Unknown folder

Discussion in 'Computer Support' started by Iapetus, Jul 29, 2009.

  1. Iapetus

    Iapetus Guest

    I have a unknown folder in the C:\ directory with 25 random capital
    letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.

    It's always empty and Windows will not delete it. If I erase it during
    boot with any of several erase programs it will reappear again with
    another 25 random capital letters.

    I've scanned the system with Avira, Avast and Malwarebytes with no
    detection, apart from a false positive from Avira called
    mikes-enhanced-dune2000-trainer.exe, downloaded from
    http://michaelshadle.com/projects/dune2000/ and been using for a long
    time without trouble.


    Anyone know what could be causing this directory to keep reappearing?


    Using XP Pro SP3.
     
    Iapetus, Jul 29, 2009
    #1
    1. Advertising

  2. Hello,

    Use Unlocker to find out which process is preventing it from being deleted
    http://ccollomb.free.fr/unlocker/

    You can also use it to force-remove all file handles and delete the folder.

    --
    Regards,
    Singapore Computer Home Repair Service
    http://www.bootstrike.com/ComputerService/
    Video Conversion VHS Video8 Hi8 Digital8 MiniDv MicroMv
    http://www.bootstrike.com/VHSVideoConvert/
    "Iapetus" <> wrote in message news:h4pn9o$9pe$...
    >I have a unknown folder in the C:\ directory with 25 random capital
    >letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.
    >
    > It's always empty and Windows will not delete it. If I erase it during
    > boot with any of several erase programs it will reappear again with
    > another 25 random capital letters.
    >
    > I've scanned the system with Avira, Avast and Malwarebytes with no
    > detection, apart from a false positive from Avira called
    > mikes-enhanced-dune2000-trainer.exe, downloaded from
    > http://michaelshadle.com/projects/dune2000/ and been using for a long time
    > without trouble.
    >
    >
    > Anyone know what could be causing this directory to keep reappearing?
    >
    >
    > Using XP Pro SP3.
    >
     
    Singapore Computer Service, Jul 29, 2009
    #2
    1. Advertising

  3. On 7/29/2009 8:15 PM, Iapetus wrote:
    > I have a unknown folder in the C:\ directory with 25 random capital
    > letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.
    >


    You can try to track what is creating the folder with Process Monitor
    http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx which
    contains functionality of erstwhile sysinternals products filemon and
    regmon. Check out the page for a description.

    HTH

    --
    Diabolic Preacher
    As Is
     
    Diabolic Preacher, Jul 29, 2009
    #3
  4. From: "Diabolic Preacher" <>

    | On 7/29/2009 8:15 PM, Iapetus wrote:
    >> I have a unknown folder in the C:\ directory with 25 random capital
    >> letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.



    | You can try to track what is creating the folder with Process Monitor
    | http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx which
    | contains functionality of erstwhile sysinternals products filemon and
    | regmon. Check out the page for a description.

    | HTH

    | --
    | Diabolic Preacher
    | As Is

    Or use Process Explorer to do likewise.
    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jul 29, 2009
    #4
  5. Iapetus

    Aardvark Guest

    Aardvark, Jul 29, 2009
    #5
  6. Iapetus

    Iapetus Guest

    Singapore Computer Service wrote:
    > Hello,
    >
    > Use Unlocker to find out which process is preventing it from being deleted
    > http://ccollomb.free.fr/unlocker/
    >
    > You can also use it to force-remove all file handles and delete the folder.
    >


    It says no handle found. When unlocker deletes the folder another appears.
     
    Iapetus, Jul 30, 2009
    #6
  7. Iapetus

    Iapetus Guest

    David H. Lipman wrote:
    > From: "Diabolic Preacher" <>
    >
    > | On 7/29/2009 8:15 PM, Iapetus wrote:
    >>> I have a unknown folder in the C:\ directory with 25 random capital
    >>> letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.

    >
    >
    > | You can try to track what is creating the folder with Process Monitor
    > | http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx which
    > | contains functionality of erstwhile sysinternals products filemon and
    > | regmon. Check out the page for a description.
    >
    > | HTH
    >
    > | --
    > | Diabolic Preacher
    > | As Is
    >
    > Or use Process Explorer to do likewise.
    > http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    >


    As it's created during the boot up Process Explorer or Monitor wont be
    able to say what program is causing its creation.
     
    Iapetus, Jul 30, 2009
    #7
  8. Iapetus <> pinched out a steaming pile
    of<h4s6nm$t2i$>:

    >David H. Lipman wrote:
    >> From: "Diabolic Preacher" <>
    >>
    >> | On 7/29/2009 8:15 PM, Iapetus wrote:
    >>>> I have a unknown folder in the C:\ directory with 25 random

    capital
    >>>> letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.

