Jump to content
grandmere

suspicious files

Recommended Posts

My firewall suite has detected 2 suspicious files in my C drive /document settings : A8ADE5d8(high risk) and DFC5A282( low risk} (alternate data stream) . They only show up in a deep scan . Tey haven't been caught by SUPERantiSpyware or Malwarebytes both paid versions.

Ihave researched them on line an I can't find real answers as to risks . One answer was that the first one was created by Windows and if Ii deleted it (I never found it ) it would come back on the next re-boot. Tis has been going on for at least 2 weeks . I am inept when it comes to computers , I would appreciate re-assurance or help . Thanks grandmere

Share this post


Link to post
Share on other sites

Hello.

Please post the scan log which shows the items in question.

Share this post


Link to post
Share on other sites

My firewall suite has detected 2 suspicious files in my C drive /document settings : A8ADE5d8(high risk) and DFC5A282( low risk} (alternate data stream) . They only show up in a deep scan . Tey haven't been caught by SUPERantiSpyware or Malwarebytes both paid versions.

Ihave researched them on line an I can't find real answers as to risks . One answer was that the first one was created by Windows and if Ii deleted it (I never found it ) it would come back on the next re-boot. Tis has been going on for at least 2 weeks . I am inept when it comes to computers , I would appreciate re-assurance or help . Thanks grandmere

Share this post


Link to post
Share on other sites

A scan just ended and it was clean , the log has just 2 lines containing the info. I posted. In the last 2 days it seems that these files are not discovered every time . On the next scan , if they appear I will post attach them them.

Share this post


Link to post
Share on other sites

A scan just ended and it was clean , the log has just 2 lines containing the info. I posted. In the last 2 days it seems that these files are not discovered every time . On the next scan , if they appear I will post attach them them.

Sounds great! Please let us know if you have any further questions.

Share this post


Link to post
Share on other sites

The log only has these 2 lines . When I searched the files they were in Application data folder. I have the icons on my desktop as text files but they don't reveal anything and I am unable to open them except with

Notepad and there are 2 lines of gibberish I can't translate .( It would help if notepad language was French or sSpanish .) i wouldn't be bothering you Many people are getting these entries , There must me some explanation. I don't know enough to get rid of them . . Thank you for trying. Grandmere

Share this post


Link to post
Share on other sites

The log only has these 2 lines . When I searched the files they were in Application data folder. I have the icons on my desktop as text files but they don't reveal anything and I am unable to open them except with

Notepad and there are 2 lines of gibberish I can't translate .( It would help if notepad language was French or sSpanish .) i wouldn't be bothering you Many people are getting these entries , There must me some explanation. I don't know enough to get rid of them . . Thank you for trying. Grandmere

Please post the log here.

Share this post


Link to post
Share on other sites

Which antivirus are you using?

Where the files looking like this:

C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

Share this post


Link to post
Share on other sites

Which antivirus are you using?

Where the files looking like this:

C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

Thank for not giving up

It exactly says what you typed + on each line it says :Suspicious ) High risk for the 1st one (alternate data stream)

" Low " for the 2nd " (alternate data stream)

This appears on The AV results from On-Line Armor ( part of the Suite)

I also have Malwarebytes and they didn't reveal anything suspicious and neither did SAS

It isn't a detailed log , just these 2 lines. I hope you can help

I found them in in the Registry and deleted them but they re-appeared on the next re-boot. I don't like to do much in the Reg. as I know I could compromise the system

Share this post


Link to post
Share on other sites

Hello

Download OTL to your Desktop

  • Double click on icon and select Quick scan
  • When scan is finished it will produce 2 logs, copy/paste them into your reply

Next

Download aswMBR to your Desktop

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Hello

Download OTL to your Desktop

  • Double click on icon and select Quick scan
  • When scan is finished it will produce 2 logs, copy/paste them into your reply

Next

Download aswMBR to your Desktop

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the Save log button, save it to your desktop and post it in your next reply.

The OTL logs were submitted to Emsisoft On line Amor and were clean . After downloading "aswMBR ." the scan couldn't be done becaue of the following error: C0000061 driver not loaded

Share this post


Link to post
Share on other sites

Hello, post the logs here so I can review them

And for aswMBR try right click on icon and select Run as admin

Share this post


Link to post
Share on other sites

Of course. I used Adm. to download. . I am curious why SAS didn't find these files . On line Armor is not known as a great AV ,but one of 2 best rated Firewalls; and neither did Malwarebytes. and both do a more thorough AV scan . I appreciate your help and your time but it is taking too much of my time to resolve this issue . I am going to look for other avenues to get this problem solved . Thanks again!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...