PrevX 3.0 Edge, E.tmp FP??

Funny this one, I download the trial of the all new, sparkly, shiny PrevXEdge 3.0.
Run it on my brand new build of XP, no internet access, straight from the CD and it finds an infection, c:\windows\E.tmp (cloaked malware)!

I cannot find this file in DOS with attribs to show hidden files etc., doesn't show uop in Explorer with same settings, i.e. show hidden files and folders, yet other shrouded TMP's appear.
Booting into recovery console from the XP CD doesn't appear to reveal it either in the "SYSTEM32" folder
I know PrevX said it was cloaked malware, but with what? Romulan technology?

Guess what? The only way to remove it is to buy PrevX?
The internet only seems to show one site with E.tmp listed as malware, yes you guessed it, PrevX!

Am I missing something here or is this scare tactics to get you to buy their software?
How on earth can I have a malware infection on a PC that's just been built with only two connections to the outside, cyberworld, namely PrevX's website and google to search for "E.tmp"?
No windows updates, SP's etc.

Call me a cynic but I smell something fishy here and ain't cooking fish!!

 

Hello,
C:\Windows\E.tmp does definitely look like a suspicious file, but it could be a false positive. Could you save a scan log from Edge by clicking Tools and Settings > Save Scan Results and then PM it to me so I can see what the file is?

If the file is being hidden by a rootkit, that would explain why you are unable to see it with standard methods.

(There has been research done which says that an XP computer can get infected in just a few minutes with no Windows updates.)

Please let me know if you have any questions - we aren't using scare tactics In the event that this is a false positive, we will correct it immediately.

 

I would've have done that for you except I uninstalled it straight after posting, deeming it a FP myself.

I know you said PC's can be infected straight away but this would imply that either your website carries rougue scripts or google does as these were the only two sites visited?

 

You don't necessarily have to visit any website at all to get infected. Out of the box, Windows is exploitable and unless you're installing a "slipstreamed" version of the Windows CD with the patches combined in, you could easily get infected.

Some famous examples include the Blaster worm, many variants of Rbot, and Sasser - both of which drop files into the system without any user intervention. There are drone computers across the internet constantly scanning for new IP addresses and testing if the computers are vulnerable.

It might be worth reinstalling Edge and scanning again to see if anything new is found this time - then I'd highly recommend patching your OS regardless of if there is a FP or not

 

Thanks for the info/advice.

Think I may just flatten it again and use Ubuntu instead.
It's for the kids so really only will be a browser PC so the need for security apps should be greatly reduced, if not nil!

 

A browser for the kids so less need for security?
Unless I'm missing something here one would think the opposite would be true.
Kids tend to browse to different sites just out of curiosity.
Hell, I'd double the security!

Any security software can have a false positive.
No reason to uninstall the program.
Give Prevx a chance to at least to fix it.
They have shown to be very fast at correcting problems.
That's a sign of a very good product.

 

Ubuntu = Unix = no Microsoft = less risk = less need for sec apps, if any.

I'm no mug where PC's/kids are concerned, their ability to browse beyond 'safe' sites is goverened by the access control filters that I have place on my router. Access filters are setup againt the PC's NIC MAC address.

As for PrevX, not doubting it's a quality package but I'll stick with my EQSecure and Alcyon's rulesets I think.
Thanks for your input though.

 

Not a bad choice. I am a Linux user myself, got bored and come here to remind me that the internet is a dangerous place.