Gen:Variant.Urse.925550 multiple item blocked messages huge temp files
Starting yesterday, dozens of these messages from BitDefender Free -- and at the directory there are huge temp files. The hard drive also appears to be running hotter than normal.
Any ideas on what this is? How do I discover which app/program is making these temp files? Is it Windows itself?
Thank you.
Comments
-
As such it is not possible to tell which application is generating the temporary files. Can you upload a sample on virustotal & share the respective virustotal link.
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
There are dozens and dozens. One at random 15.55 MB uploaded to VirusTotal comes back as:
18 engines detected this file
b27993eea1cca8f8dd54ceeabaed7d1de537430d6409e3992577d085bca9b838
Easyboost Photo Print.exe
0 -
And the second one at random restored from Quarantine (has padlock icon, so I assume it means locked and can't delete it)
14
/ 71
Community
Score
14 engines detected this file
2e3570b98746ce136c49328402e004c435b9f1f9754dd96cc56e725ead17c746
tmp00001112
15.55 MB
Size
2020-07-01 21:24:14 UTC
1 minute ago
64bits assembly peexe
Ad-Aware
Gen:Variant.Ursu.925550
ALYac
Gen:Variant.Ursu.925550
Antiy-AVL
Trojan/Win32.Wacatac
SecureAge APEX
Malicious
Arcabit
Trojan.Ursu.DE1F6E
BitDefender
Gen:Variant.Ursu.925550
Cybereason
Malicious.a6bbd9
Emsisoft
Gen:Variant.Ursu.925550 (B)
eScan
Gen:Variant.Ursu.925550
FireEye
Generic.mg.86bf581a6bbd9f3e
GData
Gen:Variant.Ursu.925550
MAX
Malware (ai Score=80)
Sophos ML
Heuristic
Trapmine
Suspicious.low.ml.score
0 -
Deleted the Easyboost photo app and its folder but dozens of files being created in the temp folder again and can't delete them as won't give me access and won't allow me to change permissions. Hard disk running a lot, 42C, busy. And Virustotal on the latest random temp file created warns...
So - got no idea what to do really unless some app can remove this problem. I hope I don't find my hard disk is being ransomware encrypted. Or maybe my PC has been turned into a miner for some coin. Whatever it is, I don't see how to stop it. Any pointers would be great.
14 engines detected this file
9a493aef2a8a0d1479941bc14c30970c4f8083ed4c0aa9f15c301ab231eedd10
tmp0000cf81
15.55 MB
Size
2020-07-01 22:14:10 UTC
a moment ago
64bits assembly peexe
Ad-Aware
Gen:Variant.Ursu.925550
ALYac
Gen:Variant.Ursu.925550
Antiy-AVL
Trojan/Win32.Wacatac
SecureAge APEX
Malicious
Arcabit
Trojan.Ursu.DE1F6E
BitDefender
Gen:Variant.Ursu.925550
Cybereason
Malicious.2ca943
Emsisoft
Gen:Variant.Ursu.925550 (B)
eScan
Gen:Variant.Ursu.925550
FireEye
Generic.mg.f4fb5f32ca943395
GData
Gen:Variant.Ursu.925550
MAX
Malware (ai Score=88)
Sophos ML
Heuristic
Trapmine
Suspicious.low.ml.score
0 -
It is quiet common that if you try to delete files in general mode, some files will not be deleted since those are used by the system.
For this you will have to go into safe mode.
1) Restart pc in safe mode (https://support.microsoft.com/en-in/help/12376/windows-10-start-your-pc-in-safe-mode)
2) Delete the files available in the folder which you were not able to delete.
3) Open run command again and run below command one by one :
temp ,delete all the files in the folder
%temp% ,delete all the files in folder
prefetch ,delete all the files in folder
4) Afterwards, try to do a full scan with bitdefender in safe mode, if possible, otherwise do a full syatem scan
5) Restart pc in general mode (by untick the option that you applied while going into safe mode and click apply)
Kindly keep posted.
Regards
Flex
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Thank you, Flexx.
Since removing the folder with that software program, running a temp file cleaning app, disconnecting an external drive used for backups and rebooting, this problem has so far stopped. What was curious was after I rebooted, Windows 7 gave me the flag message in task bar that no anti-virus was switched on and to switch one on (offering a choice of Bitdefender Free or Windows Defender). I do not know why it did that reset and offered me that option. It very seldom happens. I chose BD but Windows still downloaded an update for WD too. I then did a quick scan with WD (negative).
I will post an update if problem returns.
Regards
L
0 -
If your issue is resolved, kindly click on agree/ accepted
Regards
Flex
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1
