Interesting (And annoying) files in my Temp directory

[loco365]

I have these two files in my Temp directory, and upon login, it tries to call regedit to edit something in my registry. After scanning them with AVG, Windows Malicious Software Tool, and MSE, none of them acknowledge that they may be malicious. A UAC prompt comes up every time, and if I click No on it, it goes away, then just comes back again. Deleting these files from the temp directory doesn't seem to make any difference. What I want to know, is, is it malicious? Has anyone had these files before to any ill effect?​

​

I would do a system restore, but I'm not sure when they placed themselves in the Temp directory, or what places them there, and I don't know when the file that places them here were added. Where should I go from here? I'm considering using the Avast boot tool after running Windows 7 in safe mode and running another AVG scan, but I want to see if anyone here has had any experience with these registry-editing files.​

 

[gifi4]

A google search leads straight to this.
The person with the issue fixed it by using a previous system restore point. They had no clue when it came about so they just took a guess.
Read over the thread and perhaps post another thread on that site with a referal to the original thread.

Other than that, I can't really help you out...

 

[Rydian]

Upload the files to some file host so we can see what they are.

 

[loco365]

Upload the files to some file host so we can see what they are.

https://dl.dropbox.com/u/34957059/PorTiAleMiAmor8789796702950647965.zip

I only have the one since rebooting, but if any others show up, I'll update this archive.

Anyways, deleting this doesn't do any good. Hopefully I don't spread it. Anyways, if I delete it, the UAC prompts still show, and they won't go away.

 

[Rydian]

That doesn't even look like a legit registry file. It's a jumble of crap, not even text.

 

[loco365]

That doesn't even look like a legit registry file. It's a jumble of crap, not even text.

Then why is it trying to access regedit? I don't really want to allow it, but if it's just a jumble of crap, what's the worst it can do?

 

[Rydian]

It's the file association, when you try to run a .reg file it launches regedit, which needs admin permission.

Dunno' what it'll do, most likely fail since it's not formatted right.

 

[loco365]

It's the file association, when you try to run a .reg file it launches regedit, which needs admin permission.

Dunno' what it'll do, most likely fail since it's not formatted right.

Well, running it doesn't seem to be doing anything. I just kinda wish it would go away. Hopefully AVG will fix it in the future.

 

[jefffisher]

since they are re-appearing i'd suspect there is a program running that is rewriting them, bring up the task manage and view processes from all users to see if you can find anything unusual.
a rather simple solution that works a surprising amount of the time to get rid of problems like this is run ccleaner, the cleaner the registry cleaner and then go to tools and startup disable anything that shouldn't be there and restart.

 

[Rydian]

Run msconfig from the start menu's run box to get to the startup selection thing.

 

[lufere7]

Not really helpful, but I find it fun that the file is named "ForYouAleMyLove" in spanish. Weird name for a virus (if it is one at all) Maybe some hacker dude declared his love to "Ale" like this?