Solved

unidentified malware creating appdata/temp folders

Posted on 2014-10-31
3
410 Views
Last Modified: 2014-11-07
At one or more a minute, new folders are created in Logged in User/appdata/temp. The folders names are 3 or 4 characters in length such as, 1eec or 3bc5, or 2d3f. Each folder contains a sub-folder "Appdata" among other things. As the number of folders increases in to the 1000s, the PC's performance degrades.

I cannot find any reference to any malware, etc. that describes this behavior. The folders can be easily and quickly deleted in Safe Mode. I ultimaley resolved this issue by going back to a restore point a couple of days prior to the infection.

Neither Symantec EndPoint 12.1.5, or Malwarebytes, or YAC found anything awry on this PC. However, Malwarebytes was reporting some "Malicious OUTBOUND activity".

Anybody have a clue what this was?

tom
0
Comment
Question by:tuckertf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 95

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40416523
Download, install and run Process Explorer from Microsoft (Sysinternals).  Look down the folder tree on the left for Explorer and see if there is a strange alphanumeric process running there. If so, Kill the process and do NOT restart the computer. Run Malwarebytes again, delete malware. Now restart and see if the temp file creation stops.
0
 

Author Comment

by:tuckertf
ID: 40428439
Thanks for input. At original site I was able to clear the malware.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 40428458
@tuckertf  - Thanks for the update and I was happy to help.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question