Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange locked folder on C drive, unaccessable, copied itself to external HD.


  • Please log in to reply
6 replies to this topic

#1 joshsojoshsoj

joshsojoshsoj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 September 2014 - 01:23 AM

A few days ago I was attempting to clear out some space on my laptop, and I noticed that the C: drive had a folder in it that I had never seen before, last modified roughly two months ago. The name of the folder is gibberish (7269fc8c96ae93bbc9c4d3), and it is locked. It contains mostly folders (all named four numbers, like 1033, 1035), and a few files  I can open the folder, but I cannot access any of the folders or files inside. When I try to open them I get the message "You don't currently have permission to access this folder," with the option to continue. When I click continue, it says "You have been denied access to this folder." Then it tells me to change settings in the security tab, but all the settings are greyed out for me.

 

I only have two accounts on the computer, and the one I'm using is the administrator. I can run other files as administrator no problem, but this one is really worrying me. My computer has also been running very slowly the past few weeks, but I'd chalked it up to the amount of crap I've accumulated over the 4 or so years I've owned this laptop.

 

So, I ran malwarebytes (I always have Premium running), and it said that I have some issue with the spigot search program. I quarantined it and rebooted, only to find that it still showed up on the scan. Other than that, no malware was detected.

 

I then tried to run hijackthis, and got the lengthy message: "For some reason your system denied access to the hosts file. If any hijacked domains are in this file, Hijackthis may not be able to fix them." Then it told me how to edit the file myself, which I am nervous to do (I'm nervous to use hijackthis at all, honestly).

 

I was now afraid of a reformat, so I started putting some files onto my external hard drive, only to find a few minutes later that the HD suddenly has a new folder on it, with a similar gibberish title, and is also unaccessable to me.

 

I'm not stupid when it comes to computers, but I'm certainly no expert either. Can anybody please give me a hand with this? Is it even something to worry about?



BC AdBot (Login to Remove)

 


m

#2 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 September 2014 - 01:57 AM

Hello, 
 
That looks like a randomly named folder by Windows MRT. 
Lets check. 
 
MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    dir "C:\7269fc8c96ae93bbc9c4d3" /s >"%userprofile%\desktop\results.txt"
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file query.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate query.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • A log (results.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

Posted Image

#3 joshsojoshsoj

joshsojoshsoj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 September 2014 - 04:17 PM

Thank you for the prompt reply! Here's the log that I got from "results." I also ran malwarebytes again, and this time got two items, one called "conduit" and another called "superfish." I quarantined them, but have included the log below as well.

 

