Author Topic: Real threat or false positive (with Avast 5)?  (Read 15364 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #30 on: August 22, 2010, 10:33:07 PM »
Quote
Total Files Cleaned = 46.00 mb
That cleared a bit  ;D

It also found the network temp and local service temp.  So any alerts should be gone.  Do you have any problems ?

All processes killed
========== OTL ==========
HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\guest2\My Documents\otl\cmd.bat deleted successfully.
C:\Documents and Settings\guest2\My Documents\otl\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: guest2
->Temp folder emptied: 522407 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47929942 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 838 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: true_til_death
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 46.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: guest2
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: true_til_death
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Restore points cleared and new OTL Restore Point set!
 
OTL by OldTimer - Version 3.2.10.0 log created on 08222010_120012

Files\Folders moved on Reboot...
C:\Documents and Settings\guest2\Local Settings\Temp\~DF92E.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT02524.TMP not found!

Registry entries deleted on Reboot...

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Real threat or false positive (with Avast 5)?
« Reply #31 on: August 22, 2010, 10:39:08 PM »
I've attached the log to this post. Also, I don't know if I've said it yet, so thanks everyone for the help.
Congratulations you have reached 20 posts. :)

Please Go to PROFILE then Modify Profile then Forum Profile Information then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #32 on: August 23, 2010, 09:22:03 PM »
I added as much info to my sig as I could. Don't really know what else to add. I got another warning this morning when I turned my computer on about two more .tmp files. I ran Dr. Web again, this time a full scan (I just did an express scan last time). It found something, but this time I looked into it and confirmed it was a false positive (the file belonged to SDFix, which I used once a long time ago).
« Last Edit: August 23, 2010, 11:38:47 PM by ZeroTheHero »
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #33 on: August 23, 2010, 09:29:24 PM »
Could you update to IE8 https://www.microsoft.com/uk/windows/internet-explorer/worldwide-sites.aspx then once installed
Go to Tools > Internet options >Advanced>Security and place a check mark against "Empty temporary internet files folders when browser is closed"

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Real threat or false positive (with Avast 5)?
« Reply #34 on: August 23, 2010, 10:23:45 PM »
Could you update to IE8 https://www.microsoft.com/uk/windows/internet-explorer/worldwide-sites.aspx then once installed
Go to Tools > Internet options >Advanced>Security and place a check mark against "Empty temporary internet files folders when browser is closed"
+1

Quote
Stay Safer Online
The Internet has enhanced our lives in nearly every way. However, as more of the things we do every day depend on the Internet, online crime has risen in turn.

Cybercriminals are using increasingly sophisticated and deceptive methods such as:

Malware - software that a cybercriminal can use to steal your bank account information, track everything you type, send out malicious software or spam, or harm your computer.

Phishing - an attack where a cybercriminal pretends to be a legitimate organization, such as your bank, in order to deceive you into giving up personal information such as credit card numbers and account information.
http://www.microsoft.com/windows/internet-explorer/features/safer.aspx

Quote
Increased performance
Internet Explorer 8 includes many performance improvements that contribute to a faster, more responsive web browsing experience in the areas that matter most. Internet Explorer 8 starts quickly, loads pages fast and instantly gets you started on what you want to do next by using a powerful new tab page. In addition, the script engine in Internet Explorer 8 is significantly faster than in previous versions, minimizing the load time for webpages based on JavaScript or Asynchronous JavaScript and XML (AJAX).
http://www.microsoft.com/windows/internet-explorer/features/faster.aspx
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #35 on: August 23, 2010, 11:37:55 PM »
Thanks again for the responses. I never use IE, so I don't know if I want to take the time to update it. I've used Firefox for a few years now, and that's up to date. I also have Safari and Chrome,though I don't use Safari (it was on the computer already when I got it from a relative), and I rarely use Chrome.
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Real threat or false positive (with Avast 5)?
« Reply #36 on: August 24, 2010, 02:47:10 PM »
You do not have to use IE but it is the basic part of the Windows Shell
Quote
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.
http://en.wikipedia.org/wiki/Windows_Explorer
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7087
  • Be alert for error code - ID 10T
Re: Real threat or false positive (with Avast 5)?
« Reply #37 on: August 24, 2010, 06:18:03 PM »
***

You do not have to use IE but it is the basic part of the Windows Shell
Quote
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Controlling the computer is possible without Windows Explorer running (for example, the File | Run command in Task Manager on NT-derived versions of Windows will function without it, as will commands typed in a command prompt window). It is sometimes referred to as the Windows Shell, explorer.exe, or simply “Explorer”.
http://en.wikipedia.org/wiki/Windows_Explorer

Which means IE needs to be updated.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Real threat or false positive (with Avast 5)?
« Reply #38 on: August 24, 2010, 09:53:43 PM »
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline johnk4

  • Newbie
  • *
  • Posts: 4
Re: Real threat or false positive (with Avast 5)?
« Reply #39 on: September 26, 2010, 12:40:57 AM »
I presume you sorted this out but for the benefit of other Avast users -- I had the same problem (file alerts with files in the format dBP*.tmp).

I guessed they were temp files created by the ripping program dBpoweramp (http://www.dbpoweramp.com/) -- confirmed by the author: http://forum.dbpoweramp.com/showthread.php?t=22043

Offline akama1

  • Sr. Member
  • ****
  • Posts: 286
  • Never give up on anything!
Re: Real threat or false positive (with Avast 5)?
« Reply #40 on: September 26, 2010, 05:53:58 AM »
hey how did the behaviour shield alert looked like?
win7 ultimate 32 bit/ 3gb ram/intel core 2 duo 2.1 ghz/ avast 7 free / comodo firewall 5.9/ mbam free/ emsisoft emergency kit/ CCE