Solved

unidentified malware creating appdata/temp folders

Posted on 2014-10-31
3
404 Views
Last Modified: 2014-11-07
At one or more a minute, new folders are created in Logged in User/appdata/temp. The folders names are 3 or 4 characters in length such as, 1eec or 3bc5, or 2d3f. Each folder contains a sub-folder "Appdata" among other things. As the number of folders increases in to the 1000s, the PC's performance degrades.

I cannot find any reference to any malware, etc. that describes this behavior. The folders can be easily and quickly deleted in Safe Mode. I ultimaley resolved this issue by going back to a restore point a couple of days prior to the infection.

Neither Symantec EndPoint 12.1.5, or Malwarebytes, or YAC found anything awry on this PC. However, Malwarebytes was reporting some "Malicious OUTBOUND activity".

Anybody have a clue what this was?

tom
0
Comment
Question by:tuckertf
  • 2
3 Comments
 
LVL 94

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40416523
Download, install and run Process Explorer from Microsoft (Sysinternals).  Look down the folder tree on the left for Explorer and see if there is a strange alphanumeric process running there. If so, Kill the process and do NOT restart the computer. Run Malwarebytes again, delete malware. Now restart and see if the temp file creation stops.
0
 

Author Comment

by:tuckertf
ID: 40428439
Thanks for input. At original site I was able to clear the malware.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40428458
@tuckertf  - Thanks for the update and I was happy to help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question