Antivirus constantly detecting tmp files as threats

Question

Recently my antivirus has been constantly detecting threats and it's always tmp files. I delete maybe 50 of these files each day. A few days ago it detected a trojan. Last week it detected many '.json' files from AppData/Local/Google/Chrome/User Data/Default/Extensions.

I scanned with Avira, Bitdefender, Malwarebytes, CCleaner and tdsskiller today. The scans have only detected tmp files. I d/l many torrents recently, d/l java and used it in internet explorer, and I once enabled javascript on a shady site.

I tried googling the problem, but I haven't found too much info specific to my situation. I disabled the search and indexing services.

Could it be an attack similar to the one explained here? how can an attacker use a fake temp file to compromise a program?

Edit:
I have Adblock, BeelineReader, Ghostery, Google Cast, Google Dictionary, HTTPs Everywhere, Lastpass, Password Alert, Session Buddy, WOT, and StayFocused. But I've had all these for months. I deleted all my browsers cache / everything in the temp folder using CCleaner and rebooted many times.

what if you manually clear the temp folder? also, submit one of the infected files to virus total and post the results — 16b7195abb140a3929bbc322d1c6f1, Dec 31 '15 at 08:44
do **NOT install WOT**, it can/must be considered as malware!!! - https://thehackernews.com/2016/11/web-of-trust-addon.html — DJCrashdummy, Nov 11 '16 at 09:34

score 1 · Accepted Answer · answered Jan 04 '16 at 09:45

I can't comment yet, so i'm posting this as an answer:

This looks like a Trojan which is running in memory. Please, include your TaskManager process list from all users (or preferably with Process Explorer) and try to find a process running from a weird place (like C:\Users\YourUser\AppData\Local\Temp\ ). Kill the process and delete the file. You can try to catch it by monitoring your running tasks for disk writes with both programs.

Also use Autoruns to find which programs are automatically executed when you turn on your machine. Disable those which are completely rare (just be careful not to disable a useful program).

Also you can try to log on "Safe mode" and run Disk Cleanup (sometimes trojans are stored on temp folders). You can manually clean temp folders too (C:\Users\YourUser\AppData\Local\Temp\ and C:\Windows\Temp\ )

If all previous fails, uninstall and reinstall Chrome. Hopefully that will delete the autorun tasks Chrome might have.

After all, if your problem persists, try using another web browser (like Firefox or Opera). Sometimes trojans can setup autorun tasks based on a specific browser.

Also try to include the name of the trojan/virus your antivirus is detecting.

Sometimes it's an art to catch those pests and delete em.

Antivirus constantly detecting tmp files as threats

1 Answers1