Is this a virus?

Page 1 of 2 12 LastLast

  1. Posts : 1,031
       #1

    Is this a virus?


    I seem to keep geting a text document in one of my folders, that contains a link to this guys website. Is anyone else getting this, or is it a virus?
    Last edited by Cerawy; 07 Jan 2022 at 12:11.
      My Computer


  2. Posts : 781
    Windows 10
       #2

    @Cerawy please try using Virustotal (link in my sig) to scan the file. Then, upload the file to a service (not direct here) and send a link. I'll analyse it
      My Computer


  3. Posts : 1,031
    Thread Starter
       #3

    I have already deleted it, but it seems to have come back a few times. I will try it if it appears again. If anyone has any additional knowledge, please post it in this thread, thanks.
      My Computer


  4. Posts : 372
    Windows 10 Home: 21H1 (OS Build 19043.1586)
       #4

    How about editing it and changing the link to something else, like the FBI's site, then save it. That way, by not deleting it, it won't be replaced, the chances are, but will be nullified in effect. You could just change one letter of the URL so that a 404 error occurs.

    It could be symptomatic of a virus that keeps re-creating the file whenever deleted. Hard to know. If so, it will appear benign to any scans and contain no information that tracks it to the source, at least, from what you've said. I would hard core scan your machine for infections anyway if you haven't already done that. It's always safe to rename a file btw but that won't stop it being replaced if the above scenario is true.

    I'd be looking for other signs of infection such as some of the symptoms mentioned here.

    If the worst comes to the worst, you may need a clean install so look to backing up your personal data in case.

    Christophe
      My Computers


  5. Posts : 1,031
    Thread Starter
       #5

    I have already run a scan with pretty much most of the antivirus programs that you can find. They did find some virus in the beginning, so i ran them multiple times. Last scan i did was with adaware antivirus, which found nothing.
      My Computer


  6. Posts : 12
    All
       #6

    I'd say yes. Examine the site certificates. It seems odd that a site like that would have a valid cert issued from e3, yet alone for 3 months total. Also make sure you access on an atypical filesystem. That looks to go after windows based fs.
      My Computer


  7. Posts : 2,800
    Windows 7 Pro
       #7

    You can try to use process monitor to find which program creates and access this file.

    Code:
    Run procmon.exe
    
    Click the "magnifying glass" button on toolbar or disable "Capture Events" from the File menu (Ctrl-E).
    
    Click the "Clear" toolbar button or "Clear Display" from the Edit menu (Ctrl-X).
    
    To narrow the types of events to be captured... On the right of the toolbar buttons... Select only the file cabinet so Process Monitor will only show file system activity. 
    
    From "Filter" menu, Select "Filter..." 
    
    Press the "Reset" button if it is enabled.
    
    In the filter fields, select "Path" "is" and then type into the entry field the local disk you want to monitor. e.g. "c:\Folder" 
    
    Select "Include".
    
    Click "Add".
    
    Click "Apply".
    
    Click "OK".
    
    Click the "magnifying glass" button on toolbar or enable "Capture Events" from the File menu (Ctrl-E). 
    
    Wait until I/O activity in the specified directory gets recorded.
      My Computers


  8. Posts : 372
    Windows 10 Home: 21H1 (OS Build 19043.1586)
       #8

    @MaloK Great post and useful contribution to this thread. I've bookmarked your guidance for future reference.

    Christophe
      My Computers


  9. Posts : 632
    Linux Lite
       #9

    Use Malwarebytes to scan to see if Malwarebytes found something or not
      My Computers


  10. Posts : 1,031
    Thread Starter
       #10

    James said:
    @Cerawy please try using Virustotal (link in my sig) to scan the file. Then, upload the file to a service (not direct here) and send a link. I'll analyse it
    It seems like there are two files in the folder. The folder is called .fontconfig. I have uploaded them both on the virustotal website, here and here.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:09.
Find Us




Windows 10 Forums