Question about suspicious files winpatrol detected

BillPStudios said:

DSmith,

It's not uncommon to see .tmp file listed as Hidden files. Hidden files are common which is why WinPatrol doesn't default to alerting you to every new hidden file.

If you right-click on the filename one of the WinPatrol options will be to View in Notepad. This might be helpful in finding out which program is creating these temp files.

btw... it was a great idea to use VirusTotal as a follow up to WinPatrol. I recommend it often.

Bill Pytlovany
BillP Studios

Hi.
You know I amazed. Are you monitoring all forums?

Anyway, nice to see you here. :)

jav said:

Hi.
You know I amazed. Are you monitoring all forums?

Anyway, nice to see you here. :)

Scotty has an exceptional sense of smell and finds people needing help with WinPatrol.

Thank you all for the warm welcome. I can't believe how many of you are so active on so many forums.

You can thank who ever has the SevenForums Twitter account for making me aware of all the fun here. I don't get the time to scour the forums for WinPatrol questions but I did see a reference on Twitter about this thread so I figured I should stop by.

Thanks again,
Bill

I'm test driving WinPatrol. Does it slow down a scan by MSE?

HammerHead said:

I'm test driving WinPatrol. Does it slow down a scan by MSE?

It shouldn't...

WinPatrol shouldn't slow down any processes. Many WinPatrol features have the option to set the time between Scotty's patrols. Scotty will patrol in "real time" for WinPatrol Plus subscribers. This means that if there is a change to a monitored feature, immediate notification will be provided. With the free version of WinPatrol, it is up to the user to set the time between patrols. Depending on your settings in Windows 7 for system tray, you will notice some "movement" by Scotty when he is on patrol.

Corrine said:

There you go, Dsmith148, the developer of WinPatrol responded to your post! Welcome to Seven Forums, Bill!

Malware Defense is a Rogue. It wouldn't hurt to scan with an anti-malware software such as MBAM. My standard instructions follow:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.

Corinne, I'm always trying to learn here. Can I ask why the System Volume\restore should remain unchecked (as you suggested) even though MWBytes has detected malware in said folder. Sorry if it's a naive question.

Of course you can ask. (Corrine considers whether she should answer the question . . . )

Ok, first a bit of a rant:

Much too frequently when a person has malware problems, the first solution offered is to clear System Restore. Let me assure you that is most definitely not a solution. The only way malware in System Restore can re-infect the computer is if the computer is restored to an infected point. That said, keep in mind that System Restore is not an endless repository. Old restore points are cycled out in favor of new restore points.

The reason, however, for not clearing System Restore is that should something go horribly wrong during the cleanup process, without a restore point, there may be no other option than a repair reinstall of the operating system. Certainly an infected restore point can be better in that case, particularly if the computer is an OEM install without a repair disk. Keep in mind that antivirus and anti-malware programs do occasionally have false/positives. Also, many people seem to be of the opinion that willy-nilly registry edits is the way to clean an infected computer.

Note to self: finish that draft blog post on System Restore.

Now to answer your question:

Note also, please, that I also recommended a Quick scan. In a Full scan, MBAM (and A/V programs) scans System Restore. If it does not completely clean the file, the user may not have a good restore point. At a minimum, they will be returned to the state prior to the restore, which could be defective due to a f/p or incorrect user action.

Both Marcin Kleczynski and Bruce Harrison (MBAM developers) recommend a Quick scan. The first step should be to clear temporary files. (I recommend ATF Cleaner by Microsoft MVP Atribune, from ATF-Cleaner.exe - www.atribune.org followed by a shutdown/restart prior to scanning.)

After the computer is clean, create a fresh restore point and then use Disk Cleanup to delete all but the most recent restore point.

• Click start, type Disk Cleanup in the search box
• Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
• Select the drive where Windows is installed (if you have more than one drive) and click "OK".
• When the scan completes, check/uncheck desired boxes.
• Next, please click the More Options tab at the top.
• Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
• Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
• The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

Perhaps more than you asked. I hope this helps.

Corrine said:

Of course you can ask. (Corrine considers whether she
should answer the question . . . )

Lol.

Ok, first a bit of a rant:

Much too frequently when a person has malware problems, the first solution offered is to clear System Restore. Let me assure you that is most definitely not a solution. The only way malware in System Restore can re-infect the computer is if the computer is restored to an infected point. That said, keep in mind that System Restore is not an endless repository. Old restore points are cycled out in favor of new restore points.

The reason, however, for not clearing System Restore is that should something go horribly wrong during the cleanup process, without a restore point, there may be no other option than a repair reinstall of the operating system. Certainly an infected restore point can be better in that case, particularly if the computer is an OEM install without a repair disk. Keep in mind that antivirus and anti-malware programs do occasionally have false/positives. Also, many people seem to be of the opinion that willy-nilly registry edits is the way to clean an infected computer.

Note to self: finish that draft blog post on System Restore.

Interesting indeed. Something I was 'taught' (perhaps incorrectly) was that, prior to removing a virus/malware infection, it would be considered good practice to turn off system restore, remove the malicious files, and then turn back on system restore. I was then taught subsequently that, no, this did not matter and was incorrect practice.
Now to answer your question:

Note also, please, that I also recommended a Quick scan. In a Full scan, MBAM (and A/V programs) scans System Restore. If it does not completely clean the file, the user may not have a good restore point. At a minimum, they will be returned to the state prior to the restore, which could be defective due to a f/p or incorrect user action.

Both Marcin Kleczynski and Bruce Harrison (MBAM developers) recommend a Quick scan. The first step should be to clear temporary files. (I recommend ATF Cleaner by Microsoft MVP Atribune, from ATF-Cleaner.exe - www.atribune.org followed by a shutdown/restart prior to scanning.)

After the computer is clean, create a fresh restore point and then use Disk Cleanup to delete all but the most recent restore point.

• Click start, type Disk Cleanup in the search box
• Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
• Select the drive where Windows is installed (if you have more than one drive) and click "OK".
• When the scan completes, check/uncheck desired boxes.
• Next, please click the More Options tab at the top.
• Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
• Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
• The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

Perhaps more than you asked. I hope this helps.

Once again, thanks for such a quick and detailed reply. Very kind :)