possible virus??

[noobbuilder]

ok i just noticed that windows defender had a file quarantined from 7/1/2018. i have not noticed anything strange ,but i did some digging and it seems as if it maybe a backdoor trojan. windows defender called it (win32/skeeyah.a!rfn) in appdata\local\packages\svchost.exe

 

While i dont think im still infected i thought i would investigate any strange files in the same folder and noticed a file called "svchost.exe.config"

Whats strange is if i scan it at virus total it comes back clean but it said the file was named " is-r6ll0.tmp "

So i started looking in system32 folder at the *.tmp files there and did scans on them at virus total and they have a different name than the uploaded file also.

 

Is this normal for files to have a different name after uploading to virus total ?

I have done scans and they all comeback clean (mbam,windows defender and superantispyware) those are the only things i trust having control over whats deleted.

 

P.S. i did take a chance and opened "svchost.exe.config" with notepad++ and this is the contents:

 

 <?xml version="1.0" encoding="utf-8"?>
<configuration>
    <configSections>
    </configSections>
    <startup>
      <supportedRuntime version="v2.0.50727"/>
      <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
    </startup>
</configuration>

 

.......................................................................................................................................

Thanks

Edited July 28, 2018 by noobbuilder