Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Question about suspicious files winpatrol detected

02 Jan 2010   #11
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by BillPStudios View Post
DSmith,

It's not uncommon to see .tmp file listed as Hidden files. Hidden files are common which is why WinPatrol doesn't default to alerting you to every new hidden file.

If you right-click on the filename one of the WinPatrol options will be to View in Notepad. This might be helpful in finding out which program is creating these temp files.

btw... it was a great idea to use VirusTotal as a follow up to WinPatrol. I recommend it often.

Bill Pytlovany
BillP Studios
Hi BillP So nice to see you here!


My System SpecsSystem Spec
.
02 Jan 2010   #12
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by BillPStudios View Post
DSmith,

It's not uncommon to see .tmp file listed as Hidden files. Hidden files are common which is why WinPatrol doesn't default to alerting you to every new hidden file.

If you right-click on the filename one of the WinPatrol options will be to View in Notepad. This might be helpful in finding out which program is creating these temp files.

btw... it was a great idea to use VirusTotal as a follow up to WinPatrol. I recommend it often.

Bill Pytlovany
BillP Studios
Hi.
You know I amazed. Are you monitoring all forums?

Anyway, nice to see you here.
My System SpecsSystem Spec
02 Jan 2010   #13
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by jav View Post
Hi.
You know I amazed. Are you monitoring all forums?

Anyway, nice to see you here.
Scotty has an exceptional sense of smell and finds people needing help with WinPatrol.
My System SpecsSystem Spec
.

02 Jan 2010   #14
BillPStudios
Microsoft MVP

Win7
 
 
Thanks for the Welcome

Thank you all for the warm welcome. I can't believe how many of you are so active on so many forums.

You can thank who ever has the SevenForums Twitter account for making me aware of all the fun here. I don't get the time to scour the forums for WinPatrol questions but I did see a reference on Twitter about this thread so I figured I should stop by.

Thanks again,
Bill
My System SpecsSystem Spec
03 Jan 2010   #15
HammerHead

win 7 X64 Ultimate SP1
 
 
WinPatrol

I'm test driving WinPatrol. Does it slow down a scan by MSE?
My System SpecsSystem Spec
03 Jan 2010   #16
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by HammerHead View Post
I'm test driving WinPatrol. Does it slow down a scan by MSE?
It shouldn't...
My System SpecsSystem Spec
03 Jan 2010   #17
Corrine

Windows 7 & Windows Vista Ultimate
 
 

WinPatrol shouldn't slow down any processes. Many WinPatrol features have the option to set the time between Scotty's patrols. Scotty will patrol in "real time" for WinPatrol Plus subscribers. This means that if there is a change to a monitored feature, immediate notification will be provided. With the free version of WinPatrol, it is up to the user to set the time between patrols. Depending on your settings in Windows 7 for system tray, you will notice some "movement" by Scotty when he is on patrol.
My System SpecsSystem Spec
03 Jan 2010   #18
manhunter2826

Windows XP - Now Windows 7 Home Premium (64-bit).
 
 

Quote   Quote: Originally Posted by Corrine View Post
There you go, Dsmith148, the developer of WinPatrol responded to your post! Welcome to Seven Forums, Bill!

Malware Defense is a Rogue. It wouldn't hurt to scan with an anti-malware software such as MBAM. My standard instructions follow:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
Corinne, I'm always trying to learn here. Can I ask why the System Volume\restore should remain unchecked (as you suggested) even though MWBytes has detected malware in said folder. Sorry if it's a naive question.
My System SpecsSystem Spec
03 Jan 2010   #19
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Of course you can ask. (Corrine considers whether she should answer the question . . . )

Ok, first a bit of a rant:

Much too frequently when a person has malware problems, the first solution offered is to clear System Restore. Let me assure you that is most definitely not a solution. The only way malware in System Restore can re-infect the computer is if the computer is restored to an infected point. That said, keep in mind that System Restore is not an endless repository. Old restore points are cycled out in favor of new restore points.

The reason, however, for not clearing System Restore is that should something go horribly wrong during the cleanup process, without a restore point, there may be no other option than a repair reinstall of the operating system. Certainly an infected restore point can be better in that case, particularly if the computer is an OEM install without a repair disk. Keep in mind that antivirus and anti-malware programs do occasionally have false/positives. Also, many people seem to be of the opinion that willy-nilly registry edits is the way to clean an infected computer.

Note to self: finish that draft blog post on System Restore.

Now to answer your question:

Note also, please, that I also recommended a Quick scan. In a Full scan, MBAM (and A/V programs) scans System Restore. If it does not completely clean the file, the user may not have a good restore point. At a minimum, they will be returned to the state prior to the restore, which could be defective due to a f/p or incorrect user action.

Both Marcin Kleczynski and Bruce Harrison (MBAM developers) recommend a Quick scan. The first step should be to clear temporary files. (I recommend ATF Cleaner by Microsoft MVP Atribune, from ATF-Cleaner.exe - www.atribune.org followed by a shutdown/restart prior to scanning.)

