Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 9, 2019 5:20 PM
Hi to You all TechNet users,
Problem is related to Eset Endpoint Security.
The program detected that winsap.exe tamper with TempWinSAT-Disk-<DateAndTimeStamp>.tmp and marked it as a threat (Win32/fujacks)
I need help in determining whether winsap.exe is able to save or modify the file in the localization C:\windows\temp\
Did anyone have a similar situation?
Jakich parametrów winsap disc użyć aby odtworzyć próbę zapisania lub edycji w C:\windows\temp?
Thanks,
Michał
All replies (3)
Thursday, January 10, 2019 3:03 AM
Hi,
In general, it's safe to delete anything in the Temp folder. Therefore, modifying the files in C:\Windows\Temp will not affect anything.
However, viruses will be disguised as a benign EXE file (such as WinSAT.exe). In case, I suggest you conduct a full malware scan of your PC.
Hope these are helpful.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, January 10, 2019 3:34 PM
Thank You for your response.
Virustotal scan of WinSAT.EXE file shows that it is clean.
It would be good to recreate the behavior of WinSAT.exe but I have not been lucky so far.
Could anyone help recreate based on doc: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc742157(v%3dws.11) behavior of WinSAT test drive taht will try to save file in to C:\Windows\Temp .
What winsap disc parameters to use to reproduce an attempt to save or edit in C: \windows\temp?
Tuesday, January 15, 2019 7:57 AM
Hi,
According to the current situation, let’s focus on the original post. I suggest you detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner.
For more information, see https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus%3AWin32%2FFujacks.D .
Meanwhile, please note: the link you posted applies to Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.
Best
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].