Jump to content

NSA.tmp virus in tmp folder


AhadOC

Recommended Posts

went out last night.. just got home next day just now... eset home security premium detected a local/  tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this???

ill attach pic.. says its some service malwarebytes tried to access.. says it all in image. there still on pc some of the tmp files... .. diff ones with ns starting with that are in tmp folder,... ill add those too.. to attachments 

is this some government virus? my father does work for Department of defense... wondering if they hacked / are spying on me since we share same wifi etc as his government issued DOD LAPTOP at home.. and i talk  bad also  on... some higher ups LOL specially online

 

pleas help! 


 

 

vir1.png

vir2.png

vir3.png

Link to comment
Share on other sites

  • ESET Moderators

Hello,

You will probably need to submit the files in question to ESET's threat lab for a more definitive analysis (see ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?" for detailed instructions) but generally speaking, NS-prefixed temporary directories and files denote an application which has been packaged with NullSoft Scriptable Install System which, as the name implies, is a software program for making installers for other software.  Nullsoft is the same company that made Winamp, a popular program for playing MP3s back in the late 1990s.

The detection being reported by ESET's software is of a Potentially Unwanted Application, which is a class of applications that are not malicious software in and of themselves, but that perform activities you might or might not want being performed on your computer (hence the use of the word "potentially").  More information about them can be found in ESET Knowledgebase Article 2629, "What is a potentially unwanted application or potentially unwanted content?" or the in the Potentially Unwanted Applications White Paper published in ESET's WeLiveSecurity blog.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • Most Valued Members

If your malwarebytes is running as realtime also along with ESET , that will make your system run crazy and cause conflicts because both apps will try to claim the found malware and try to remove it , so that will make conflicts

If yes , you should keep malwarebytes as standalone scanner and ESET as realtime-scanner.

Link to comment
Share on other sites

  • Most Valued Members
15 hours ago, AhadOC said:

went out last night.. just got home next day just now... eset home security premium detected a local/  tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this???

ill attach pic.. says its some service malwarebytes tried to access.. says it all in image. there still on pc some of the tmp files... .. diff ones with ns starting with that are in tmp folder,... ill add those too.. to attachments 

is this some government virus? my father does work for Department of defense... wondering if they hacked / are spying on me since we share same wifi etc as his government issued DOD LAPTOP at home.. and i talk  bad also  on... some higher ups LOL specially online

 

pleas help! 


 

 

vir1.png

vir2.png

vir3.png

Are you using malwarebytes in realtime as this is often not recommended as the two AVs may conflict with each other 

Link to comment
Share on other sites

15 hours ago, AhadOC said:

went out last night.. just got home next day just now... eset home security premium detected a local/  tmp NSA nsw.tmp virus.. i cant find anything about it on google! HELP! what is this???

To begin with, what is being detected by Eset is a potentially unwanted application; i.e. PUA; not a virus.

The Eset alert appears to indicate the source to be MBAM real-time engine which really doesn't make any sense. Note that MBAM has a like detection for this PUA: https://blog.malwarebytes.com/detections/pup-optional-fusioncore/ .

What we have here is a classic example of why two AV real-time solutions should not be running concurrently. It appears MBAM detected the PUA first and locked/quarantined the file or something similar. Eset then detected the PUA but identified MBAM as the source process due to the above stated activity. If the alert "Clean" option was selected, it might in all likelihood delete the MBAM service process resulting in a real mess.

MBAM real-time scanning option needs to be disabled. You can then use it as a second opinion on-demand scanner.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
2 hours ago, itman said:

To begin with, what is being detected by Eset is a potentially unwanted application; i.e. PUA; not a virus.

The Eset alert appears to indicate the source to be MBAM real-time engine which really doesn't make any sense. Note that MBAM has a like detection for this PUA: https://blog.malwarebytes.com/detections/pup-optional-fusioncore/ .

What we have here is a classic example of why two AV real-time solutions should not be running concurrently. It appears MBAM detected the PUA first and locked/quarantined the file or something similar. Eset then detected the PUA but identified MBAM as the source process due to the above stated activity. If the alert "Clean" option was selected, it might in all likelihood delete the MBAM service process resulting in a real mess.

MBAM real-time scanning option needs to be disabled. You can then use it as a second opinion on-demand scanner.

Probably what happened here that they conflicted over the file

Malwarebytes got first to it, and then ESET noticed it , so it will try to claim it from Malwarebytes , but will be prevented.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...