Jump to content

What is Auto.F5F89E.222253.in02 ?


ERG
 Share

Recommended Posts

Can you  tell us what software this file is associated with and provide a screenshot of the malware detection you're seeing. Open the UI -> click on the word Quarantine located just below and to the right of the History tab -> find the file in question in the right side Details dialog box and click on that. Then make a screenshot of that data so we have a better idea of what's going on.

If it's a legit program it might be just a simple matter of adding a custom Exclusion rule but let's see if this temp file is associated with a malicious program first.

I checked with the folks at VirusTotal and they don't seem to have any data on this file. Either that's a good thing since it hasn't been reported as malicious, or it's some kind of malware that hasn't been seen yet which wouldn't be a good thing.

Link to comment
Share on other sites

Are you using Immunet as your sole AV, or is it a companion to another AV? It may be that Immunet is quarantining that other AV's signature updates or temporary files. Does the location in your Temp folder always change? If it doesn't, you could simply create an exclusion for that file (as long as we can all be confident it's not a true detection of course). If your other AV monitors the Windows temp folder, you could, as a last resort, exclude the entire temp folder from Immunet's scanning - but that would cause a decrease in protection.

Link to comment
Share on other sites

  • 2 weeks later...

Cryptic malware detection names  often only mean that the detection name (and likely virus definition too ) were generated on the fly by some type of an artificial intelligence  detection engine.  In this case I think Immunet's Sperro engine saw enough It didn't like about your file to trigger a detection and quarantine attempt. 

Since Immunet couldn't quarantine the file that it usually means the file was in use by something Immunet couldn't stop:  Possibly a virus, possibly a false positive on a safe file that's in use  by the windows operating system itself.  Since it's a temporary file (i.e.  in the windows temp directory) whatever program that was using the file may have finished with it and deleted it when done.  or as zombuny points out  if it was indeed malicious another av program on your machine could have successfully quarantined it just before Immunet attempted to.  

Things you can do :

1) reboot the computer and immediately scan that file to see if it's still  detected  or can now be successfully quarantined.

2) upload that file to  https://www.virustotal.com  and see what other av companies detect the file as (which it sounds like Richie has already done). With any luck no  other AV products will will detect it,  in which case; sorry, Immunet's detection may have been  false positive.   On the other hand another av product may be able to identify a more helpful virus name that you can  google for  removal instructions.

 

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...