kboles101
asked on
PC DM Files Legit or Malware???
In the directory C:\Users\Public\Documents\
There are hundreds of folders which present as some type of backup; however, I suspect malware.
The C: Drive is completely full from these files!
Please advise and include a removal tool suggestion.
Thanks Much!
There are hundreds of folders which present as some type of backup; however, I suspect malware.
The C: Drive is completely full from these files!
Please advise and include a removal tool suggestion.
Thanks Much!
I would scan your computer with Malwarebytes' Anti-Malware. It's probably worthwhile installing/updating the software in normal mode, reboot into safe mode, do a full scan, boot back into normal mode and do another full scan.
MBAM - is always a good starting point.
"Malwarebytes' Anti-Malware" (http://www.malwarebytes.org/mbam.php)
Please note that it is NOT to be run in Safe Mode - if your system will boot to Normal Mode.
From the MBAM Member Forum - a good discussion about how MBAM works and why "Normal Mode" is recommended:
http://www.malwarebytes.org/forums/index.php?showtopic=17334&st=0&p
"Malwarebytes' Anti-Malware" (http://www.malwarebytes.org/mbam.php)
Please note that it is NOT to be run in Safe Mode - if your system will boot to Normal Mode.
From the MBAM Member Forum - a good discussion about how MBAM works and why "Normal Mode" is recommended:
http://www.malwarebytes.org/forums/index.php?showtopic=17334&st=0&p
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
younghv: There's plenty of reasons in that forum you posted as to why it's a good idea to scan in safe mode. As long as you DO do a scan in mormal mode you're fine.
brettkm,
Actually there isn't - as explained by one of the actual creators of MBAM (nosirrah).
Let's continue the conversation here: https://www.experts-exchange.com/questions/24860646/ComboFix-MBAM-basic-posts.html
Actually there isn't - as explained by one of the actual creators of MBAM (nosirrah).
Let's continue the conversation here: https://www.experts-exchange.com/questions/24860646/ComboFix-MBAM-basic-posts.html
kboles101,
Glad you solved it.
Is there some kind of simple clean-up function within "DRPU..." or can you do a simple DOS delete command for that particular extension?
If you post the solution you use, one of your options for closing questions is to "Accept as Solution" your own comment.
Doing so will save the answer in our searchable database of "PAQ" (Previously Answered Questions).
Thanks
Glad you solved it.
Is there some kind of simple clean-up function within "DRPU..." or can you do a simple DOS delete command for that particular extension?
If you post the solution you use, one of your options for closing questions is to "Accept as Solution" your own comment.
Doing so will save the answer in our searchable database of "PAQ" (Previously Answered Questions).
Thanks
ASKER
Closing comments / thoughts:
This program does appear to barley meet the definition of "legitimate" application and perhaps could have been removed using conventional methods. However, by the time I received the laptop, it was very crippled. Also, the stated purpose of the program is key and user activity logging...AKA spying. To ensure all traces of the spying application were removed, I opted for an HP F11 system restore from scratch.
This program does appear to barley meet the definition of "legitimate" application and perhaps could have been removed using conventional methods. However, by the time I received the laptop, it was very crippled. Also, the stated purpose of the program is key and user activity logging...AKA spying. To ensure all traces of the spying application were removed, I opted for an HP F11 system restore from scratch.