What is this?

http://www.shrani.si/f/35/ER/23u420aX/false.jpg

Are these Avast’s legit files? It doesn’t seem like a FP. :-\

http://www.virustotal.com/sl/analisis/8fccc57ac017de22278793f7a6b6314c451a232e7e1dd9744fea89fe2bda25cf-1273667216

http://www.virustotal.com/sl/analisis/8fccc57ac017de22278793f7a6b6314c451a232e7e1dd9744fea89fe2bda25cf-1273667219

http://www.virustotal.com/sl/analisis/8fccc57ac017de22278793f7a6b6314c451a232e7e1dd9744fea89fe2bda25cf-1273667223

http://www.virustotal.com/sl/analisis/8fccc57ac017de22278793f7a6b6314c451a232e7e1dd9744fea89fe2bda25cf-1273667227

Please help!

Those are NOT avast files. Those are files that avast scanned, using that directory as temporary placeholder. The fact that they are lingering there still would suggest that you have some conflicting antivirus/antimalware installed which prevented avast from deleting those *.tmp files.

You shouldn’t run two AVs in realtime first; in case you run something like Immunet Protect or whatnot (claimed to be compatible w/ other AVs), to prevent this from occurring again, you should exclude that directory from scanning in whatever other security SW you have installed.

False positives of avast temporary files.
I don’t think MBAM has an exclusion list (to add them previously).

Look at the VirusTotal links I posted, they are not FP’s. How do I get rid of those nasties for good? And no, I don’t have two AV’s or any conflicting software (see my signature). Thank you!

MBAM won’t cause them to stay there. Normally this stuff gets deleted once avast is done doing it’s job. If something else locks the files meanwhile, fighting w/ avast for control over them, then they may be left there and the clutter will cummulate in that directory. So, what I means is NOT to exclude the directory in MBAM, but to prevent those from staying there in the first place. :wink:

P.S. Just delete them to get rid of them. ;D

those files could be avast crash dump temp files I think, generated while the actual dump files are saved in the alwill folder in program data…they shouldn’t be flagged by MBAM >>> FPs

ps: my guess is that the dump files must contain traces referring to an actual infection, explaining the detection.

Please look at the VirusTotal links in my first post.

I think that these are the files that were created by Avast when I scanned an infected rar or zip file and Avast didn’t detect them. So:

  1. Are these files able to harm my computer?

  2. How do I get rid of them and why didn’t Avast delete them?

Thank you!

I edited my last post, see ps . Whatever, these are genuine Avast temp files may be just referring to avast detections. I made a mistake though ::slight_smile: : I referred to dump files because they got the same unp naming.

OK, I deleted them (all four), but left the Webshlock.txt file there, is that OK?

Can someone tell me if the infected files that are NOT detected by Avast can “escape” from that Temp folder and do harm?

I had to copy those 4 files out of the Temp folder to be able to upload them to VirusTotal (because it said that the folder has access denied). But I deleted them with ni problem in Windows Explorer. Why weren’t they deleted by Avast already? I’ll reboot my PC now, to see if they will be really gone then…

Thank you.

these are not infected files, they’re just avast temp files from Avast with references to detections, or updates, I’m not sure at all >>> your system may be really infected, I don’t know. You should have attempted to open them with a word processor to read the content.

See… I already tried to explain. I can reproduce the issue very easily once I install e.g. ClamWin or Immunet Protect and forget to exclude that folder. Yeah, you can delete them perfectly fine after that - but, avast cannot delete them at the time it tries since something else is holding a lock on those files when it tries. Naturally, avast stops caring after that and won’t try indefinitely to wipe them.

Are you running the SAS/MBAM stuff in realtime? (I.e., are those the paid versions you use?)

Another thing that’d come to mind is the windows indexing service causing this. Try to disable indexing for that directory.

Who’s saying that? ???

It’s a matter of conflict, not to prevent staying there… There will be always a moment when avast is scanning and MBAM also…

there’s another thread here about these unp files found in win temp folder
http://forum.avast.com/index.php?topic=56153

I use SAS and MBAM free versions (on demand only), so there’s no conflict with Avast. That files were created when I scanned an infected package (but not detected by Avast). I would like to know it the files created when Avast scans a package can infect my PC. And I don’t know why Avast couldn’t delete them.

Are you actually reading my replies? If something holds a lock on them, it can’t delete them… Whether the lock is released later on is irrelevant, they’ll stay there. Once again, disable the indexing for that directory and see whether the issue is gone.

files created by avast infecting your PCs ??? you’re kidding ;D >>> no :slight_smile: again there must have been references to infections in these temp files, explaining the detection by mbam.

well I doubt the OP has ever been playing with the index, and system folders (temp in Win in this case) are not indexed by default. If there’s a lock on these files, it’s from Avast.

Well, they definitely are indexed by default on XP SP3. I just checked on a completely fresh XP install now. Fact being, the entire drive is indexed by default on XP installed on NTFS.

yeah I was referring to Vista or Seven. But even on XP, must just be “allowed to be indexed”, and not indexed at all. There was an old and completely outdated indexing system on XP that had to be purposely activated to index anything, made obsolete and replaced by Windows Desktop Search that would never have indexed system files/folders either by default.

edit: could you show a screen shot of what tells that windows folders are indexed on XP/SP3? don’t know what interface you’re referring to…

edit again: indexing wouldn’t lock any file anyway

Yes, it does lock… Actually had this issue a couple of times with normal folder. Using the Unlocker utility, I found that I can’t delete the file because it’s locked by Windows indexer.