.TemporaryItems.lnk \ False Positive or Really infected?

Avast software antivirus & internet secu...
October 19, 2012 at 23:51:41
Specs: windows xp
Temporaryitems and .Trashes are temp files created by osx .i just copied some files with my mac and when i connected my external HDD to my pc , avast antivirus detected 2 files named Temporaryitems.lnk and trashes.lnk and found LNK:FakeFolder-B virus.

it is possible that they are false positive or they are really infected?

best regards


See More: .TemporaryItems.lnk \ False Positive or Really infected?

Report •

#1
October 20, 2012 at 00:03:30
Upload to VirusTotal for a more accurate i.d. at this link:
https://www.virustotal.com/

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
October 20, 2012 at 00:12:00
i did it. because its a *.lnk file , and its linked to cmd.exe in system folder, i can only scan cmd.exe, and it was clear, :( i cant understand

Report •

#3
October 20, 2012 at 00:17:11
Download and run Malwarebytes from this link:
http://www.malwarebytes.org/product...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

Related Solutions

#4
October 20, 2012 at 00:23:51
avast deletd and my system is clean. i just want to know that it was a virus really ? I'm scared of someone stole some data from my pc.

Report •

#5
October 20, 2012 at 00:33:27
I suggest you run Malwarebytes anyway, better safe than sorry.
Malwarebytes a special tool that removes a lot of things normal antivirus program's miss.
Update, run a quick scan and remove all it finds.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#6
October 20, 2012 at 05:27:30
If you are truly worried about the sanctity of passwords, ensure that you are on another clean machine and change them. If you are worried about cc, make sure you pay attention to your bank statement. Most of the times Malwarebytes will remove an infection.

If you want, run malwarebytes on your computer and all accessory drives(usb, portable drives), many times a .ink infection is caused through the sharing of portable drives and an auto run bypass. You can find more info here about disabling the autoruns function. The other thing that may help is to ensure that you are up to date on your security settings/updates.

:: mike


Report •

#7
October 20, 2012 at 09:44:06
thanks mikelinus,

i have a phobia that someone has captured my screen or my friends webcam ( i was on a videocall), specially when i saw this page:

it says: FakeFolder.B allows hackers to get into and carry out dangerous actions in affected computers, such as capturing screenshots, stealing personal data, etc.

virus characteristics in this page is: It is 40960 bytes in size. but my .lnk file was a 4KB!

in other aspect beacause it was on portable device, the chance of being a targeted victim is low for me, but overall im scared! help!


Report •

#8
October 20, 2012 at 09:45:22

Report •

#9
October 20, 2012 at 10:22:58
In theory an updated scan of Malwarebytes will correct the issue.

Any of these on your system?

c:\Program Files\PC-Antispy
c:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispy
c:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
c:\Documents and Settings\BC\Application Data\PC-Antispy
c:\Documents and Settings\BC\Start Menu\Programs\Startup\.protected
c:\.protected
c:\WINDOWS\.protected
c:\WINDOWS\system32\drivers\pcantispy.sys

:: mike


Report •

#10
October 20, 2012 at 11:29:36
no. whats that?

Report •

#11
October 20, 2012 at 12:08:16
It would be leftovers of the parent infection. I would say if malwarebytes is coming clean that you removed the infection. As the bytes to kb, those numbers are close. My suggestion is keep using avast, it seemed to have caught it, then every week have a scan with Malwarebytes.

:: mike


Report •

#12
October 20, 2012 at 14:57:08
farzadMJD
"avast deletd and my system is clean"
Post your log please.


Report •

#13
October 21, 2012 at 00:58:09
it was something like this:

L:\Temporaryitems.lnk LNK:FakeFolder.B [Trj]
L:\Trashes.lnk LNK:FakeFolder.B [Trj]
L:\Trailers.lnk LNK:FaekFolder.B [Trj]

i just plugged my portable device just on iMac system before my home pc detected this infection. i can't remember any pc i connected to my HDD. tel my is it possible that someone captured my screen via this virus?


Report •

#14
October 21, 2012 at 01:32:58
"tel my is it possible that someone captured my screen via this virus?"
With a virus, anything is possible.

As a first step, I would run the free Panda online scan.
Post the log please.
http://www.pandasecurity.com/homeus...

Here is some extra Panda info, tells you how to clean out System Restore after you have done the scan.
http://www.pandasecurity.com/homeus...
http://www.pandasecurity.com/homeus...


Report •

Ask Question