After the computer is clean, create a fresh restore point and then use Disk Cleanup to delete all but the most recent restore point.
  • Click start, type Disk Cleanup in the search box
  • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
  • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
  • When the scan completes, check/uncheck desired boxes.
  • Next, please click the More Options tab at the top.
  • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
  • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
  • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.
Perhaps more than you asked. I hope this helps.
My System SpecsSystem Spec
03 Jan 2010   #20
manhunter2826

Windows XP - Now Windows 7 Home Premium (64-bit).
 
 

Quote   Quote: Originally Posted by Corrine View Post
Of course you can ask. (Corrine considers whether she
should answer the question . . .
)

Lol.

Ok, first a bit of a rant:

Much too frequently when a person has malware problems, the first solution offered is to clear System Restore. Let me assure you that is most definitely not a solution. The only way malware in System Restore can re-infect the computer is if the computer is restored to an infected point. That said, keep in mind that System Restore is not an endless repository. Old restore points are cycled out in favor of new restore points.

The reason, however, for not clearing System Restore is that should something go horribly wrong during the cleanup process, without a restore point, there may be no other option than a repair reinstall of the operating system. Certainly an infected restore point can be better in that case, particularly if the computer is an OEM install without a repair disk. Keep in mind that antivirus and anti-malware programs do occasionally have false/positives. Also, many people seem to be of the opinion that willy-nilly registry edits is the way to clean an infected computer.

Note to self: finish that draft blog post on System Restore.

Interesting indeed. Something I was 'taught' (perhaps incorrectly) was that, prior to removing a virus/malware infection, it would be considered good practice to turn off system restore, remove the malicious files, and then turn back on system restore. I was then taught subsequently that, no, this did not matter and was incorrect practice.
Now to answer your question:

Note also, please, that I also recommended a Quick scan. In a Full scan, MBAM (and A/V programs) scans System Restore. If it does not completely clean the file, the user may not have a good restore point. At a minimum, they will be returned to the state prior to the restore, which could be defective due to a f/p or incorrect user action.

Both Marcin Kleczynski and Bruce Harrison (MBAM developers) recommend a Quick scan. The first step should be to clear temporary files. (I recommend ATF Cleaner by Microsoft MVP Atribune, from ATF-Cleaner.exe - www.atribune.org followed by a shutdown/restart prior to scanning.)

After the computer is clean, create a fresh restore point and then use Disk Cleanup to delete all but the most recent restore point.
  • Click start, type Disk Cleanup in the search box
  • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
  • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
  • When the scan completes, check/uncheck desired boxes.
  • Next, please click the More Options tab at the top.
  • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
  • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
  • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.
Perhaps more than you asked. I hope this helps.
Once again, thanks for such a quick and detailed reply. Very kind
My System SpecsSystem Spec
Reply

 Question about suspicious files winpatrol detected




Thread Tools




Similar help and support threads
Thread Forum
Online Scanners - Scan Suspicious Files on your PC
How to Scan Suspicious Files using Online Scanners Sometimes files downloaded from the internet or copied from external USB storage may contain malicious content that your usual anti-malware defenses fail to detect. If you ever suspect this to be the case, you can upload these files to sites...
Tutorials
Using virtual machine to open suspicious PDF files.
How safe is it to open an infected file on a virtual machine? Is there no chance that the computer hosting the VM will get infected? What if it's a plug and play malware that can be transferred by USB key? Wouldn't both the host computer and the VM machine become infected if you plug in a USB...
Virtualization
Suspicious ocx-files with weak certificate, according to HitmanPro
HitmanPro reports a few "suspicious" ocx-files in the C:\Windows\SysWOW64\ folder on my notebook (Dell Studio 1558, Windows 7 Home Premium 64 bit). The filenames are COMCT332.OCX, COMDLG32.OCX, ... PICCLP32.OCX, etc. (May be the files were installed there by Visual Basic 6.) HitmanPro calls...
System Security
Files and folders disappeared from my desktop - suspicious registry.
Hi guys, Suddenly all files, folders and icons that were on my desktop have disappeared. 1. tried making "show hidden files", no luck. 2. tried using recovery software, but it did not find any of this files, so I assume they were not deletes. 3. c:/user/.../desktop does look empty from...
System Security
Virus Detected in Windows Files!, Please help fast!!!
Hi, I detected these viruses on open with the task manager (process tab),I am 100% sure that these files are infected with viruses , when these are running, my pc slows down and sometimes freezes the program i am into. The Infected files I found till now are: C:\Program Files\Windows Media...
System Security
Need suspicious files analyzed(network)
If someone in the know wouldn't mind looking at these files for me, it will be greatly appreciated! This all started with a system crash a few days ago. What I thought was a crash due to OC parameters, seems to be something entirely different. I have found NUMEROUS signs of a virtualization of my...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:40.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App