Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive amounts of temp files being continually generated.


  • Please log in to reply
5 replies to this topic

#1 Evolution13

Evolution13

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 22 October 2014 - 03:14 PM

I have seen this on three machines so far and then only way I can "Cure" it is to do a windows reinstall.

 

large amounts of folders with names like: 1a24, 1cfc, 13cc 68c, etc. keep showing  up in %userprofile%\AppData\Local\Temp\  and I cannot figure out what's creating them. If you've been running tools such as CCleaner and they hang for hours clearing the temp folder then fail, this is likely the cause. Does anyone know what this is and how to fix it!?



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 24 October 2014 - 03:21 PM

Do you have any other issue than CCLeaner hanging?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Evolution13

Evolution13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 October 2014 - 02:06 PM

The machines that get infected with whatever this is run terribly slow and tend to randomly lose their internet connection a lot. So far I haven't had one that I could keep for several days so that we could do a proper diagnosis via these forums. I usually just reinstall windows, or if I'm lucky a system restore to before it got infected will sometimes work

I just discovered a 4th machine with the same mysterious infection.



#4 Evolution13

Evolution13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 October 2014 - 03:10 PM

Another thing that's a common symptom is Powershell will constantly crash on these machines. I just had a thought, maybe this isn't a virus at all, could this be a symptom of the bad update microsoft put out then had to retract?



#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:45 AM

Posted 25 October 2014 - 03:19 PM

Yes, this can be something else than malware.

 

But if you think it is malware, I suggest you start a new topic in "Am I infected? What do I do?".


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Evolution13

Evolution13
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 October 2014 - 06:20 PM

There must be someone else who's seen this, I've found it on four different people's computers in under a week, I'm about ready to take all the security off of one of my spare machines and see if I can get deliberately infected just so I can use the resources here to study it further.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users