+ Post New Thread
Results 1 to 8 of 8
Windows 7 Thread, Mal/EncPk-AAK.. Should I be concerned? in Technical; SEC has just flagged up to one of the machines having Mal/EncPk-AAK with the path C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb. Is this a ...
  1. #1
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,442
    Thank Post
    62
    Thanked 207 Times in 179 Posts
    Rep Power
    56

    Mal/EncPk-AAK.. Should I be concerned?

    SEC has just flagged up to one of the machines having Mal/EncPk-AAK with the path C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb.

    Is this a cause for concern or a false positive, I cant find anything on the web at all!

  2. #2
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,442
    Thank Post
    62
    Thanked 207 Times in 179 Posts
    Rep Power
    56
    Anyone?

  3. #3
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,442
    Thank Post
    62
    Thanked 207 Times in 179 Posts
    Rep Power
    56
    Can anyone help on this one?

  4. #4


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,706
    Thank Post
    354
    Thanked 807 Times in 722 Posts
    Rep Power
    348
    I'd just clean it / rebuild the machine.

    Plenty of mention of this particular infection on the internet suggesting it's legit so worth cleaning up and moving on.

  5. #5

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76

    Mal/EncPk-AAK.. Should I be concerned?

    Looks like to this: http://www.sophos.com/en-us/support/...se/118310.aspx

    Also F Secure: have a similar article: http://www.f-secure.com/v-descs/other_w32_generic.shtml

    I'm pretty sure that this is a false positive. A Trojan is unlikely to be trying to hide out as a JET database.... That is more of an APT style subterfuge.
    Last edited by psydii; 16th March 2014 at 09:56 PM.

  6. Thanks to psydii from:

    kmount (16th March 2014)

  7. #6


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,706
    Thank Post
    354
    Thanked 807 Times in 722 Posts
    Rep Power
    348
    Good call on the link there @psydii

  8. #7
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,442
    Thank Post
    62
    Thanked 207 Times in 179 Posts
    Rep Power
    56
    I was convinced it was a false pos but thought I'd ask. I'll probably just re image anyway.

  9. #8

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,513
    Thank Post
    627
    Thanked 1,173 Times in 900 Posts
    Blog Entries
    15
    Rep Power
    524
    tmp.edb in that location is legitimate - I would hazard a guess at being part of the windows search indexing system. False positive, don't rebuild; you'll be rebuilding *all* your systems if you check anything on win7+ for that file!



SHARE:
+ Post New Thread

Similar Threads

  1. Which IE should i be using?
    By Little-Miss in forum Learning Network Manager
    Replies: 9
    Last Post: 24th August 2009, 08:09 PM
  2. Should't be my problem but it is !!!
    By MattCowen in forum Windows
    Replies: 21
    Last Post: 17th January 2008, 02:09 PM
  3. What server spec should i be looking for?
    By tosca925 in forum Thin Client and Virtual Machines
    Replies: 13
    Last Post: 19th March 2007, 09:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •