Skip to main content
Anyone know what this is and why Webroot removed it as a threat?
Hello ?,



If you got this  ns34.tmp  from manufacturer (CD, manufacturer's website), the risk is relativelly low. If you downloaded ns34.tmp from untrusted, anonymous or hackers website, the risk is high. If your computer is was infected, some viruses CAN infect other executables, including 'innocent' ones.

 

If you have any doubts or concerns then submit a support ticket and they will check this is for you.

 

 

 

Hope this helps?
Thanks Sherry,,, I was updating ccleaner, and when the install started webroot caught and removed it. I sort of thought it was ok but I let it be removed anyway. I trust webroot more than my own limited knowledge.

Thanks again.

snake

 
Hi ?,

 

That was smart of you to ask about this threat. This has probably happened to others especially when they dont have Webroot. Right?

 

You have to make sure it's from their website. Because there are alot that aren't ccleaner. (piriform)

 

Alot of us do use ccleaner without a problem. Just make sure it from their website as I have said.

 

 

Kind Regards,

 

 

 
Hi Sherry,,

The ccleaner was downloaded from the authors site. I just submitted it to the webroot team for review. I told them I really thought it was a good file and it showed 'good' on the submitted file. Not sure what is going on , but probably a false negative.

 

Have a great day!

snake
Hi snake

 

ns34.tmp is infact a process that associated to the adware.abox advertising program.

 

This process monitors your browsing habits and distributes the data back to the hackers so as to steal your personal information like online/offline account information. 

 

In this case I suspect that WSA has picked up this PUA (Potentially Unwanted Application) and dealt with it for you.

 

Regards, Baldrick
Hi, I agree that WSA did its job,,,I am just confused about how it got in with ccleaner. I have used that program forever and never had a problem with it before. It was just a simple version update, I tried it a couple of times with the same result. I wonder if any other users of ccleaner and wsa have had the same problem. Anyway thanks for the response. snake
Well, I have CCleaner installed here...the lates version and have had no such issue. Am just wondering whether the causal link is the .tmp file as CCleaner deletes these as its bread & butter, and it is the act of cleaning that files that somehow brought it to WSA's attention (WSA ignores dormant malware and adware files/apps) and it jumped in.

 

Other than that I have no explanation for what you have seen/are experiencing in which case your best best for an answer would be to contact Support for assistance.

 

If your subscription is directly through Webroot, you will need to contact Webroot Support.  You can do so by submitting a Support Ticket if you have not already done so, or by phone during business hours.  (The online Ticketing system is manned 24/7).

 

Regards, Baldrick
Thanks Baldrick,, I have already submitted a ticket, waiting for response. snake
Kwel, be sure to let us know what Support have to say about this. ;)

 

Regards, Baldrick

 

 
Baldrick,,

Here is support response,,,I still dont understand why it only finds it when installing the latest update and not when ccleaner run a cleaning?????



Hello,



According to the information from your system, the threats identified are not related to CCleaner, but rather something CCleaner cleaned in the temporary directory which is not a threat.



If you have additional questions, please let us know.



Regards,

Advanced Malware Removal Team
Hi snake

 

Thanks for the response...I believe that what Support are saying is exactly what I suspected, i.e., the ns34.tmp has gotten onto your system by other means, as yet unknown, that being a .tmp when you ran CCleaner it attempted to clean the .tmps including ns34.tmp, and at that point WSA (which ignores dormant/inactive malware & PUAs) jumped in to pick up and polish off the removal.

 

So the good news IMHO opinion is that the 'trheat' has been sorted out...the not so good news is as to how that .tmp file got onto your system in the first place.  As I said it is part or related to a PUA (Potentially Unwanted Application) of which there are many about and it is easy for them to get on your system for precisely the reason they are named, i.e., they are not malware, do not do any damage but are potentially unwanted/inadvertently downloaded onto systems as part of software bundled in with another app that the user is downloading.

 

Now, I can provide you with further information on PUAs, what they are, what Webroot's policy is on them, etc., if you are interested but as there is quite a bit of that I will only do so if you request it.

 

As I said it looks like you may have had one on your system but that if you are not experiencing any strange behaviour such as popup ads and the like, it has most probably been removed, and what you have been seeing is the last vestiges of it being dealt with.

 

Anyway, should you have any further questions then please feel free to post back.

 

Regards, Baldrick
Hi everybody.

 

snake is right about this.

 

I clean installed Windows 10 on one computer, then installed MBAM, MBAE, WSA and CCleaner Free (from Piriform) on Oct. 3.

WSA detected nsbf56.tmp (flagged as Pua.Goobzo) during CCleaner installation and deleted 73 temp files in total, but also wruninstall.exe (?).

 

nsb56.temp was added to files to block.

 

Yesterday I uninstalled CCleaner, and WSA quarantined the same file again.

Then I reinstalled CCleaner and another 3 temp files was quarantined.

 

So, there is no doubt about that this detection has to do with CCleaner installation.

And without being an expert, I would say it is a false positive.

 

 

Best regards,

Anders
Hi,,

Thanks for the post agreeing with me on the ccleaner installation. I have had webroot support remotely watch it happen on my pc. They are looking into it and say they will share the results with me. I am also of the opinion that it may be a false postive.

snake
?,

 

That one does appear to be a False Positve. I was able to find the file and correct it. 

 

Thanks,

 

-Dan
Hi again.

 

I can confirm that it is corrected. Uninstalled and reinstalled CCleaner without WSA flagging any threats.

 

But what is really happening here; is WSA becoming more aggressive?

 

I haven't had a virus or a false positive for 10 years, and I have used WSA for a total of 2 years.

Now, within 3 months, WSA has flagged Windows updates as threats and CCleaner installs as threats.

 

And thanks, Dan!

 

Best regards,

Anders

Reply