can give me any incite on this program and such, it would be much appreciated!

MaryJane welcome to avast! forum.

Could you send file to Virus Total to be analized by 40 or more AVs. Please copy/paste the link ( URL ) to the result here.

https://www.virustotal.com/

Thank you.

Thanks for the welcome! :slight_smile:

I can’t seem to find the file. I wrote down what was in the sandbox, but it wouldn’t let me access it or anything. I hadn’t clicked on anything when it showed up, so I really have no idea what it is.

Sorry, I am not very tech savvy. :frowning:

Have you cleaned your temps ? or it may be hidden, since I do no¿t use W 7 I leave you a guide to unhide folders.

http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html

See if you can find the file in the same direction you wrote before:

C:\user(myname)\AppData\Local\Temp\pft226F.tmp\Setup.exe

I actually have windows vista. (I know, I’m behind! lol)

How do you clean temps?

sorry I am such trouble! I am so computer illiterate!

No I do not want to clean the temps. The instructons for W 7 are the same for Vista. I want you to find the location of that file:

C:\user(myname)\AppData\Local\Temp\pft226F.tmp[b]Setup.exe[/b]

Most probably it is hidden and use VirusTotal to analize it.

https://www.virustotal.com/

Open your Window Explorer and look for a Tools. Under tools you will see Folder options. When that window opens look for a tab named View. Slide down until you see Hidden files and Folders and check show files and folders.

Then look for C:\user(your name)\AppData\Local\Temp\pft226F.tmp[b]Setup.exe[/b]
If you find it go to virus total and ingress the same address in the box.

When I searched, it said no files found. :-\

He… He… don’t be sad. No, I did not mean to use the search option. Did you unhide files and folders ? if you have not done it yet, it is not going to show in your search.

yes, I did press for hidden files and folders to be shown. Still nothing showed up. I wonder where it went?

Hmmm… Could it be sandboxed ? What Avast! are you running Free, Pro or AIS ?

Free. Is there a way to access the sandbox?

No in Avast! free. It just allows you run a suspicious process completely isolated from your sistem. Once it is ran and you close the sandbox it is eliminated. The weird thing here is that the file is not in your temps. Unless the file was erased when you reboot your comp. You will have to see when Autosandbox alerts you again. Try to get a screenshot of the alert. Wait for tomorrow and see if someone else with more knowledge can give you an input.

Ok. Thanks for all your help so far :slight_smile:

Sorry I couldn’t do more. I already notified Essexboy. He is the specialist in malware removal in this forum. He will joint this conversation around 7 pm UK time.

Hi lets have a little shufti

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U*.* /s
%Temp%\smtmp\1*.*
%Temp%\smtmp\2*.*
%Temp%\smtmp\3*.*
%Temp%\smtmp\4*.*

C:\commands.txt echo list vol /raw /hide /c
/wait
C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT[/b]
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

hello essexboy!

Here is the screenshot iro said I should take

http://img.photobucket.com/albums/v712/conan_kudo/avastcap2.jpg

as for what you are asking, everytime I try to run the program, avast opens it in sandbox then shuts it down before I can do anything. :confused:

Ok that explain why it could not be found. Autosandbox eliminated it when closing it.

Maryjanewatson it is important to follow Essexboy’s instruction to the letter. Here:

http://forum.avast.com/index.php?topic=96329.msg768386#msg768386

When Avast pops up select run normally in the dropdown box for OTL and tick remember my answer

Ok, here are the logs.

Thanks. I think Essexboy checked out for tonight. It must be around midnight back in the UK. He will be back tomorrow around 7 pm UK time.