Spooky file in program files

I'm using Windows 8.1, I've got a file in c:\program files (yes its 32 bit but the path's been hard-coded into a legacy app) , I just can't understand it, i replace the file with a newer version, but the old version seems to persist???
Silas2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
What do you see here?  You have not provided any information.
0
Silas2Author Commented:
its very strange, I have the file in program files, I delete it, replace it with a new version , but when I open the new version, it turns out to be the old one, I know I can't believe my own eyes, but its true (I've just done it again to check I wasn't going mad)

This file was executed by a Shell(appname) function from another app, but that calling app is closed, but its as If the spooky app file is being held somehow
0
JohnBusiness Consultant (Owner)Commented:
It would appear you have a virus.

Download Process Explorer from Microsoft, install it and run it. Look down the left hand side for Explorer and see if there are any alphanumeric processes running there. If so, kill them, and do NOT restart.

Get Malwarebytes and scan with it to remove viruses (malwarebytes.org).
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Silas2Author Commented:
No its definitely not a virus, I don't run anti-virus software, so I never get viruses!!

Its so spooky, if I rename the parent folder, i get the new version, but when I rename it back, i get the old version.

The start of this was the Shell(appname), the app then threw an exception , I think it could have possibly corrupted the folder structure though...somehow, the older version of the file just persists in that position no matter what i do to replace it.
0
JohnBusiness Consultant (Owner)Commented:
If you don't run anti virus and click on a bogus link, you can easily get viruses. My guess is that over half of "strange" issues in here are caused by viruses. Root kits are especially bad.

Even if you think it is not a virus, please tell use what Process Explorer said (as I described above).

If you are certain it is not a virus, then you have installed legacy and incompatible software on your Windows 8.1 machine. Look in Program and Features and see if you can uninstall.

If not, you may need to run a Windows 8.1 Refresh (Action Center, Recovery Options). This will protect data but uninstall software you added after starting up Windows 8.1.
0
Silas2Author Commented:
You have to do more than click on a bogus link, you have to let windows install a piece of malicious code, that's why I've never bothered with anti-virus, the overhead is frightening + the worst offender is corporate spyware which they, out of courtesy don't detect, but don't get me started, its like the millennium bug...

I think it must be a damaged folder structure caused by the exception...its a new pc/install of windows 8.1, don't you?
0
JohnBusiness Consultant (Owner)Commented:
No, what you are posting is not entirely true. Drive by links are very very common. I never run without Anti Virus or let my clients run without Anti Virus.

One the other question, yes, it could be a damaged install of Windows 8.1. See if a Refresh clears this up and if not, then format the hard drive and install Windows 8.1 again.

If you do the reinstall, don't forget BIOS, Chipset and Video upgrades to get started and then update all your drivers.

I have been running Windows 8 / 8.1 for about a year and a half and what you describe has not happened to me.
0
Silas2Author Commented:
Its not Win8, its this funny event , shell command, exception, could have taken a tiny chunk from the file system so its confusing the FAT, or whatever it is now.

What I don't understand out 'Drive By links' threat, is that windows is still required to ask permission to install any executable, how can a drive-by link circumvent that?
0
JohnBusiness Consultant (Owner)Commented:
You said "I'm using Windows 8.1,"  so if not Windows 8 / 8.1, what are you running?  Windows 8 / 8.1 uses NTFS not FAT.  Something has appeared to have damaged your operating system. You description has become very confusing by saying now it is FAT and not Windows 8.

"Drive by links" work by people clicking and OK'ing the result. It is called social engineering.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
@Silas2  - Thank you, and good luck setting up Windows 8.1 again. I have it running quite smoothly.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.