Infected Temp Files - keeps getting detected

[goodlad]

Hi friends,


I have noted that .. in the past 4-5 days.. I have had at least 2 days, when I keep getting infected with the same file & my AV detecting & deleting it.



The troubling issue for me, I have not visited any non-regular sites, at least on the very first time - when I got it. Last time it happened 3 times in a span of just 1 hour, same directory - different temp files. Today twice in one hour - with hr long gap.



Location of the infection is -



C:\Users\goodlad\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MG0CERDKPR9CI2Q4J5WF.temp






This is the name of the infected malware/virus or what ever it is - "Gen:Heur.Jatommy.03153.aaW@baaaa"


Last time I ran complete system scan as well just to be sure & there was no infection found - today again the same repeated.


Any other tips that I could check out ?


I have ran Malwarebytes, AV scan - today ran scan for the Windows folder alone, had no new infections.

 

[wither 2]

Which anti-virus are you using? When you get the message, can you look at the details to see if it's a PUP or something else and quarantine it?

 

[goodlad]

Which anti-virus are you using? When you get the message, can you look at the details to see if it's a PUP or something else and quarantine it?

BitDefender premium version.

My AV is detecting the infected file on its own & deleting them automatically as well - I'm getting notified every time this happens. I'm now cautious to even open my work FTP account, fearing - I may infect the server accidentally.







I have also downloaded AdWCleaner & ran scan yesterday - it found 121 unwanted pups & etc.. cleared them all.



I haven't got a new virus detection popup msg since I shared the concern on the forum (got them only once after I made my post on the same day, since then nothing)

 

[torchwood]

Hi Goodlad,

I HIGHLY suggest you goto BleepingComputers malware removal sub forum and post there. we currently do not have malware EXPERTS here

They will require the details from there Farbar tool, FRST.
note some AV's detect it as suspicious it is not

Download Farbar Recovery Scan Tool

Roy

 

[Alejandro85]

It seems like either you actually have a virus running and it keeps spawning itself over and over despite AV blocking or a malicious program in trying to install using means. It could be that you're downloading something you shouldn't or a program you already have is trying to install a malware.

What exact software do you have currently installed?

If nothing suspicious is there, I'm affraid you'll have to reformat the system, as it has been compromised.

 

[wither 2]

Although his problem seems to have gone away, it seems to me that he should, if possible, temporarily set BitDefender to not automatically delete what it finds, just so he can see exactly what it is.