Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a little help, please...


  • Please log in to reply
2 replies to this topic

#1 n2fc

n2fc

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:02 AM

Posted 04 November 2014 - 02:02 PM

I have seen this issue on 2 unrelated computers so far and they both show as clean by AV, MBAM, and every other scanner I can find...

 

The symptom:

The TEMP folder starts to fill up with what appears to be "backups" of the Appdata\Local\Microsoft\Windows  folder...

 

After a few days there could be many GB of pure junk that fills it up and slows down the machine...

 

I have deleted the files, only to have them immediately come back after initiating a browser session (IE).

 

Although not a virus per se, I wonder if some PUP or registry setting could be causing this behavior.  The folders seem to have random 3, 4, or 5 character names beneath which I see the structure noted above...

 

Any clues on what else I can look at to resolve this? 

 

PS: Both are running Windows 7 and have current updates and AV scans indicating no other errors or malware.


Edited by n2fc, 04 November 2014 - 02:03 PM.


BC AdBot (Login to Remove)

 


#2 n2fc

n2fc
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:02 AM

Posted 05 November 2014 - 12:02 AM

Did some more reading and think these are Powerliks infections...

 

Now that I know what I am looking at, I can probably remove them...

 

You can close this topic, with my thanks!



#3 n2fc

n2fc
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:02 AM

Posted 05 November 2014 - 04:11 PM

Just for reference (in case someone else needs this info), used a combination of:

  1. Eset Poweliks Cleaner
  2. regdelnull
  3. RogueKiller

and was able to get a clean system again...

 

Nasty bugger!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users