ERG Posted October 3, 2019 Report Share Posted October 3, 2019 Immunet is flagging this as malware it is unable to quarantine. This is a Win7 machine, and the location is logged as C:\Windows\Temp\tmp0000650d\tmp..... Clues welcome. Link to comment Share on other sites More sharing options...
ritchie58 Posted October 4, 2019 Report Share Posted October 4, 2019 Can you tell us what software this file is associated with and provide a screenshot of the malware detection you're seeing. Open the UI -> click on the word Quarantine located just below and to the right of the History tab -> find the file in question in the right side Details dialog box and click on that. Then make a screenshot of that data so we have a better idea of what's going on. If it's a legit program it might be just a simple matter of adding a custom Exclusion rule but let's see if this temp file is associated with a malicious program first. I checked with the folks at VirusTotal and they don't seem to have any data on this file. Either that's a good thing since it hasn't been reported as malicious, or it's some kind of malware that hasn't been seen yet which wouldn't be a good thing. Link to comment Share on other sites More sharing options...
zombunny2 Posted October 8, 2019 Report Share Posted October 8, 2019 Are you using Immunet as your sole AV, or is it a companion to another AV? It may be that Immunet is quarantining that other AV's signature updates or temporary files. Does the location in your Temp folder always change? If it doesn't, you could simply create an exclusion for that file (as long as we can all be confident it's not a true detection of course). If your other AV monitors the Windows temp folder, you could, as a last resort, exclude the entire temp folder from Immunet's scanning - but that would cause a decrease in protection. Link to comment Share on other sites More sharing options...
Rob.T Posted October 17, 2019 Report Share Posted October 17, 2019 Cryptic malware detection names often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence detection engine. In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop: Possibly a virus, possibly a false positive on a safe file that's in use by the windows operating system itself. Since it's a temporary file (i.e. in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done. or as zombuny points out if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to. Things you can do : 1) reboot the computer and immediately scan that file to see if it's still detected or can now be successfully quarantined. 2) upload that file to https://www.virustotal.com and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no other AV products will will detect it, in which case; sorry, Immunet's detection may have been false positive. On the other hand another av product may be able to identify a more helpful virus name that you can google for removal instructions. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now