[SOLVED] Suspicious files with invalid extentions reappear after deletion
Posted: Thu, 09 Feb 2017, 15:02
I am dealing with a problem with suspicious files appearing at peculiar locations on a Windows 7 PC. The folders appear in directories like C:\, the Windows "temp" folder, the library folder, and the documents folder for each individual user. Inside each folder is a series of MS Office files, a JPEG, and a .txt document, though none of them can be opened by their respective programs. Each file and folder also has a suspicious name, as if random words were chosen from a dictionary and combined with numbers. For example a folder named "Abmirror89" or an Access file titled "fabrics.efforts.objection". Some of the folders are also hidden. If any of the folders are deleted, they all reappear within a few minutes with new names and filled with new files following a similar pattern, even after deleting with "Unlocker." The folders also seem to reinitialize after a reboot. A screenshot of one of the folders has been included.
I have scanned the entire PC offline with Panda Free Antivirus, Malwarebytes Free, Rogue Killer, TrendMicro CWS, BitDefender Rootkit Removal, TrendMicro RootKitBuster, and Spybot. None revealed any serious infections; only PUPs and the remains of a toolbar. Neither ADW Cleaner nor HijackThis shows any suspicious processes or services. I installed Cybereason Ransom Free and Malwarebytes AntiExploit and neither has yet to detect any malicious processes. I booted the PC using MS DaRT and removed each of the files through the Explorer feature, then checked for invalid OS files in case of a root kit. Upon rebooting the PC, the folders and files were recreated. There are no other symptoms than these suspicious files and folders.
UPDATE: I booted Windows in safe mode and deleted all of the files I could identify following similar random pattern. The files did not return while in safe mode, even if rebooted back into safe mode. However, they reappeared after a normal startup. I also discovered a new instance of these random files on the Windows system reserve space (D:\.) I have scanned the PC with rescue discs from Panda, AVG, and Bitdefender. None found any more signs of infection.
I have encountered similar problems before, but none which the previous measures did not neutralize the issue. Does this description match any particular malware variants? Could this be an undiscovered threat? Is there a simpler explanation as to why malware hasn't been detected?
I have scanned the entire PC offline with Panda Free Antivirus, Malwarebytes Free, Rogue Killer, TrendMicro CWS, BitDefender Rootkit Removal, TrendMicro RootKitBuster, and Spybot. None revealed any serious infections; only PUPs and the remains of a toolbar. Neither ADW Cleaner nor HijackThis shows any suspicious processes or services. I installed Cybereason Ransom Free and Malwarebytes AntiExploit and neither has yet to detect any malicious processes. I booted the PC using MS DaRT and removed each of the files through the Explorer feature, then checked for invalid OS files in case of a root kit. Upon rebooting the PC, the folders and files were recreated. There are no other symptoms than these suspicious files and folders.
UPDATE: I booted Windows in safe mode and deleted all of the files I could identify following similar random pattern. The files did not return while in safe mode, even if rebooted back into safe mode. However, they reappeared after a normal startup. I also discovered a new instance of these random files on the Windows system reserve space (D:\.) I have scanned the PC with rescue discs from Panda, AVG, and Bitdefender. None found any more signs of infection.
I have encountered similar problems before, but none which the previous measures did not neutralize the issue. Does this description match any particular malware variants? Could this be an undiscovered threat? Is there a simpler explanation as to why malware hasn't been detected?