Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

myfile


  • Please log in to reply
10 replies to this topic

#1 dehoo

dehoo

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 11 May 2015 - 01:16 PM

Hello,

Have found a file in my now empty Downloads folder called myfile.  Not a whole lot of information on it in properties.  Had read up on it a bit and have found that is is a Trojan and other say no, so I thought I would ask the Guru's.

Any info, would be aprreciated.

I have Run;

Super Anti Spyware

Malware Bytes Pro

adwcleaner

rkill

and ms malicious software remover

Still there...Maybe should be?

 

C:\Downloads\myfile.exe


Edited by computerxpds, 11 May 2015 - 01:35 PM.
Moved to AII from Win XP


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:19 PM

Posted 11 May 2015 - 01:27 PM

Hi there,

Please upload the file to VirusTotal, then copy the link of the result into your reply.

That should get us a picture of what this file is.

Thank you.

Regards,
Alex

#3 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 11 May 2015 - 01:32 PM

https://www.virustotal.com/en/file/7fa46e29f2f063a08690c312b6816e52a0ce5799e23a7c9b0127ef1bf4ece3f3/analysis/1431368980/

 

 

Here you go.

Thanks!



#4 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 11 May 2015 - 01:34 PM

Its odd, I have a very old games program 5-6 years old, nothing new.  My daughter installed Minecraft back around christmas time...Maybe that?



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:19 PM

Posted 11 May 2015 - 02:01 PM

Hi there,

This file does not appear to be malicious. Just for curiosity, can you submit it to https://www.hybrid-analysis.com/ and copy the link here? Hybrid-Analysis will gives an overview of what the file does.

Alex

#6 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 11 May 2015 - 02:15 PM

Hmmm?

 

Oops! The analysis system reported an error:

The file format "text" is not supported

If you believe this is incorrect behavior, please contact support@payload-security.com providing the SHA256 and sample.
The SHA256 of your submission is: 7fa46e29f2f063a08690c312b6816e52a0ce5799e23a7c9b0127ef1bf4ece3f3



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:19 PM

Posted 11 May 2015 - 02:18 PM

That's odd. Are you sure the file is an .exe?

Please turn off Hide extensions for known file types if you haven't done so already, then double-check the file.

Regards,
Alex

#8 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 11 May 2015 - 07:17 PM

Turned of (unchecked) Hide extensions for known file types.   myfile Properties Cmd line name -  C:\Downloads\myfile.exe

 

Oops! The analysis system reported an error:

The file format "text" is not supported

If you believe this is incorrect behavior, please contact support@payload-security.com providing the SHA256 and sample.
The SHA256 of your submission is: 7fa46e29f2f063a08690c312b6816e52a0ce5799e23a7c9b0127ef1bf4ece3f3



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:19 PM

Posted 11 May 2015 - 11:43 PM

Looks like Hybrid-Analysis isn't cooperating...

Anyway, what happens when you try to delete it? I would assume that you have no use for this file since you did not recognize it.

Regards,
Alex

#10 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:05:19 PM

Posted 12 May 2015 - 10:09 AM

Hi,

Just deleted it.  No problems doing so, wait and see for now.  There were so many warnings about this file in regards to it being a serious Trojan....Anyhow, hopefully not.

Thank you for your help and time, greatly appreciated Alex!



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:19 PM

Posted 12 May 2015 - 10:30 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users