Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Directories being created with 꾯꾯꾯 in title


  • Please log in to reply
10 replies to this topic

#1 jhenri23

jhenri23

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 09 June 2015 - 10:55 AM

Im getting several Directores being created with titles such as progr꾯 . Any idea what would cause this? Thank you 

Attached Files

  • Attached File  ??.png   52.37KB   0 downloads

Edited by computerxpds, 09 June 2015 - 10:59 AM.
Moved to AII from Windows 7


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:52 PM

Posted 09 June 2015 - 11:07 AM

Hello  :hello:

 

 

What is inside those folders? Did you check those folders with some antivirus? Have you noticed some strange behavior with your computer last days?


Edited by severac, 09 June 2015 - 11:08 AM.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 jhenri23

jhenri23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 09 June 2015 - 11:43 AM

everything seems normal otherwise they are completely empty. I talked to bitdefender and they said its not them and the computer is clean. its very odd



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:52 PM

Posted 09 June 2015 - 12:15 PM

According to date, they started to appear at 22. May. Maybe you could remember have you done something that day, installed some program or similar?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 jhenri23

jhenri23
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:52 PM

Posted 11 June 2015 - 01:45 PM

According to date, they started to appear at 22. May. Maybe you could remember have you done something that day, installed some program or similar?

Cant think of anything installed that day besides malwarebytes but that was only installed because of this happening. Pretty baffled



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:52 PM

Posted 11 June 2015 - 01:54 PM

We can do some checking.

 

AdwCleaner

  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished
    * Click on button [Clean].
    Program will close all active windows. Click Ok to confirm. 
    * After restart log will appear. Copy log into this topic.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------

 

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 H27553

H27553

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 21 September 2015 - 06:48 AM

Hi

 

Have anyone found the source to this problem?

 

I have seen the same folders, and also found 6 folders in C:\Windows\System32\

Example:

C:\Windows\System32\꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯

 

The folder only differs in the amount of "꾯"

 

Best regards



#8 jilla

jilla

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 04 November 2015 - 07:20 AM

Hello,

 

I got the exact same problem recently, a lot of folders suddenly appeared with names like "꾯꾯꾯꾯꾯꾯꾯꾯"

I use Windows 7 Professional 32 bits with BitDefender as antivirus

The first folder to be created was in "Windows/System32".

 

Here is a list of softwares that I have installed (or that installed automaticly, updates for example) around the date of the first folder appearance:

 

Skype 7.12

CCleaner

Microsoft Silverlight

Adobe Acrobat X Pro

Mozilla Firefox 41.0.2 (x86 fr)

Mozilla Maintenance Service

Notepad++

Python 3.5.0 (32-bit)

 

H27553 and jhenri23, can you check your "remove program" window and then order by "date of installation" to check if you have similar softwares installed on your computers?

 

Also do you use any Netgear or Synology products?

 

Thanks a lot for your help!

 

Edit:

 

I searched a bit more and I found a lot of folder with "꾯" in the title in C:\ProgramData\Bitdefender :

 

Endpoint Sec꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯

Endpoint Se꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯

...

 

and in C:\ProgramData there is a lot of copy of Bitdefender folder like:

 

Bitdefender꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯꾯

 

So I am nearly sure the problem come from Bitdefender or target specifically Bitdefender since we are both (me and jhenri23) using it and we both have the same problem.


Edited by jilla, 04 November 2015 - 10:21 AM.


#9 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:52 PM

Posted 04 November 2015 - 01:00 PM

I don't know what to say to you. I think that folders are legitimate.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#10 csenter

csenter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 04 November 2015 - 03:54 PM

I am also seeing this behavior on a terminal server. I have noticed some other files appearing after the initial date that appear to be suspicious.

 

Under C:\Users\YourUsernameHere\AppData\LocalLow\Microsoft\CryptnetUrlCache\

 

Both the content and metadata have new certificates that appear to be valid for about a week. Also, I have several files in Chinese that appear to be certificates, as well. I do have CCLeaner, BitDefender, and Skype installed. The folder creation started on October 15th with no explaination.

 

While typing this message, a file appeared under ProgramData: KGyGaAvL.sys (which appears to be innocuous and unrelated.) containing 2 base64 encoded strings that decoded to unknown binary data. The b64 strings:

 

bCbCbDfObCbCbCdOU235G8QWENzrvQ6ECETmPfH4EMlZanBogLuD0QSOPphEbzmmzH2WI0er5HdZ9M/nBYtUO9LlL5OySD6TFgNsTsHl4jhqqE9zTKKG67Ehm4+4Sx8osy7vp3nnGzH2eKVNdqM1lg1amnQcx2KQzGVRSNuDKSs1vJJIbOGU+fteP2M4PllCUYufsMo+wIv1uey1geMZBJg7Y7atqR5PbSu4HXoOBvvA1hlMcCbubnFSvgQl+kwP7eYZzgRU0Dkyc8cQHL1djb/5iswCkx1NP/fba/53Fte1hQGqShl0+sRdBbwDErOPkzsFgi3jlaXBQVVaT9Slxw4AvhM=JpToDgB91uu0wrmUjTrj/gG+GNnvXiC8Lw91JHwxUR8=

 

bCbCbDfObCbCbCdOPonr4z4woT2dRjTi1Mq4cqzHqnaYZhvaItAzG5aPQtMjUe5vecW6XzvVfK8TVW6KEe8apxQwtb61K4iSwoCy/2RnVQCfGQK6OsJ71o9nIqUnTQxAhaSMfdbn72UP6Md+ybkw18hhB6v4wcD87+fSpUbn4ol5ugCnjv/0bd7fUtk4XDO3Pngh7yjCH7AChVZlyBM0p61MhH4PPIyk6aroEA4RI8mFTkqjC7YSh8f4PclZpQR61kUG2RDzSDuO9Yv6LSiy4k6Mu83iIhqBYg1oXt3jL/jeis2r+4l3ue2nE0tpqvTU42gO6QG49s8xH31tK24nxDUENWA=JpToDgB91utE8PVzW1f2YYzIUWLLffNMuBw7CdMs2vU=

 

I have been unable to determine what is causing this, or if it is malicious.


Edited by csenter, 04 November 2015 - 04:01 PM.


#11 FGhion

FGhion

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 15 March 2016 - 06:09 AM

Hi,

i have same problem on the company server.

occasionally you see this empty folders with the character "" in C:\ and C:\Windows\system32\ created also in extra working hours.

I have bitdefender, acronis, Filezilla, cobian bck, Office, Exchange and management sw arca and player installed.

no one goes on the Internet with this PC except rdp.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users