Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

32788R22FWJFW Folder with 7 Mb appeared in my C: drive


  • Please log in to reply
3 replies to this topic

#1 CpalmeidA

CpalmeidA

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 15 May 2010 - 12:22 AM

Hello,

Today I noted that a folder named 32788R22FWJFW appeared in my C: drive. It has 7 Mb with several different files.
Is this any kind of infection?
Can anyone help me to get rid of this?

Thanks

Camila

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:54 PM

Posted 15 May 2010 - 06:33 AM

What kind of files are in the folder? What names do they have?

Have you used ComboFix? If so, be aware that it creates folders named 32788R22FWJFW.**.tmp on drive C: after failed attempts to run the tool. The folder can contain such files as PV.cfxxe, pv.com, catchme.cfexe and Combo-Fix.sys. It will also create a folder named Qoobox on drive C: to quarantine any infected files it found.

Other randomly alpha/numeric named folders are commonly created and used temporarily when updating Windows components or by some software programs during installation to hold setup files (.inf, .cat, .gpd, .ppd and .dlls). These files and folders are usually automatically removed as part of the update process. However, its not uncommon for them not to be cleaned up and left behind after the update has been applied. When that occurs they can be manually deleted at any time.

For example, when you run the MS Malicious Software Removal Tool (MSRT), a temporary folder with random alpha/numeric characters (i.e. C\79f142e5e9e574d23954) will be created on your C:\ drive that contains mrt.exe, mrtstub.exe and a file named $shtdwn$.req. Since external drives can be a hiding place for malicious files, MSRT will scan them too and you may find a left over folder in that location. Most of the time after performing a scan and you click finish or cancel, the folder will automatically be removed right away or after the next restart of the computer. If not, the folder and its contents can be manually deleted without an adverse effect on the computer.

Installation of security updates from Microsoft for MSMXL packages and hotfixes also create temporary randomly alpha/numeric named folders that contain sub-folders like amd64, i386. The creation date should match the installation date of the updates or show in the ReportingEvents.log located in the C:\Windows\SoftwareDistribution folder. Again, finding these leftover temporary files are not uncommon after applying an update. Please see Windows Updates Leftover Files and Folders for examples of such files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 CpalmeidA

CpalmeidA
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 15 May 2010 - 09:36 AM

Thank you for your help!

I really don't remember if I tried to run ComboFix but the files in the folder match with those that you told me.
What is the best option? Keep it or delete it?

Thank you!

Camila

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:54 PM

Posted 15 May 2010 - 01:46 PM

Download OTC by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTC.exe to start the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.
  • When it has finished, OTC will ask you to reboot so it can remove itself.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix which OTC did not remove can be deleted manually (right-click on it and choose delete).

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users