A friend went on my laptop and went to a site that I felt was a bit dodgy. I told them to close it and I did a full scan with Avast Free and it brought up about 5 different Win 32 Evo-Gen files in my C:\Windows\Temp folder, all with a name starting with ‘WAX’ (eg. WAXA3AC.tmp)
Avast Quarantined them and I got a bit paranoid and tried a load of scanners such as MBAM, Stinger, Emisoft & Hitman
After doing these for a day or two, I felt that my laptop was fine, but saw an offer for Avast Internet Security, so I bought that…
So, everything seemed fine, but I did a full scan this morning just to make sure and it finds another ‘WAX’ file in my temp folder (WAXA3AC.tmp)
Is this likely to be a false positive temp file or is there something wrong?
Any help is greatly appreciated, I am just getting myself a little worried that my new laptop might have a virus already…
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
[*]Double-click the icon to start the tool.
[*]It will ask you where to extract it, then it will start.
[*]Warning!Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
[*]Click in the introduction screen “next” to continue.
[*]Click in the following screen “Update” to obtain the latest malware definitions.
[*]Once the update is complete select “Next” and click “Scan”.
[*]When the scan is finished and no malware has been found select “Exit”.
[*]If malware was detected, make sure to check all the items and click “Cleanup”. Reboot your computer.
[*]Open the MBAR folder and paste the content of the following files in your next reply:
System appears to be fine, it was a little weird on the restart after FRST. When it came to logging back into windows, it got stuck on my login page after entering the details. I had to manually shut off the laptop and start again, but it worked after that…
Everything was a little slow to load at first, I imagine due to all of the temp folders and such being gone, but nothing unusual now except of course some preference being missing like things pinned to the explorer icon on the task bar…
Is it common to get false positives like this in the temp folder or do you think this was actually a virus that has just been taken care of?
I only ask as I’m worried it will come up in another full scan and I won’t know if it’s a recurring problem or just normal…
Yes, everything in temp folder is kinda suspicious, it is not the place for something to works from, this folder is only used for temporary jobs, not for something to work from here.
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.