SEC has just flagged up to one of the machines having Mal/EncPk-AAK with the path C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb.
Is this a cause for concern or a false positive, I cant find anything on the web at all!
Can anyone help on this one?
I'd just clean it / rebuild the machine.
Plenty of mention of this particular infection on the internet suggesting it's legit so worth cleaning up and moving on.
Looks like to this: http://www.sophos.com/en-us/support/...se/118310.aspx
Also F Secure: have a similar article: http://www.f-secure.com/v-descs/other_w32_generic.shtml
I'm pretty sure that this is a false positive. A Trojan is unlikely to be trying to hide out as a JET database.... That is more of an APT style subterfuge.
Last edited by psydii; 16th March 2014 at 08:56 PM.
kmount (16th March 2014)
I was convinced it was a false pos but thought I'd ask. I'll probably just re image anyway.
tmp.edb in that location is legitimate - I would hazard a guess at being part of the windows search indexing system. False positive, don't rebuild; you'll be rebuilding *all* your systems if you check anything on win7+ for that file!
There are currently 1 users browsing this thread. (0 members and 1 guests)