I keep getting messages from McAfee Internet Security about some file within a folder that constantly changes in my Appdata/Local/Temp about this Trojan?
The folder and the .exe file that trigger the response are always randomly lettered, and have never shared the same string of letters (no numbers)
Is this a false positive or is there a virus embedded within my computer that's constantly restoring the Trojan?
The last time this occoured (20 minutes ago) the folder was named "rwvrcuxqepwh", containing a set of various .dll files and the "infected" .exe file was called "rqjsxfkmjf.exe". McAfee has removed the infected file, but not the folder itself.
Sounds like malware have you tried clearing all temp files and folders. Run the windows cleanup tool and see if that helps.
Then try restore point prior to this happening if the cleanup fails to stop this
I've cleaned out the temp folder manually, as well as using the tool, but it's still happening.
Also, I've checked the restore points, and for some reason there are none before the issue arose.
The latest folder and file to be created and scanned is /Temp/"kwxkcobaeo"/"wvrooczay.exe"
Finally, after every reboot I try to send the infected file from my quarantine, but it always gives me an error screen saying "Error Occoured: Send Failed", every single time.Message was edited by: kongqy on 8/26/13 11:25:15 AM CDT
OK send the file via getsusp let it detect the file and submit it Do this immediately after a reboot when the file is not detected and moved to quarantine area.
Add your email address to the programs preferences.
Getsusp is a mcafee program that submits suspicious files to Mcafee. The labs then can test the file and create a removal method within the dat/engine.
Try also to scan with some of the other scanners in the link above.
You could also try scanning in safe mode with the programs listed might be easier to remove. WRT restore I feel all points are infected you could try the oldest but better to clear all after scanning and a new cleaning of the temp files and explorer cache