Solved

unidentified malware creating appdata/temp folders

Posted on 2014-10-31
3
398 Views
Last Modified: 2014-11-07
At one or more a minute, new folders are created in Logged in User/appdata/temp. The folders names are 3 or 4 characters in length such as, 1eec or 3bc5, or 2d3f. Each folder contains a sub-folder "Appdata" among other things. As the number of folders increases in to the 1000s, the PC's performance degrades.

I cannot find any reference to any malware, etc. that describes this behavior. The folders can be easily and quickly deleted in Safe Mode. I ultimaley resolved this issue by going back to a restore point a couple of days prior to the infection.

Neither Symantec EndPoint 12.1.5, or Malwarebytes, or YAC found anything awry on this PC. However, Malwarebytes was reporting some "Malicious OUTBOUND activity".

Anybody have a clue what this was?

tom
0
Comment
Question by:tuckertf
  • 2
3 Comments
 
LVL 92

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40416523
Download, install and run Process Explorer from Microsoft (Sysinternals).  Look down the folder tree on the left for Explorer and see if there is a strange alphanumeric process running there. If so, Kill the process and do NOT restart the computer. Run Malwarebytes again, delete malware. Now restart and see if the temp file creation stops.
0
 

Author Comment

by:tuckertf
ID: 40428439
Thanks for input. At original site I was able to clear the malware.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40428458
@tuckertf  - Thanks for the update and I was happy to help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now