Gen:Variant.Urse.925550 multiple item blocked messages huge temp files

Starting yesterday, dozens of these messages from BitDefender Free -- and at the directory there are huge temp files. The hard drive also appears to be running hotter than normal.

Any ideas on what this is? How do I discover which app/program is making these temp files? Is it Windows itself?


Thank you.

Comments

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    As such it is not possible to tell which application is generating the temporary files. Can you upload a sample on virustotal & share the respective virustotal link.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • There are dozens and dozens. One at random 15.55 MB uploaded to VirusTotal comes back as:

    18 engines detected this file



    b27993eea1cca8f8dd54ceeabaed7d1de537430d6409e3992577d085bca9b838

    Easyboost Photo Print.exe

  • And the second one at random restored from Quarantine (has padlock icon, so I assume it means locked and can't delete it)

    14

    / 71


    Community

    Score



    14 engines detected this file



    2e3570b98746ce136c49328402e004c435b9f1f9754dd96cc56e725ead17c746

    tmp00001112

    15.55 MB

    Size

    2020-07-01 21:24:14 UTC

    1 minute ago


    64bits assembly peexe

    DETECTION

    DETAILS

    BEHAVIOR

    COMMUNITY

    Ad-Aware


    Gen:Variant.Ursu.925550

    ALYac


    Gen:Variant.Ursu.925550

    Antiy-AVL


    Trojan/Win32.Wacatac

    SecureAge APEX


    Malicious

    Arcabit


    Trojan.Ursu.DE1F6E

    BitDefender


    Gen:Variant.Ursu.925550

    Cybereason


    Malicious.a6bbd9

    Emsisoft


    Gen:Variant.Ursu.925550 (B)

    eScan


    Gen:Variant.Ursu.925550

    FireEye


    Generic.mg.86bf581a6bbd9f3e

    GData


    Gen:Variant.Ursu.925550

    MAX


    Malware (ai Score=80)

    Sophos ML


    Heuristic

    Trapmine


    Suspicious.low.ml.score

  • Deleted the Easyboost photo app and its folder but dozens of files being created in the temp folder again and can't delete them as won't give me access and won't allow me to change permissions. Hard disk running a lot, 42C, busy. And Virustotal on the latest random temp file created warns...

    So - got no idea what to do really unless some app can remove this problem. I hope I don't find my hard disk is being ransomware encrypted. Or maybe my PC has been turned into a miner for some coin. Whatever it is, I don't see how to stop it. Any pointers would be great.

    14 engines detected this file



    9a493aef2a8a0d1479941bc14c30970c4f8083ed4c0aa9f15c301ab231eedd10

    tmp0000cf81

    15.55 MB

    Size

    2020-07-01 22:14:10 UTC

    a moment ago


    64bits assembly peexe

    DETECTION

    DETAILS

    BEHAVIOR

    COMMUNITY

    Ad-Aware


    Gen:Variant.Ursu.925550

    ALYac


    Gen:Variant.Ursu.925550

    Antiy-AVL


    Trojan/Win32.Wacatac

    SecureAge APEX


    Malicious

    Arcabit


    Trojan.Ursu.DE1F6E

    BitDefender


    Gen:Variant.Ursu.925550

    Cybereason


    Malicious.2ca943

    Emsisoft


    Gen:Variant.Ursu.925550 (B)

    eScan


    Gen:Variant.Ursu.925550

    FireEye


    Generic.mg.f4fb5f32ca943395

    GData


    Gen:Variant.Ursu.925550

    MAX


    Malware (ai Score=88)

    Sophos ML


    Heuristic

    Trapmine


    Suspicious.low.ml.score

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited July 2020

    @Lee33

    It is quiet common that if you try to delete files in general mode, some files will not be deleted since those are used by the system.

    For this you will have to go into safe mode.

    1) Restart pc in safe mode (https://support.microsoft.com/en-in/help/12376/windows-10-start-your-pc-in-safe-mode)

    2) Delete the files available in the folder which you were not able to delete.

    3) Open run command again and run below command one by one :

    temp ,delete all the files in the folder

    %temp% ,delete all the files in folder

    prefetch ,delete all the files in folder

    4) Afterwards, try to do a full scan with bitdefender in safe mode, if possible, otherwise do a full syatem scan

    5) Restart pc in general mode (by untick the option that you applied while going into safe mode and click apply)

    Kindly keep posted.

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you, Flexx.

    Since removing the folder with that software program, running a temp file cleaning app, disconnecting an external drive used for backups and rebooting, this problem has so far stopped. What was curious was after I rebooted, Windows 7 gave me the flag message in task bar that no anti-virus was switched on and to switch one on (offering a choice of Bitdefender Free or Windows Defender). I do not know why it did that reset and offered me that option. It very seldom happens. I chose BD but Windows still downloaded an update for WD too. I then did a quick scan with WD (negative).

    I will post an update if problem returns.

    Regards

    L

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    If your issue is resolved, kindly click on agree/ accepted

    Regards

    Flex

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)