Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Exe dll files renamed, other deleted

  • Please log in to reply
No replies to this topic

#1 Vivelo


  • Members
  • 1 posts

Posted 11 December 2015 - 10:04 AM

I have no idea what's going on. I noticed the problem when shortcut icons to some programs stopped displaying correctly. Then I found out that these programs were renamed at least exe and dll files, the remaining files were deleted.

The problem affected one drive partially. Mainly program files and program files x86 folders, and only first half of the applications there. At the moment it seems to have stopped spreading.

I cut off the internet and closed all the programs that used disc, including explorer. I am on Windows 8.1.

Here's the picture of how the affected programs look like.

I'm not certain if it's a virus or some malfunction.

There are three unusual things that happened today:
1. Windows prompt me to install 10 with a new message and after not bothering me for weeks.
2. Wps office update notification appeared. First time and I haven't used it twice. I closed it.
3. Chrome had weird error. No new tabs could be opened and it suggested I should free memory up by closing tabs. There were enough memory BTW. I closed it and couldn't restart, the shortcut icon got broken, it was affected. Had to reinstall.


First thought was that all this mess was caused by Chrome auto update went wrong. It doesn't convince me though.


Update 1.
I think something just wanted to delete all the files. The files that couldn't be deleted, because they were in use ("locked") were renamed. The rename pattern seems to consist of constant _d_ and some hash, which is probably based on time, as it sometimes duplicates itself. The _d_ probably stands for "delete".
I still have no idea what was the cause. I haven't installed any programs in weeks. I didn't download any executables either. And today, I used only Chrome.
I did a scan with the updated WIndows Defender, and for what it's worth, it didn't detect any threats.
I also uninstalled:
- WPS Office, its update pop-up appeared just before the problem started. I didn't use this software anyway,
- Maxthon Browser: I should have done it long ago, I didn't use it either,
- VNC Server: I doubt it had anything to do with this mess, but I don't need it now, and I will install it later if needed.
I can't do much about Windows and Chrome :]
I restarted the computer and Windows is currently updating itself in the background. The problem is not spreading (at least I don't see next files being renamed/removed). The damage is limited to the loss of applications and as far as I know no valuable data was lost. Now I'm going to gradually download and install programs that were lost.
Update 2.
Previously renamed files are gone, including the folders they were in. I'm not sure at what point it happened, probably on restart.
Another strange thing is that the user account picture is gone and I can't set a new one. It seems that the whole folder that contained these pictures was removed as well.
I downloaded Malwarebytes Anti-malware and I'm doing scan now. It's all green so far. Now it scans file system and it may take hours.
Update 3.
If anyone were curious - no malware was detected.
The final damage is that I permanently lost Adobe Photoshop Elements 11. It came pre-installed with the HP notebook and I really liked it. I could recovery it but it would mean factory reset, so no thank you HP.
The lesson for me is to always have a recent system disk image and to make regular data backups to be able to quickly recover. Installing programs one by one is too time consuming, especially when there are residual problems.
The cause remains unknown.

Edited by Vivelo, 12 December 2015 - 08:59 AM.

BC AdBot (Login to Remove)



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users