Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

unidentified malware creating appdata/temp folders

Posted on 2014-10-31
3
Medium Priority
?
427 Views
Last Modified: 2014-11-07
At one or more a minute, new folders are created in Logged in User/appdata/temp. The folders names are 3 or 4 characters in length such as, 1eec or 3bc5, or 2d3f. Each folder contains a sub-folder "Appdata" among other things. As the number of folders increases in to the 1000s, the PC's performance degrades.

I cannot find any reference to any malware, etc. that describes this behavior. The folders can be easily and quickly deleted in Safe Mode. I ultimaley resolved this issue by going back to a restore point a couple of days prior to the infection.

Neither Symantec EndPoint 12.1.5, or Malwarebytes, or YAC found anything awry on this PC. However, Malwarebytes was reporting some "Malicious OUTBOUND activity".

Anybody have a clue what this was?

tom
0
Comment
Question by:tuckertf
  • 2
3 Comments
 
LVL 99

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40416523
Download, install and run Process Explorer from Microsoft (Sysinternals).  Look down the folder tree on the left for Explorer and see if there is a strange alphanumeric process running there. If so, Kill the process and do NOT restart the computer. Run Malwarebytes again, delete malware. Now restart and see if the temp file creation stops.
0
 

Author Comment

by:tuckertf
ID: 40428439
Thanks for input. At original site I was able to clear the malware.
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 40428458
@tuckertf  - Thanks for the update and I was happy to help.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question