 Volume in drive C has no label.
 Volume Serial Number is 0885-08D8
 
 Directory of C:\7269fc8c96ae93bbc9c4d3
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
07/25/2014  11:46 PM    <DIR>          1025
07/25/2014  11:46 PM    <DIR>          1028
07/25/2014  11:46 PM    <DIR>          1029
07/25/2014  11:46 PM    <DIR>          1030
07/25/2014  11:46 PM    <DIR>          1031
07/25/2014  11:46 PM    <DIR>          1032
07/25/2014  11:46 PM    <DIR>          1033
07/25/2014  11:46 PM    <DIR>          1035
07/25/2014  11:46 PM    <DIR>          1036
07/25/2014  11:46 PM    <DIR>          1037
07/25/2014  11:46 PM    <DIR>          1038
07/25/2014  11:46 PM    <DIR>          1040
07/25/2014  11:46 PM    <DIR>          1041
07/25/2014  11:46 PM    <DIR>          1042
07/25/2014  11:46 PM    <DIR>          1043
07/25/2014  11:46 PM    <DIR>          1044
07/25/2014  11:46 PM    <DIR>          1045
07/25/2014  11:46 PM    <DIR>          1046
07/25/2014  11:46 PM    <DIR>          1049
07/25/2014  11:46 PM    <DIR>          1053
07/25/2014  11:46 PM    <DIR>          1055
07/25/2014  11:46 PM    <DIR>          2052
07/25/2014  11:46 PM    <DIR>          2070
07/25/2014  11:46 PM    <DIR>          3076
07/25/2014  11:46 PM    <DIR>          3082
09/07/2012  09:07 AM            16,118 DHtmlHeader.html
07/25/2014  11:46 PM    <DIR>          Graphics
09/07/2012  10:17 AM             3,628 header.bmp
09/07/2012  10:59 AM         1,930,752 NDP40-KB2736428.msp
09/07/2012  11:02 AM            30,082 ParameterInfo.xml
09/07/2012  09:18 AM            78,936 Setup.exe
09/07/2012  09:18 AM           810,592 SetupEngine.dll
09/07/2012  09:18 AM           296,536 SetupUi.dll
09/07/2012  09:07 AM            30,120 SetupUi.xsd
09/07/2012  07:34 AM            99,944 SetupUtility.exe
09/07/2012  10:17 AM           196,662 SplashScreen.bmp
09/07/2012  09:07 AM           196,416 sqmapi.dll
09/07/2012  10:17 AM            13,606 Strings.xml
09/07/2012  10:17 AM            36,180 UiInfo.xml
09/07/2012  10:17 AM           104,072 watermark.bmp
              14 File(s)      3,843,644 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1025
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           123,035 eula.rtf
09/07/2012  11:02 AM            34,118 LocalizedData.xml
09/07/2012  09:18 AM            17,512 SetupResources.dll
               3 File(s)        174,665 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1028
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           128,333 eula.rtf
09/07/2012  11:02 AM            28,422 LocalizedData.xml
09/07/2012  09:18 AM            14,440 SetupResources.dll
               3 File(s)        171,195 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1029
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           101,146 eula.rtf
09/07/2012  11:02 AM            36,716 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        156,398 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1030
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           109,464 eula.rtf
09/07/2012  11:02 AM            36,020 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        164,020 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1031
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM            91,719 eula.rtf
09/07/2012  11:02 AM            37,858 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        148,625 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1032
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           102,048 eula.rtf
09/07/2012  11:02 AM            38,668 LocalizedData.xml
09/07/2012  09:18 AM            19,560 SetupResources.dll
               3 File(s)        160,276 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1033
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           138,595 eula.rtf
09/07/2012  11:02 AM            35,802 LocalizedData.xml
09/07/2012  09:18 AM            17,512 SetupResources.dll
               3 File(s)        191,909 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1035
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           111,176 eula.rtf
09/07/2012  11:02 AM            36,066 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        165,778 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1036
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           133,172 eula.rtf
09/07/2012  11:02 AM            37,676 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        189,896 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1037
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           125,351 eula.rtf
09/07/2012  11:02 AM            33,028 LocalizedData.xml
09/07/2012  09:18 AM            17,000 SetupResources.dll
               3 File(s)        175,379 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1038
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           110,879 eula.rtf
09/07/2012  11:02 AM            37,692 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        167,619 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1040
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           124,974 eula.rtf
09/07/2012  11:02 AM            37,048 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        180,558 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1041
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           111,958 eula.rtf
09/07/2012  11:02 AM            31,424 LocalizedData.xml
09/07/2012  09:18 AM            15,976 SetupResources.dll
               3 File(s)        159,358 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1042
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           149,503 eula.rtf
09/07/2012  11:02 AM            30,504 LocalizedData.xml
09/07/2012  09:18 AM            15,464 SetupResources.dll
               3 File(s)        195,471 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1043
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM            35,285 eula.rtf
09/07/2012  11:02 AM            36,850 LocalizedData.xml
09/07/2012  09:18 AM            19,560 SetupResources.dll
               3 File(s)         91,695 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1044
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM            36,083 eula.rtf
09/07/2012  11:02 AM            36,546 LocalizedData.xml
09/07/2012  09:18 AM            18,024 SetupResources.dll
               3 File(s)         90,653 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1045
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           126,541 eula.rtf
09/07/2012  11:02 AM            37,132 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        182,209 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1046
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           109,574 eula.rtf
09/07/2012  11:02 AM            36,530 LocalizedData.xml
09/07/2012  09:18 AM            18,536 SetupResources.dll
               3 File(s)        164,640 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1049
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM            49,319 eula.rtf
09/07/2012  11:02 AM            37,394 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        105,761 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1053
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           125,073 eula.rtf
09/07/2012  11:02 AM            36,014 LocalizedData.xml
09/07/2012  09:18 AM            18,024 SetupResources.dll
               3 File(s)        179,111 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\1055
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           112,947 eula.rtf
09/07/2012  11:02 AM            36,274 LocalizedData.xml
09/07/2012  09:18 AM            18,024 SetupResources.dll
               3 File(s)        167,245 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\2052
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           110,754 eula.rtf
09/07/2012  11:02 AM            28,414 LocalizedData.xml
09/07/2012  09:18 AM            14,440 SetupResources.dll
               3 File(s)        153,608 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\2070
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           125,196 eula.rtf
09/07/2012  11:02 AM            37,332 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        181,576 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\3076
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM             2,060 eula.rtf
09/07/2012  11:02 AM            28,422 LocalizedData.xml
09/07/2012  09:18 AM            14,440 SetupResources.dll
               3 File(s)         44,922 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\3082
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  10:17 AM           108,174 eula.rtf
09/07/2012  11:02 AM            37,096 LocalizedData.xml
09/07/2012  09:18 AM            19,048 SetupResources.dll
               3 File(s)        164,318 bytes
 
