New
#1
Is this a virus?
I seem to keep geting a text document in one of my folders, that contains a link to this guys website. Is anyone else getting this, or is it a virus?
Last edited by Cerawy; 07 Jan 2022 at 12:11.
I have already deleted it, but it seems to have come back a few times. I will try it if it appears again. If anyone has any additional knowledge, please post it in this thread, thanks.
How about editing it and changing the link to something else, like the FBI's site, then save it. That way, by not deleting it, it won't be replaced, the chances are, but will be nullified in effect. You could just change one letter of the URL so that a 404 error occurs.
It could be symptomatic of a virus that keeps re-creating the file whenever deleted. Hard to know. If so, it will appear benign to any scans and contain no information that tracks it to the source, at least, from what you've said. I would hard core scan your machine for infections anyway if you haven't already done that. It's always safe to rename a file btw but that won't stop it being replaced if the above scenario is true.
I'd be looking for other signs of infection such as some of the symptoms mentioned here.
If the worst comes to the worst, you may need a clean install so look to backing up your personal data in case.
Christophe
I have already run a scan with pretty much most of the antivirus programs that you can find. They did find some virus in the beginning, so i ran them multiple times. Last scan i did was with adaware antivirus, which found nothing.
I'd say yes. Examine the site certificates. It seems odd that a site like that would have a valid cert issued from e3, yet alone for 3 months total. Also make sure you access on an atypical filesystem. That looks to go after windows based fs.
You can try to use process monitor to find which program creates and access this file.
Code:Run procmon.exe Click the "magnifying glass" button on toolbar or disable "Capture Events" from the File menu (Ctrl-E). Click the "Clear" toolbar button or "Clear Display" from the Edit menu (Ctrl-X). To narrow the types of events to be captured... On the right of the toolbar buttons... Select only the file cabinet so Process Monitor will only show file system activity. From "Filter" menu, Select "Filter..." Press the "Reset" button if it is enabled. In the filter fields, select "Path" "is" and then type into the entry field the local disk you want to monitor. e.g. "c:\Folder" Select "Include". Click "Add". Click "Apply". Click "OK". Click the "magnifying glass" button on toolbar or enable "Capture Events" from the File menu (Ctrl-E). Wait until I/O activity in the specified directory gets recorded.
Use Malwarebytes to scan to see if Malwarebytes found something or not