Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What the heck is this file?


  • Please log in to reply
9 replies to this topic

#1 ThePCBottle

ThePCBottle

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 30 July 2016 - 05:01 PM

So I was browsing through my C Drive (Checking for suspicious files) and i found one directly in my C Drive Called "END" all caps, with no extension. When I open it in Notepad++ all that is there are two curly brackets. Do I ignore it?



BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:49 PM

Posted 30 July 2016 - 06:53 PM

What path was the folder in?

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 ThePCBottle

ThePCBottle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 30 July 2016 - 08:17 PM

What path was the folder in?

It was in the root of the drive (C:\)



#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:49 PM

Posted 30 July 2016 - 10:24 PM

Unless you are having 'technical difficulties' I would ignore it. If you feel strongly about it? You could rename it to END_old and see if it affects anything. If not after say two weeks or 30 days delete it. Just remember where it was and recreate it if you have issues.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 31 July 2016 - 04:42 PM

Just to clarify, you do have show all extensions enabled?...Microsoft does not show extensions by default.

A common tactic of malware writers is to disguise malicious files by hiding the file extension or adding spaces to the existing extension as shown here (click Figure 1 to enlarge).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 01 August 2016 - 12:10 AM

2 curly braces like this: {} ?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 rp88

rp88

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 AM

Posted 03 August 2016 - 02:05 PM

Make sure that extensions are set to show in full, check it isn't an exe or dll file. Then try to "open with" and open it with notepad, have a look inside and see what is there, under NO CIRCUMSTANCES edit ANYTHING it in, even it's name, it might be important. Also do not allow it to open with whatever program it might want to open with, do not just "open" it make sure to "open with" then make sure to open it with notepad so you can just see it's text and don't run the risk of it executing. See if you can make any more sense of what it might be after looking in it like this, although it might all be "the weird ascii charcters" and not readable to humans there is a chance doing this might show some text that may enlighten you to it's purpose. Then you can describe anything you find but don't understand in a later post.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 ThePCBottle

ThePCBottle
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 14 August 2016 - 01:53 AM

Make sure that extensions are set to show in full, check it isn't an exe or dll file. Then try to "open with" and open it with notepad, have a look inside and see what is there, under NO CIRCUMSTANCES edit ANYTHING it in, even it's name, it might be important. Also do not allow it to open with whatever program it might want to open with, do not just "open" it make sure to "open with" then make sure to open it with notepad so you can just see it's text and don't run the risk of it executing. See if you can make any more sense of what it might be after looking in it like this, although it might all be "the weird ascii charcters" and not readable to humans there is a chance doing this might show some text that may enlighten you to it's purpose. Then you can describe anything you find but don't understand in a later post.

I opened the file with all editors I have (Including notepad), and it's just curly braces. As far as the extension goes, there is none.



#9 rp88

rp88

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:49 AM

Posted 16 August 2016 - 02:53 PM

All curly brackets probably means the file wasn't designed to be read, rather it's perhaps binary code or something like that. I can't suggest anything more myself. Maybe someone else can advise further, but all I can suggest is not to mess with it. The file might be something very important.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:49 AM

Posted 16 August 2016 - 07:22 PM

Sometimes END file is related to conduit adware, other times END file appears after software installation as a trace. You can open it with an advanced text editor and often get more details.

 

The file is known to Virustotal and Malwarebytes Anti Malware, so feel free to check it with them too.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users