Worm?

I got his file:trz33.tmp
(got this from wpe pro)

and when i try to move it to avast chest or delete it it deetes
and makes new 1

here is virustotal :slight_smile:

AhnLab-V3 - - Win-Trojan/WpeProSniffer.184320
AntiVir - - TR/Sniffer.Wpepro.A
Authentium - - W32/VirTool.GO
Avast - - Win32:WpePro-F
AVG - - Tool.GN
BitDefender - - Trojan.Wpepro.B
CAT-QuickHeal - - Sniffer.WpePro.a (Not a Virus)
ClamAV - - Trojan.Wpepro
DrWeb - - Trojan.WpePro
eSafe - - HackTool.Win32.WpePr
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/VirTool.GO
F-Secure - - HackTool.Win32.Sniffer.WpePro.w
Fortinet - - W32/WpePro.a!tr
GData - - HackTool.Win32.Sniffer.WpePro.w
Ikarus - - Sniffer.Win32.WpePro
K7AntiVirus - - Sniffer.Win32.WpePro.a
Kaspersky - - HackTool.Win32.Sniffer.WpePro.w
McAfee - - Sniff-WpePro
Microsoft - - Trojan:Win32/Small
NOD32v2 - - Win32/Sniffer.WpePro.B
Norman - - W32/WpePro.A
Panda - - Sniffer/WpePro
PCTools - - Sniffer.WpePro!sd5
Prevx1 - - Cloaked Malware
Rising - - -
Sophos - - Troj/WpePro-A
Sunbelt - - Trojan.Unclassified.gen
Symantec - - Hacktool.WPE
TheHacker - - Trojan/Wpepro.a
TrendMicro - - -
VBA32 - - Sniffer.Win32.WpePro.a
ViRobot - - Not_a_virus:Sniffer.WpePro.184320
VirusBuster - - HackTool.Agent.CONE
Webwasher-Gateway - - Trojan.Sniffer.Wpepro.A

Hi
we’ll give this a shot

Go to Malwarebytes and download Malwarebytes Anti Malware
detailed instructions are here if you need them
http://thespykiller.co.uk/index.php/topic,5946.0.html
update run and put a check mark next to any hits
Click REMOVE CHECKED a backup will be made- post the log

rt click the avast ball and update>programs
open avast and schedule a boot time scan
move any hits to chest do not delete/remove

If you have any other scanners installed like spybot, Super Anti Spyware even ad-aware
update and run them
quarantine do not remove/delete- post the logs

go to the stickies in this forum read and run a scan with hijack this
(after the above) post the log

Are you using Wpe.Pro ? Are you wanting to exclude it

from prevex -What else came along for the ride?

. COVERT ANALYSIS OF: TRZ33.TMP

* File Names Used: 223
* Paths Used: 75
* Common File Name: TRZ33.TMP
* Common Path: %WINDIR%\DOWNLOADED PROGRAM FILES\
* Vendor Information: 180solutions, Inc.
* Product Information: Seekmo
* TRZ33.TMP may use 223 or more path and file names, these are the most common:
* 1 :%temp%\{3735dc6c-d878-443d-af82-eb76932357ee}\CLIENTAX3.DLL
* 2 :%temp%\{e03960c3-a434-442a-aa96-18b84f82b8a5}\CLIENTAX6.DLL
* 3 :%TEMP%\18019.TMP
* 4 :%TEMP%\1806.TMP
* 5 :%WINDIR%\DOWNLOADED PROGRAM FILES\TRZ33.TMP_TOBEDELETED
* 6 :%WINDIR%\DOWNLOADED PROGRAM FILES\CLIENTAX.VDLL
* 7 :%WINDIR%\DOWNLOADED PROGRAM FILES\TRZ33.TMP
* 8 :?:\A00000000
* File Name Structure: Normal
* File and Path Structure: Suspicious, unusually high number of file and path combinations
  1. RELATIONSHIP ANALYSIS OF: TRZ33.TMP

    • Malicious Objects Created: None
    • Malicious Creators: 6
    • Malware Run Keys: Has registry run keys created by known malware objects
    • Self Persists:
    • Antivirus Detection: No third party antivirus detection observed
    • Anti-Spyware Detection: No third party anti-spyware detection observed
  2. ACTIVITY ANALYSIS OF: TRZ33.TMP

    • No activity has yet been observed for this object
  3. PROPAGATION ANALYSIS OF: TRZ33.TMP

    • Malware Group Propagation Rate: Moderate (spreading)
    • Malware Group: Adware 180Solutions