Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Undeletable folders and users on Win 7


  • This topic is locked This topic is locked
14 replies to this topic

#1 zse45tgb

zse45tgb

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 27 May 2017 - 09:25 PM

Greeting again,

I have encountered a new and puzzling problem on my laptop.

It is a Lenovo Z570, running Win 7 64 bit, with 8G ram.

I use Avast free version, MBAM free, and SUPERAntiSpyware free, all up to date.

I ran an avast boot scan as well as a thorough virus scan, an MBAM scan and a Superantispyware scan and the only results I got were the tracking cookies Superantispyware always finds.

Here's what the problem is:

Two new folders - xconfig172 and bdates202 appeared on my computer with the strangest file names in them.

Added to that 2 new users - Aksksx  and Qw4aw   appeared at the same time with equally bizzare file names in their folders.

While there are no .exe files in any of the folders, I'm concerned because I an unable to delete the users on my machine.

I am the only user ever physically on this machine.

Any help would be greatly appreciated.

 

Attached are screenshots of the folders.

Attached File  Aksqsx.jpg   117.05KB   0 downloadsAttached File  Qw4aw.jpg   121.14KB   0 downloadsAttached File  bdates202.jpg   124.81KB   0 downloadsAttached File  xconfig172.jpg   68.16KB   0 downloads


Edited by hamluis, 28 May 2017 - 04:08 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Guest_Aaron_Warrior_*

Guest_Aaron_Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 27 May 2017 - 11:26 PM

What weirdness are you doing with your computer?  Do you have remote access software installed? Those two accounts look machine-made, like something (not someone) has connected to your computer with full privileges and is using your computer as a repository for data.  Those filenames feel like keyword spam to me.

 

I was going to give a long list of little fixes, but instead I think you should take this straight to malware removal help forum, as this looks pretty hard-core infected to me.



#3 RolandJS

RolandJS

  • Members
  • 4,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area

Posted 27 May 2017 - 11:37 PM

Have you been taking advantage of numerous TORrent or similar services?


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#4 zse45tgb

zse45tgb
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 28 May 2017 - 02:12 AM

Thanks for the reply's

If there is remote access software installed, it was not by me.

I have been checking TOR out since it's been in the news quite a bit, but as far as TORrent or similar services the answer would be no.

I have moved this query to the "Am I Infected" section, thanks for the tip. It's been a while since I've been here.


Edited by zse45tgb, 28 May 2017 - 02:34 AM.


#5 Guest_Aaron_Warrior_*

Guest_Aaron_Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2017 - 02:51 AM

Okay so while we wait for someone that actually knows what they are doing to show up, let's have a "come to Jesus moment" and have some Confession Time.  P2P filesharing?  Cracked software?  You've been reading about Tor, do you have anything weird installed on your computer that might have infected it?  Did you "do something" just before the problem showed up?  Download a file, install Video Codecs, etc..?



#6 zse45tgb

zse45tgb
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 28 May 2017 - 01:27 PM

P2P- NO

Cracked Software-No

Weird Installations-No

I have downloaded some jpg.'s

The last thing I did before I noticed the problem was updating Windows.



#7 Guest_Aaron_Warrior_*

Guest_Aaron_Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2017 - 01:31 PM

P2P- NO

Cracked Software-No

Weird Installations-No

I have downloaded some jpg.'s

The last thing I did before I noticed the problem was updating Windows.

 

Hmm well if that's the case run System Restore and see what happens.



#8 zse45tgb

zse45tgb
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  

Posted 28 May 2017 - 07:01 PM

System Restore did not help, but thanks.



#9 RolandJS

RolandJS

  • Members
  • 4,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:40 AM

Posted 28 May 2017 - 07:45 PM

And, you have no current restorable backups?


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#10 Guest_Aaron_Warrior_*

Guest_Aaron_Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 May 2017 - 08:35 PM

I'm hesitant to offer any more suggestion as they may make things worse.  Best to wait for someone to vet your system for malware.



#11 zse45tgb

zse45tgb
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  

Posted 28 May 2017 - 09:22 PM

@RolandJS

That is correct, unfortunately.



#12 selohu

selohu

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:40 AM

Posted 01 June 2017 - 10:56 AM

yo reiniciaba el equipo en Modo seguro con rojo, le pasaba Rkill Explora  https://www.bleepingcomputer.com/download/rkill/ y Apuntar lo que salga de Como detection. Que algo Fijo venta.
Y le Daba Otro repaso con avast actualizado, Y OTRO RogueKiller .bleepingcomputer.todo lo que salga.

Edited by boopme, 01 June 2017 - 12:14 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 01 June 2017 - 12:14 PM

Sorry you are not allowed to run Rogue killer as suggested above in this area..

Please follow this Preparation Guide Start at step 6 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 zse45tgb

zse45tgb
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  

Posted 12 June 2017 - 02:03 PM

@boopme

Well is a subjective term, but we're working toward an end (hopefully).

Apologies for the delay.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:40 AM

Posted 13 June 2017 - 09:14 AM

Thank you... New topic..

https://www.bleepingcomputer.com/forums/t/648309/undeletable-users-and-folders-on-win-7-64-bit/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users