Solved

Spooky file in program files

Posted on 2014-09-18
10
127 Views
Last Modified: 2014-09-18
I'm using Windows 8.1, I've got a file in c:\program files (yes its 32 bit but the path's been hard-coded into a legacy app) , I just can't understand it, i replace the file with a newer version, but the old version seems to persist???
0
Comment
Question by:Silas2
  • 6
  • 4
10 Comments
 
LVL 91

Expert Comment

by:John Hurst
ID: 40330218
What do you see here?  You have not provided any information.
0
 

Author Comment

by:Silas2
ID: 40330307
its very strange, I have the file in program files, I delete it, replace it with a new version , but when I open the new version, it turns out to be the old one, I know I can't believe my own eyes, but its true (I've just done it again to check I wasn't going mad)

This file was executed by a Shell(appname) function from another app, but that calling app is closed, but its as If the spooky app file is being held somehow
0
 
LVL 91

Expert Comment

by:John Hurst
ID: 40330318
It would appear you have a virus.

Download Process Explorer from Microsoft, install it and run it. Look down the left hand side for Explorer and see if there are any alphanumeric processes running there. If so, kill them, and do NOT restart.

Get Malwarebytes and scan with it to remove viruses (malwarebytes.org).
0
 

Author Comment

by:Silas2
ID: 40330440
No its definitely not a virus, I don't run anti-virus software, so I never get viruses!!

Its so spooky, if I rename the parent folder, i get the new version, but when I rename it back, i get the old version.

The start of this was the Shell(appname), the app then threw an exception , I think it could have possibly corrupted the folder structure though...somehow, the older version of the file just persists in that position no matter what i do to replace it.
0
 
LVL 91

Expert Comment

by:John Hurst
ID: 40330456
If you don't run anti virus and click on a bogus link, you can easily get viruses. My guess is that over half of "strange" issues in here are caused by viruses. Root kits are especially bad.

Even if you think it is not a virus, please tell use what Process Explorer said (as I described above).

If you are certain it is not a virus, then you have installed legacy and incompatible software on your Windows 8.1 machine. Look in Program and Features and see if you can uninstall.

If not, you may need to run a Windows 8.1 Refresh (Action Center, Recovery Options). This will protect data but uninstall software you added after starting up Windows 8.1.
0
Do email signature updates give you a headache?

Are you constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:Silas2
ID: 40330467
You have to do more than click on a bogus link, you have to let windows install a piece of malicious code, that's why I've never bothered with anti-virus, the overhead is frightening + the worst offender is corporate spyware which they, out of courtesy don't detect, but don't get me started, its like the millennium bug...

I think it must be a damaged folder structure caused by the exception...its a new pc/install of windows 8.1, don't you?
0
 
LVL 91

Expert Comment

by:John Hurst
ID: 40330476
No, what you are posting is not entirely true. Drive by links are very very common. I never run without Anti Virus or let my clients run without Anti Virus.

One the other question, yes, it could be a damaged install of Windows 8.1. See if a Refresh clears this up and if not, then format the hard drive and install Windows 8.1 again.

If you do the reinstall, don't forget BIOS, Chipset and Video upgrades to get started and then update all your drivers.

I have been running Windows 8 / 8.1 for about a year and a half and what you describe has not happened to me.
0
 

Author Comment

by:Silas2
ID: 40330542
Its not Win8, its this funny event , shell command, exception, could have taken a tiny chunk from the file system so its confusing the FAT, or whatever it is now.

What I don't understand out 'Drive By links' threat, is that windows is still required to ask permission to install any executable, how can a drive-by link circumvent that?
0
 
LVL 91

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40330567
You said "I'm using Windows 8.1,"  so if not Windows 8 / 8.1, what are you running?  Windows 8 / 8.1 uses NTFS not FAT.  Something has appeared to have damaged your operating system. You description has become very confusing by saying now it is FAT and not Windows 8.

"Drive by links" work by people clicking and OK'ing the result. It is called social engineering.
0
 
LVL 91

Expert Comment

by:John Hurst
ID: 40330603
@Silas2  - Thank you, and good luck setting up Windows 8.1 again. I have it running quite smoothly.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now