 Directory of C:\7269fc8c96ae93bbc9c4d3\Graphics
 
07/25/2014  11:46 PM    <DIR>          .
07/25/2014  11:46 PM    <DIR>          ..
09/07/2012  07:32 AM             1,150 Print.ico
09/07/2012  07:32 AM               894 Rotate1.ico
09/07/2012  07:32 AM               894 Rotate2.ico
09/07/2012  07:32 AM               894 Rotate3.ico
09/07/2012  07:32 AM               894 Rotate4.ico
09/07/2012  07:32 AM               894 Rotate5.ico
09/07/2012  07:32 AM               894 Rotate6.ico
09/07/2012  07:32 AM               894 Rotate7.ico
09/07/2012  07:32 AM               894 Rotate8.ico
09/07/2012  07:32 AM             1,150 Save.ico
09/07/2012  07:32 AM            36,710 Setup.ico
09/07/2012  07:32 AM            10,134 stop.ico
09/07/2012  07:32 AM             1,150 SysReqMet.ico
09/07/2012  07:32 AM             1,150 SysReqNotMet.ico
09/07/2012  07:32 AM            10,134 warn.ico
              15 File(s)         68,730 bytes
 
     Total Files Listed:
             104 File(s)      7,839,259 bytes
              80 Dir(s)  94,405,115,904 bytes free
 
 
 
 
 
Here's the MBAM log:
 
ware Database: v2014.09.25.03
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Josh
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384221
Time Elapsed: 1 hr, 1 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Conduit.A, HKU\S-1-5-21-2821240106-936233147-3204113066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\conduit.com, Quarantined, [6e69a8498eed2a0c7f81d3a73fc522de], 
PUP.Optional.Superfish.A, HKU\S-1-5-21-2821240106-936233147-3204113066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, Quarantined, [09cedc153348f54100ff76037d87b848], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 September 2014 - 04:21 PM

Hello, 

 

That folder is a left-over from a Windows Update, and can be safely ignored. 

 

Are you experiencing any other issues?


Posted Image

#5 joshsojoshsoj

joshsojoshsoj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 September 2014 - 04:53 PM

Nope, I think that covers it! Thanks!



#6 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 25 September 2014 - 05:20 PM

OK. :)


Posted Image

#7 dashole

dashole

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 26 February 2017 - 10:36 PM

I am sorry to revive an old thread, but this recently happened to me.  I had a file named 3260d4ae2fcf4f0559dbca copied to my external harddrive, though it was not locked for me.  The only file inside is setupengine.dll and says the last modified was early 2010.  It has all the Microsoft digital signatures on it.  I was not sure if my computer was compromised in some way, and this is the only thread I found that was similar.  I am hoping that this just randomly happens from time to time.  Should I roll back my computer just to be safe?

 

Thank you for your time,

D






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users