Temp files keep generating - windows 7 pro - potential virus ?
I have a DELL OptiPlex 790, running windows 7 32bit professional. My antivirus picked up some files through its realtime protection. There were files appearing in the 'downloads' folder, for this user. The files were blocked and quarantined by the AV, but now there seems to be another issue.
When I navigate to the temp directory on this profile, using the %temp% file path, it seems that there are new folders constantly appearing. They look like long strings of characters, with braces before and after the folder names. Some of the subfolders are 'pepperflash', 'default', 'pnacl', 'swiftshader', and 'widevineCDM'.
They are literally appearing every minute, and there are currently over 14,000 folders and subfolders in this temp directory.
I have run scans with my antivirus, a vipre product, and Malware Bytes. Malware Bytes removed a PUP - softonic universal downloader, but the temp files keep coming in. I do not know of any new software downloaded by this user, on this PC. Other than that PUP, both the Malware Bytes scan, and the vipre scans came up clean.
These directories, and subdirectories, are shown in the word doc I attached. It is a screen shot.
Please let me know if this is a virus running undetected, or if it could be something else. I thought the subdirectories could have been related to google chrome, based on a web search, but I have removed google chrome from this PC, and the folders keep appearing.
Thank you!
temp-files-generating---6-11-14.docx
When I navigate to the temp directory on this profile, using the %temp% file path, it seems that there are new folders constantly appearing. They look like long strings of characters, with braces before and after the folder names. Some of the subfolders are 'pepperflash', 'default', 'pnacl', 'swiftshader', and 'widevineCDM'.
They are literally appearing every minute, and there are currently over 14,000 folders and subfolders in this temp directory.
I have run scans with my antivirus, a vipre product, and Malware Bytes. Malware Bytes removed a PUP - softonic universal downloader, but the temp files keep coming in. I do not know of any new software downloaded by this user, on this PC. Other than that PUP, both the Malware Bytes scan, and the vipre scans came up clean.
These directories, and subdirectories, are shown in the word doc I attached. It is a screen shot.
Please let me know if this is a virus running undetected, or if it could be something else. I thought the subdirectories could have been related to google chrome, based on a web search, but I have removed google chrome from this PC, and the folders keep appearing.
Thank you!
temp-files-generating---6-11-14.docx
Gabriel Clifton
pepperflash is a part of Adobe flash player, pnacl and widevineCDM I believe are a part of Google Chrome, and swiftshader is a part of SwiftShader GPU renderer. If any of that is running, I would believe most of that is safe.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run chameleon from mbam (malwarebytes.org/chameleo
Is this the only user profile on this computer? If there is more than one user profile who uses this machine and it is only affecting the one user, then I would try a different strategy I would rename the user profile to User.old, then create a new user profile for the user, then migrate their data back to the user's profile. Make sure everything is working well for the user, then delete the user's old profile.
How about running system restore, to a restore point before this issue occurred.
How about running system restore, to a restore point before this issue occurred.
Yes system restore is your friend.
I would rather take the help utility like "procmon" or Process Monitor to find which application, executable is causing the temp files.
Info:
http://technet.microsoft.com/en-in/sysinternals/bb896645
Download:
http://download.sysinternals.com/files/ProcessMonitor.zip
Run it with right click "Run As Administrator" and go to Filter => Filter. Create a filter to check what application is created the file in temp folders.
"Path" "contains" C:\Windows\Temp" "include" and similarly for User profile temp folder.
Sudeep
Info:
http://technet.microsoft.com/en-in/sysinternals/bb896645
Download:
http://download.sysinternals.com/files/ProcessMonitor.zip
Run it with right click "Run As Administrator" and go to Filter => Filter. Create a filter to check what application is created the file in temp folders.
"Path" "contains" C:\Windows\Temp" "include" and similarly for User profile temp folder.
Sudeep