Infected Temporary Files

Hi,

I have a problem with infected files being created in Windows’ temporary folders.

avast! keeps warning me that VBS:Obfuscated-gen [trj] was detected in .htm files being created in Temporary Internet Files/Content.IE5/…
I talked with a virus specialist, and he explained me that those files appear because some other computer or computers in my network, willingly or unwillingly deviate the traffic through them, using IP spoofing or something like that, and then modify the packets, so that inffected files can get on the other computers.

The good thing is that avast! can protect me from such files, as it instantly detect them. The bad part is the fact that every time, avast! displays the warning message, asking me what to do (I choose to delete them, of course), but it is sooo annoying. I wish that at least there was a way to configure avast! so that it automatically deletes infected files upon detection, without promting me what to do, but I couldn’t find such an option anywhere in the avast! settings.

The infected files have names like in[1].htm, ads[1].htm, so I tried to block such files from being created using COMODO’s Defense+, to no succes. Infected files are still being created in the temporary folders, but this time they have a random and quite long sequence of letters as a name.

Whar should I do?

Thank you.

I would do this:

  • delete all temp files using ccleaner
  • protect your hostfile, look with netstat if you see strange connections…
  • use spywareblaster to protect your browser
  • scan with your computer with super anti spyware
  • scan your computer with malware bytes
  • visit only good sites… to help you identify bad websites use mcafee siteadvisor, ve engine…
  • if using firefox, download add ons like ad blocker plus and no script…
  • use an analyzer tool like hitman pro 3
  • if you use Vista, leave UAC on…
  • allow only direct cookies in browsers…
  • stealth all unused ports…
  • use NAT and hardware firewall

some good tips for you… (:WIN)

Do you have any idea how I can prevent Yahoo! Messenger from creating temporary files (by using COMODO’s DEFENSE+ or by other means)? I tried to create a rule that should block Y!Messenger to access the temporary folders, but with no success.

Hi!

wel you can try and reset your firewall configuration and add the temp files to your protected files, when something is trying to modify the contents of the temporary folders you get alerted…

Let me know if things worked out good for you…

(V) :THNK

If you go to…

DEFENSE+/Avanced/Computer Security Policy/

Then double click the executable i.e. YahooMSGR.EXE

When the “Application System Activity Control” window pops up, tick the “Use a Custom Policy” and on the bottom right, in blue writing it should say “Access Rights” and double click the text.

Then the “Process Access Rights” window should popup and if you look down the list it says “Protected Files/Folders” and on the right to that their is a button called “Modify”, click that and when the “Protected Files/Folders” window pops up click the “Blocked Files/Folders” tab.

On the right it should have a “Add” button, click that and go down to “Browse” and click that. Now you should be looking at the directory window. Simply drag the directory to the right i.e the temporary file folder.