Invisible process?

A recent scan with TDS-3 showed c:\tmp0001.$$$ as a possible password stealer (Generic detection). I didn't recognize this file, so I tried to delete it (appears to be temporary anyway). I couldn't delete it though. So I tried to terminate it first using TDS, but it couldn't be terminated. So I figured I'd check it out with another process explorer (TaskInfo2002). It didn't show up as a running process. I clicked the tab to view all open files, and it showed up there, so I tried to figure out which process was using it. None of them showed up as using that file though.
I went back to TDS and extracted strings from the file, (which could only be done through TDS [Bintext wouldn't work]). It took a while as the file was 2Mb. Anyway, the only readable text was in reference to Diamondcs and TDS-2, which is a version I never had. I've only used TDS-3. Odd.
I rebooted the computer and tried to delete it again, but it still said it was in use by windows. Same as before. I checked various autostart methods, but couldn't figure out how it was starting up. So, I set my autoexec.bat file to delete it and rebooted. It's now gone, and everything seems to be exactly the same. But my problem is, I don't know what the file was, I don't know where it came from, or how it got there, and I don't know if it was somehow running invisibly, or if some other process was using it. If so, I couldn't seem to figure out which one.

 

Hi Paragon,

Why not zip it and send to TDS? They will check the file and respond to you about it.

 

Yeah, I thought of that, and a few more things I could have done, but only after I had already deleted the file.

 

Hi Paragon,

Yeah I know that one. I did it once so now I try to do things in steps... panic , run around screaming then remember that I have TDS

Oh and thanks for that link in my post.

Loki

 

No problem. Hope you find it helpful.