Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System32\DBBK


  • Please log in to reply
4 replies to this topic

#1 jopa66

jopa66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Windsor CANADA
  • Local time:04:23 AM

Posted 15 December 2016 - 03:26 PM

Hello... Running Windows 7 64 bit. Doing regular maintenance on the computer, I found this folder (System32\DBBK) which I cannot identify.  Created Monday, last week Dec. 5th, it contains 1622 files ranging in size from 1KB to 844 KB. All files have no extension with seemingly random filenames such as: C621FB6BF9741AA18E55377FDD2CE96F and 4F6E72B34ED3DC53DCC5E8708E60B61F. All files have a fairly consistent date stamp just after creation of the folder itself. Total contents is 3.42 GB. Can randomly open different files with notepad but don't understand the contents. In addition, there are two text files created shortly afterwards in the system32 folder, PHOOKSmf.txt and PHOOKSmf2.TXT which seem to be lists of various drivers and other Windows information. Also, some of the files in System32\DriverStore have modified timestamps corresponding to the same time frame.

 

System restore is not an option. Windows updates were not done that day. I may have run some sort of security software but don't remember. A Google search for more information points to various forums indicating presence of Trojan infection.

 

Would appreciate help in identifying this situation and whether these files can be safely deleted or disinfected if necessary. Will await response before attaching anything.


Edited by hamluis, 15 December 2016 - 03:43 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 jopa66

jopa66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Windsor CANADA
  • Local time:04:23 AM

Posted 20 December 2016 - 08:56 PM

Further investigation of my system seems to indicate that that the mysterious folder and files in my System32 folder may be the result of installing the latest version of Panda FREE.

Shortly after 8:00 pm on 12/05/16 I uninstalled Panda FREE v15.14.2.0 and re-installed v15.14.3.0. I just now realize that the date stamps of the new version of Panda coincide with the date stamps of System32\DBBK and the two files PHOOKSmf.txt and PHOOKSmf2.TXT
 

The versions mentioned above refer to the setup files. I guess somehow this works out to be v18 with the new GUI. Not sure what the older one was - maybe v17?
 



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:23 AM

Posted 21 December 2016 - 08:03 PM

These are FRST log entries from other systems with Panda installed so it does appear that is the case.

2016-01-25 02:46 - 2016-01-25 02:53 - 01907920 _____ C:\Windows\system32\PHOOKSmf2.TXT
2016-01-25 02:43 - 2016-01-25 02:57 - 02280492 _____ C:\Windows\system32\PHOOKSmf.txt
2016-01-25 02:41 - 2016-01-25 02:55 - 00000000 ____D C:\Windows\system32\DBBK
2016-01-25 02:38 - 2016-01-25 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-01-25 02:37 - 2016-01-25 02:37 - 35213320 _____ (Panda Security ) C:\Users\<username>\Downloads\PandaCloudCleaner.exe

2013-03-02 12:07 . 2013-02-21 18:11 83168 ----a-w- c:\windows\system32\PCloudCleanerService.EXE
2013-03-02 12:07 . 2013-03-10 18:08 -------- d-----w- c:\windows\system32\DBBK
2013-03-02 11:51 . 2013-03-02 11:51 -------- d-----w- c:\program files\Panda Security

However, I did find other logs with the DBBK folder but no sign of Panda. It could be Panda was installed at one time and removed but left that folder behind. Then I found a few older logs where the contents of the folder were identified as malware and cleaned by AdwCleaner but that could have been a false positive.

Usually when a computer is infected with malware there most likely will be obvious indications (signs of infection and malware symptoms) that something is wrong.

You may want to contact and ask Panda Support...
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 jopa66

jopa66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Windsor CANADA
  • Local time:04:23 AM

Posted 23 December 2016 - 08:02 AM

Thanx Quietman. Appreciate the response and links. I did post a similar query on their forums a couple of days after I posted here. Still no response there. Meantime I have decided to go with Avast since I've learned of their acquisition and eventual integration with AVG. So for now at least, Panda is uninstalled and I will simply delete the aforementioned mystery files. I find this forum and Wilders are the staple "go to " places for expert technical knowledge and assistance.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:23 AM

Posted 23 December 2016 - 01:28 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users