Temp file, False alert?

File name: C:\Documents and Settings\username\Local Settings\Temp_avast4_\unp115098343.tmp\CYBERA~1\EARTHL~1\NSCOMM\ADDC.HTM

Malware name: VBS:Malware [Script]
Malware type: Virus/Worm
VPS version: 000741-0, 17-05-2007

Can’t repair, move, delete or quarantine in the chest. Seems a bit odd, ‘avast4’ is the temp folder for avast right? Not sure how to proceed. Manually remove the files? Anyone else had a problem with ‘VBS’ malware?

Google search linked it to the ‘Loveletter’, a ‘Visual Basic Scripting’ worm. Though I don’t normally use outlook express.

You’re right.
Did you try to schedule a boot time scanning with avast?

This is the folder where avast unpacks and scans archives and the unpxxxxxx.tmp (the xxxxx being numbers) is the file it creates when doing this. The files are normally removed after a successful scan.

The actual detection is on addc.htm inside that temp file.

You don’t say why you can’t move or delete, errors (file in use, etc.) ?

Just clear the temp folders using something like, ClearProg - Temp File Cleaner or CCleaner - Temp File Cleaner, etc..

Not sure if it would do any good. Will try tomorrow.

The temp folder has 8 tmp files, each 460 MB in size. It’s taking up a total of 3.51 gig. You learn something new every day… lol

It mentions something to the extent of: “The operation is not supported for this type of archive.” and “can’t open archive/file…” Peculiar that Avast would scan its own temporary files, seems a bit counterproductive. Anyway, can you delete the tmp files without destabilizing Avast? Or should I just leave it alone?

(And how would you clean the tmp files with CCleaner?)

You can delete… if they’re in use, better to clean in Safe Mode.

Just set the options of it. Options > Customize > Add a particular folder there…

Since the avast4_ folder is in the Temp folder it will be cleaned by default.

Run CCleaner, Click Analyse and you will see what it will clean, if you are happy with that, click the Run Cleaner button to get rid of them.

Take a little time to look at the settings, they can be customised. Personally I prefer ClearProg.

Forgot this… David is right as usual.

Thanks. Cleaned up the temp folder and solved the problem.

I hope Alwil team remove the ‘false positive’ or improve the way avast could handle the temporary files at that folder.
After all, it was avast who created the temporary file…

Glad we could help, welcome to the forums.

I don’t think it was a false positive, just that the unpxxx.tmp files not being removed after a scan and that particular archive/file associated with the unp file (CYBERA~1\EARTHL~1\NSCOMM\ADDC.HTM) may have been infected. Whether the addc.htp might be a FP is debatable, but we are unable to test that.