Suspicious .tmp file blocking after downloading unsafe program
Hello,
I downloaded and installed a program on September 8th that turned out to possibly be not so safe. I can provide a link to where I downloaded it on request. I don't want to post that immediately since I'm not sure what the rules on that are.
I removed the program the same day and did a full system scan with both Malwarebytes and Bitdefender the day after which came back clean, but as of a few days ago I started getting some strange notifications in Bitdefender, as follows:
Sept 17th, 2:30am: Bitdefender Antivirus successfully blocked an infected file in my AppData\Local\Temp folder that was infected with JS:Trojan:Cryxos.2843.
Sept 18th, 10:26pm: Bitdefender Antivirus detected and deleted an infected file in my AppData\Local\Temp folder
Sept 21st, 23 hours ago (7am-ish): Bitdefender Antivirus detected and deleted an infected file in my AppData\Local\Temp folder
I ran a couple subsequent scans after the first two times with Malwarebytes and Bitdefender on the Temp folder that came back clean (and am currently in the process of another full system scan with Bitdefender), but obviously I'm concerned about something being missed. Is there any more deep cleaning I can do? Some help with this would be greatly appreciated.
Comments
-
Hi Member,
JS:Trojan:Cryxos.2843 is a detection that is related to javascript malware. According to your installation directory the sample was found in temporary folders, which are only of use until you install a particular software & after that the files in the temp folder are useless.
Kindly follow below steps :
1) Restart pc in safe mode (https://support.microsoft.com/en-in/help/12376/windows-10-start-your-pc-in-safe-mode)
2) Open run command again and run below command one by one :
temp ,delete all the files in the folder
%temp% ,delete all the files in folder
prefetch ,delete all the files in folder
5) Restart your pc in general mode, by unticking the option you tick while booting in safe mode.
The issue should be resolved.
Additionally kindly share the virustotal link of the sample here.
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Thanks Flexx, I'll perform the above steps and report back once I'm done with the current full system scan (next few hours). Unfortunately I won't be able to provide a virustotal link for the detected item in question as it is no longer in my temp folder and it is not in my quarantine. I assume Bitdefender automatically deleted it when it blocked it. I can at least provide a VirusTotal link for the place I downloaded the possibly suspicious program from (https://www.virustotal.com/gui/url/c887bcfd55c76724438d477091893f482e6a91e0c2bcc145d8dd01ded7cc0812/detection). I won't be actually downloading the program again, though.
0 -
NCH software are genuine software. I just downloaded the software in the provided link and detection came back negative. Even VT shows no detection of the sample software.
Regards
Flex
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
@Flexx That's very good to hear, thank you. Scan is still in progress, so I'll post again once that's done and I've done the clearing of the temp folders as you asked.
0 -
@Flexx The full system scan came back clean, and I have deleted all the items in the three locations as instructed. I'll continue to monitor over the next week or two to see if any more infected .tmp files get detected.
0 -
NCH software are genuine software. I just downloaded the software in the provided link and detection came back negative. Even VT shows no detection of the sample software.
Regards
Flex
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0
