Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious file in C:\Windows?


  • Please log in to reply
11 replies to this topic

#1 Geordi

Geordi

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 03:23 AM

I just have no idea what this is. No extension or anything. No strange processes going on and nothing's really wrong with my computer though. I was thinking it could have been an orphaned file or something from a chkdsk that may have ocurred when my father had restarted the computer one morning (and I'm guessing he hadn't skipped the chkdsk, which I was too lazy to disable upon startup).

Just wondering if I could get some closure here, thanks.

Windows 7 x64 Home Edition, running Avira, Teatimer, have done scans with MBAM and SAS.

Posted Image

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:11 PM

Posted 21 February 2011 - 03:53 AM

Can you post the scan results of MBAM and SAS?

#3 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 04:06 AM

Can you post the scan results of MBAM and SAS?


I don't have the logs readily available. But I assure you that the MBAM one was clean and the SAS one had only the standard tracking cookies.

Should I try opening up the file in notepad?

Edited by Geordi, 21 February 2011 - 04:09 AM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:11 PM

Posted 21 February 2011 - 04:11 AM

yes open the file up in notepad it is located in the logs tab on MBAM and not sure in SAS.

#5 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 04:25 AM

yes open the file up in notepad it is located in the logs tab on MBAM and not sure in SAS.


Well, I was actually referring to the file mentioned in the original post. As it has no extension, was wondering if i should attempt opening it with notepad just to see.

I just rescanned with MBAM and nothing was found, you can take my word that the SAS was just cookies.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5828

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/21/2011 4:24:01 AM
mbam-log-2011-02-21 (04-24-01).txt

Scan type: Quick scan
Objects scanned: 165174
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:11 AM

Posted 21 February 2011 - 07:38 AM

Is there any information under the other tabs?

-- Note: If you cannot see the file extension, it may be hidden and you will need to reconfigure Windows to show extensions for known file types.

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Edited by quietman7, 21 February 2011 - 07:55 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:11 PM

Posted 21 February 2011 - 09:26 AM

Also can you perform a full scan using SAS and MBAM, a quick scan may not have scanned that area of the Windows Directory.

#8 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 04:01 PM

Apparently it's just some text file left over from an old virus according to some comments at virus total.

http://www.virustotal.com/file-scan/report.html?id=4dd8aaa8bd9f90459d4dc82aeddf5dcd439a7cd27b70a067e2c6ca904c717c83-1298153447

This would make sense considering when i last cleaned up a virus. I'm gonna go ahead and guess that this is safe to delete then? I'll run an ESET later tonight too, I suppose.

Edited by Geordi, 21 February 2011 - 04:02 PM.


#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:11 PM

Posted 21 February 2011 - 04:14 PM

Let ESET Run, and see if it detects it. What virus did you remove?

#10 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 04:19 PM

Let ESET Run, and see if it detects it. What virus did you remove?


http://www.bleepingcomputer.com/forums/topic354998.html/page__p__1982559#entry1982559
http://www.bleepingcomputer.com/forums/topic363051.html/page__p__2032634#entry2032634

But as you can see, somehow this file in the windows directory hasn't popped up until sometime this month. Quite strange.

I really haven't had any computer problems since those threads. Only thing was some hiccuping graphics which was fixed through updating the video drivers.

Should be noted too that none of the virus scanners at virus total detected anything malicious in the file. Just going off the words of 2 people that it is a text file from a malware. The file itself doesn't seem to be malicious though.

Edited by Geordi, 21 February 2011 - 04:23 PM.


#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:11 PM

Posted 21 February 2011 - 04:26 PM

You know it may be worth it to see if there are other remnants by having the Malware Team take a look at it.

If you want to take that route, then Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#12 Geordi

Geordi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 21 February 2011 - 09:37 PM

Okay, I may do that.

Just to let you know, I found an old bleepingcomputers thread and the guy had the same md5 file with a different filename and they just advised him to delete it. (http://www.bleepingcomputer.com/forums/topic373606.html)

I may run an ESET overnight and do as you suggested, not sure though. Just ran a fully updated MBAM full scan and it found absolutely nothing. Here's the log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5832

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/21/2011 9:35:01 PM
mbam-log-2011-02-21 (21-35-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 480264
Time elapsed: 1 hour(s), 28 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users