Author Topic: What is this?  (Read 7952 times)

0 Members and 1 Guest are viewing this topic.

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

doktornotor

  • Guest
Re: What is this?
« Reply #1 on: May 12, 2010, 02:42:48 PM »
Those are NOT avast files. Those are files that avast scanned, using that directory as temporary placeholder. The fact that they are lingering there still would suggest that you have some conflicting antivirus/antimalware installed which prevented avast from deleting those *.tmp files.

You shouldn't run two AVs in realtime first; in case you run something like Immunet Protect or whatnot (claimed to be compatible w/ other AVs), to prevent this from occurring again, you should exclude that directory from scanning in whatever other security SW you have installed.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: What is this?
« Reply #2 on: May 12, 2010, 02:46:16 PM »
False positives of avast temporary files.
I don't think MBAM has an exclusion list (to add them previously).
The best things in life are free.

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: What is this?
« Reply #3 on: May 12, 2010, 02:47:49 PM »
Look at the VirusTotal links I posted, they are not FP's. How do I get rid of those nasties for good? And no, I don't have two AV's or any conflicting software (see my signature). Thank you!
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

doktornotor

  • Guest
Re: What is this?
« Reply #4 on: May 12, 2010, 02:49:12 PM »
False positives of avast temporary files.
I don't think MBAM has an exclusion list (to add them previously).

MBAM won't cause them to stay there. Normally this stuff gets deleted once avast is done doing it's job. If something else locks the files meanwhile, fighting w/ avast for control over them, then they may be left there and the clutter will cummulate in that directory. So, what I means is NOT to exclude the directory in MBAM, but to prevent those from staying there in the first place.  ;)

P.S. Just delete them to get rid of them.  ;D

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: What is this?
« Reply #5 on: May 12, 2010, 02:49:19 PM »
those files could be avast crash dump temp files I think, generated while the actual dump files are saved in the alwill folder in program data...they shouldn't be flagged by MBAM >>> FPs

ps: my guess is that the dump files must contain traces referring to an actual infection, explaining the detection.
« Last Edit: May 12, 2010, 02:53:41 PM by Logos »
w7 - ais7

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: What is this?
« Reply #6 on: May 12, 2010, 02:52:00 PM »
Please look at the VirusTotal links in my first post.

I think that these are the files that were created by Avast when I scanned an infected rar or zip file and Avast didn't detect them. So:

1. Are these files able to harm my computer?

2. How do I get rid of them and why didn't Avast delete them?

Thank you!
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: What is this?
« Reply #7 on: May 12, 2010, 02:52:33 PM »
I edited my last post, see ps . Whatever, these are genuine Avast temp files may be just referring to avast detections. I made a mistake though ::) : I referred to dump files because they got the same unp naming.
« Last Edit: May 12, 2010, 02:58:05 PM by Logos »
w7 - ais7

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: What is this?
« Reply #8 on: May 12, 2010, 02:57:52 PM »
OK, I deleted them (all four), but left the Webshlock.txt file there, is that OK?

Can someone tell me if the infected files that are NOT detected by Avast can "escape" from that Temp folder and do harm?

I had to copy those 4 files out of the Temp folder to be able to upload them to VirusTotal (because it said that the folder has access denied). But I deleted them with ni problem in Windows Explorer. Why weren't they deleted by Avast already? I'll reboot my PC now, to see if they will be really gone then...

Thank you.
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: What is this?
« Reply #9 on: May 12, 2010, 02:59:53 PM »
OK, I deleted them (all four), but left the Webshlock.txt file there, is that OK?

Can someone tell me if the infected files that are NOT detected by Avast can "escape" from that Temp folder and do harm?

I had to copy those 4 files out of the Temp folder to be able to upload them to VirusTotal (because it said that the folder has access denied). But I deleted them with ni problem in Windows Explorer. Why weren't they deleted by Avast already? I'll reboot my PC now, to see if they will be really gone then...

Thank you.

these are not infected files, they're just avast temp files from Avast with references to detections, or updates, I'm not sure at all >>> your system may be really infected, I don't know. You should have attempted to open them with a word processor to read the content.
w7 - ais7

doktornotor

  • Guest
Re: What is this?
« Reply #10 on: May 12, 2010, 03:01:50 PM »
But I deleted them with ni problem in Windows Explorer. Why weren't they deleted by Avast already? I'll reboot my PC now, to see if they will be really gone then...

See... I already tried to explain. I can reproduce the issue very easily once I install e.g. ClamWin or Immunet Protect and forget to exclude that folder. Yeah, you can delete them perfectly fine after that - but, avast cannot delete them at the time it tries since something else is holding a lock on those files when it tries. Naturally, avast stops caring after that and won't try indefinitely to wipe them.

Are you running the SAS/MBAM stuff in realtime? (I.e., are those the paid versions you use?)

Another thing that'd come to mind is the windows indexing service causing this. Try to disable indexing for that directory.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: What is this?
« Reply #11 on: May 12, 2010, 03:03:24 PM »
MBAM won't cause them to stay there.
Who's saying that? ???

So, what I means is NOT to exclude the directory in MBAM, but to prevent those from staying there in the first place.  ;)
It's a matter of conflict, not to prevent staying there... There will be always a moment when avast is scanning and MBAM also...
The best things in life are free.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: What is this?
« Reply #12 on: May 12, 2010, 03:05:55 PM »
there's another thread here about these unp files found in win temp folder
http://forum.avast.com/index.php?topic=56153
« Last Edit: May 12, 2010, 03:08:23 PM by Logos »
w7 - ais7

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: What is this?
« Reply #13 on: May 12, 2010, 03:09:02 PM »
I use SAS and MBAM free versions (on demand only), so there's no conflict with Avast. That files were created when I scanned an infected package (but not detected by Avast). I would like to know it the files created when Avast scans a package can infect my PC. And I don't know why Avast couldn't delete them.
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

doktornotor

  • Guest
Re: What is this?
« Reply #14 on: May 12, 2010, 03:10:32 PM »
And I don't know why Avast couldn't delete them.

Are you actually reading my replies? If something holds a lock on them, it can't delete them... Whether the lock is released later on is irrelevant, they'll stay there. Once again, disable the indexing for that directory and see whether the issue is gone.