Jump to content
ERG

What is Auto.F5F89E.222253.in02 ?

Recommended Posts

Immunet is flagging this as malware it is unable to quarantine.

This is a Win7 machine, and the location is logged as C:\Windows\Temp\tmp0000650d\tmp.....

Clues welcome.

Share this post


Link to post
Share on other sites

Can you  tell us what software this file is associated with and provide a screenshot of the malware detection you're seeing. Open the UI -> click on the word Quarantine located just below and to the right of the History tab -> find the file in question in the right side Details dialog box and click on that. Then make a screenshot of that data so we have a better idea of what's going on.

If it's a legit program it might be just a simple matter of adding a custom Exclusion rule but let's see if this temp file is associated with a malicious program first.

I checked with the folks at VirusTotal and they don't seem to have any data on this file. Either that's a good thing since it hasn't been reported as malicious, or it's some kind of malware that hasn't been seen yet which wouldn't be a good thing.

Share this post


Link to post
Share on other sites

Are you using Immunet as your sole AV, or is it a companion to another AV? It may be that Immunet is quarantining that other AV's signature updates or temporary files. Does the location in your Temp folder always change? If it doesn't, you could simply create an exclusion for that file (as long as we can all be confident it's not a true detection of course). If your other AV monitors the Windows temp folder, you could, as a last resort, exclude the entire temp folder from Immunet's scanning - but that would cause a decrease in protection.

Share this post


Link to post
Share on other sites

Cryptic malware detection names  often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence  detection engine.  In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. 

Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop:  Possibly a virus, possibly a false positive on a safe file that's in use  by the windows operating system itself.  Since it's a temporary file (i.e.  in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done.  or as zombuny points out  if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to.  

Things you can do :

1) reboot the computer and immediately scan that file to see if it's still  detected  or can now be successfully quarantined.

2) upload that file to  https://www.virustotal.com  and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no  other AV products will will detect it,  in which case; sorry, Immunet's detection may have been  false positive.   On the other hand another av product may be able to identify a more helpful virus name that you can  google for  removal instructions.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...