Suspicious file in user Temp folder - how do i remove it?

Mohan Rajan

Level 2
Thread author
Verified
May 7, 2016
85
What is this file and how to remove it?
Recently, a Hitmanpro scan detected the following file in my temp folder but could not remove it.
No other security app has detected the file as malware.
I cannot delete it manually even on reboot as the file or it's variant reappears.
a scan on virus total shows no detection.
The filename is:
MBX@2A80@DB1778.###.temp.temp
any ideas?
 

Overlord

Level 10
Verified
Content Creator
Well-known
Feb 22, 2013
451
What is this file and how to remove it?
Recently, a Hitmanpro scan detected the following file in my temp folder but could not remove it.
No other security app has detected the file as malware.
I cannot delete it manually even on reboot as the file or it's variant reappears.
a scan on virus total shows no detection.
The filename is:
MBX@2A80@DB1778.###.temp.temp
any ideas?
You have an infected system. You should seek professional help.
Malware Removal Assistance
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
The file in question is back after the reboot because the process that creates it is active.
This temp. file can be produced by a legitimate application or by an active malware.
If you notice infection symptoms or think you may be infected then you should open a thread in the MRA.
 

Mohan Rajan

Level 2
Thread author
Verified
May 7, 2016
85
i booted in safe mode and deleted the file.
However, i could not boot back into windows.
the system stopped at the pre lock screen and there was no way i could enter the pin as the page did'nt show up.
so i had to restore from yesterday's backup image using macrium reflect.
I think the file is used by microsoft?
 
  • Like
Reactions: Der.Reisende

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Mohan- Listen to Tim. You can proceed by the following:

1). submit the file to VirusTotal and see what that shows (HMP isn't always the Word of God).
2). Then type MSCONFIG in the search box, open it and click the Startup tab- look for anything suspicious.
 
  • Like
Reactions: Der.Reisende

Mohan Rajan

Level 2
Thread author
Verified
May 7, 2016
85
I really think you should go here. Malware Removal Assistance
TwinHeadedEagle would be happy to help. I'm not trying to be insulting but it would be more appropriate for Eagle to help as he is a professional.
No offence. but i have my reasons for not seeking assistance. in any case i have about 12 pieces of security software and chances of an infection are not that high but wanted to rule out any possible zero day threat.
 
  • Like
Reactions: Ana_Filiz

Ana_Filiz

Level 4
Verified
Well-known
Aug 23, 2016
193
I thought so and i have 3 products of theirs - usb block secure usb and folder lock
thanks for confirming my suspicion.

You're welcome. I had the same problem and by myself with a monitoring software i figured it up from where that file came from. Never panic and try to be rational and the problem will have a solution. :)
 

Mohan Rajan

Level 2
Thread author
Verified
May 7, 2016
85
You're welcome. I had the same problem and by myself with a monitoring software i figured it up from where that file came from. Never panic and try to be rational and the problem will have a solution. :)
could you share the name of the software that you used to monitor the source of the file in temp folder?
thanks.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top