Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Spooky file in program files

Posted on 2014-09-18
10
Medium Priority
?
142 Views
Last Modified: 2014-09-18
I'm using Windows 8.1, I've got a file in c:\program files (yes its 32 bit but the path's been hard-coded into a legacy app) , I just can't understand it, i replace the file with a newer version, but the old version seems to persist???
0
Comment
Question by:Silas2
  • 6
  • 4
10 Comments
 
LVL 100

Expert Comment

by:John Hurst
ID: 40330218
What do you see here?  You have not provided any information.
0
 

Author Comment

by:Silas2
ID: 40330307
its very strange, I have the file in program files, I delete it, replace it with a new version , but when I open the new version, it turns out to be the old one, I know I can't believe my own eyes, but its true (I've just done it again to check I wasn't going mad)

This file was executed by a Shell(appname) function from another app, but that calling app is closed, but its as If the spooky app file is being held somehow
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40330318
It would appear you have a virus.

Download Process Explorer from Microsoft, install it and run it. Look down the left hand side for Explorer and see if there are any alphanumeric processes running there. If so, kill them, and do NOT restart.

Get Malwarebytes and scan with it to remove viruses (malwarebytes.org).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Silas2
ID: 40330440
No its definitely not a virus, I don't run anti-virus software, so I never get viruses!!

Its so spooky, if I rename the parent folder, i get the new version, but when I rename it back, i get the old version.

The start of this was the Shell(appname), the app then threw an exception , I think it could have possibly corrupted the folder structure though...somehow, the older version of the file just persists in that position no matter what i do to replace it.
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40330456
If you don't run anti virus and click on a bogus link, you can easily get viruses. My guess is that over half of "strange" issues in here are caused by viruses. Root kits are especially bad.

Even if you think it is not a virus, please tell use what Process Explorer said (as I described above).

If you are certain it is not a virus, then you have installed legacy and incompatible software on your Windows 8.1 machine. Look in Program and Features and see if you can uninstall.

If not, you may need to run a Windows 8.1 Refresh (Action Center, Recovery Options). This will protect data but uninstall software you added after starting up Windows 8.1.
0
 

Author Comment

by:Silas2
ID: 40330467
You have to do more than click on a bogus link, you have to let windows install a piece of malicious code, that's why I've never bothered with anti-virus, the overhead is frightening + the worst offender is corporate spyware which they, out of courtesy don't detect, but don't get me started, its like the millennium bug...

I think it must be a damaged folder structure caused by the exception...its a new pc/install of windows 8.1, don't you?
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40330476
No, what you are posting is not entirely true. Drive by links are very very common. I never run without Anti Virus or let my clients run without Anti Virus.

One the other question, yes, it could be a damaged install of Windows 8.1. See if a Refresh clears this up and if not, then format the hard drive and install Windows 8.1 again.

If you do the reinstall, don't forget BIOS, Chipset and Video upgrades to get started and then update all your drivers.

I have been running Windows 8 / 8.1 for about a year and a half and what you describe has not happened to me.
0
 

Author Comment

by:Silas2
ID: 40330542
Its not Win8, its this funny event , shell command, exception, could have taken a tiny chunk from the file system so its confusing the FAT, or whatever it is now.

What I don't understand out 'Drive By links' threat, is that windows is still required to ask permission to install any executable, how can a drive-by link circumvent that?
0
 
LVL 100

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40330567
You said "I'm using Windows 8.1,"  so if not Windows 8 / 8.1, what are you running?  Windows 8 / 8.1 uses NTFS not FAT.  Something has appeared to have damaged your operating system. You description has become very confusing by saying now it is FAT and not Windows 8.

"Drive by links" work by people clicking and OK'ing the result. It is called social engineering.
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40330603
@Silas2  - Thank you, and good luck setting up Windows 8.1 again. I have it running quite smoothly.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question