    >>
    >>
    >> | You can try to track what is creating the folder with Process

    Monitor
    >> | http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

    which
    >> | contains functionality of erstwhile sysinternals products filemon

    and
    >> | regmon. Check out the page for a description.
    >>
    >> | HTH
    >>
    >> | --
    >> | Diabolic Preacher
    >> | As Is
    >>
    >> Or use Process Explorer to do likewise.
    >> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    >>

    >
    >As it's created during the boot up Process Explorer or Monitor wont be
    >able to say what program is causing its creation.
    >

    Rooot Kiiiiiiit.

    ^_^



    --
    http://www.youtube.com/watch?v=COaoYqkpkUA
    cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
     
    §ñühw¤£f, Jul 30, 2009
    #8
  9. Iapetus

    chris Guest

    "Iapetus" wrote

    > As it's created during the boot up Process Explorer or Monitor wont be
    > able to say what program is causing its creation.


    maybe x-setup or another startup manager could help you.
    http://www.x-setup.net/
     
    chris, Jul 30, 2009
    #9
  10. Iapetus

    1PW Guest

    Iapetus wrote:
    > I have a unknown folder in the C:\ directory with 25 random capital
    > letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.
    >
    > It's always empty and Windows will not delete it. If I erase it during
    > boot with any of several erase programs it will reappear again with
    > another 25 random capital letters.
    >
    > I've scanned the system with Avira, Avast and Malwarebytes with no
    > detection, apart from a false positive from Avira called
    > mikes-enhanced-dune2000-trainer.exe, downloaded from
    > http://michaelshadle.com/projects/dune2000/ and been using for a long
    > time without trouble.
    >
    >
    > Anyone know what could be causing this directory to keep reappearing?
    >
    >
    > Using XP Pro SP3.


    Hello Iapetus:

    In the event that §ñühw¤£f is correct, try running GMER:

    <http://www.gmer.net/#files>

    HTH

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
     
    1PW, Jul 30, 2009
    #10
  11. From: "Iapetus" <>

    | David H. Lipman wrote:
    >> From: "Diabolic Preacher" <>


    >> | On 7/29/2009 8:15 PM, Iapetus wrote:
    >>>> I have a unknown folder in the C:\ directory with 25 random capital
    >>>> letters, currently VWJVFHNEGOVACCHMPVZEUOQJM.



    >> | You can try to track what is creating the folder with Process Monitor
    >> | http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx which
    >> | contains functionality of erstwhile sysinternals products filemon and
    >> | regmon. Check out the page for a description.


    >> | HTH


    >> | --
    >> | Diabolic Preacher
    >> | As Is


    >> Or use Process Explorer to do likewise.
    >> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx



    | As it's created during the boot up Process Explorer or Monitor wont be
    | able to say what program is causing its creation.


    Then it could be protected by a RootKit and is hidden by the OS such as in an ADS or at
    least controlled through priveledges.

    Run a full scan with Gmer.
    http://www.gmer.net/

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jul 30, 2009
    #11
  12. Iapetus

    Aardvark Guest

    On Wed, 29 Jul 2009 15:45:08 +0100, Iapetus wrote:

    > Stuff


    I went to the grave of the unknown folder once. At least, I think that's
    what it was. Y'see I was young at the time and hadn't yet learnt to read.
     
    Aardvark, Jul 31, 2009
    #12
  13. Iapetus

    Art Guest

    On Thu, 30 Jul 2009 18:09:54 -0400, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >Run a full scan with Gmer.
    >http://www.gmer.net/


    Pretty geeky! :) Have you found it more effective than others?

    Art
     
    Art, Jul 31, 2009
    #13
  14. David H. Lipman, Jul 31, 2009
    #14
  15. Iapetus

    Spriva Guest

    On Fri, 31 Jul 2009 16:17:46 -0400, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "Art" <>
    >
    >| On Thu, 30 Jul 2009 18:09:54 -0400, "David H. Lipman"
    >| <DLipman~nospam~@Verizon.Net> wrote:
    >
    >>>Run a full scan with Gmer.
    >>>http://www.gmer.net/

    >
    >| Pretty geeky! :) Have you found it more effective than others?
    >
    >| Art
    >
    >Yes and I have contact with the author.
    >Gmer just recently updated his Anti RootKit scanner for the latest TDSS threats.


    How do you use it? I downloaded it and ran a full scan. It filled the
    scan window with hundreds of paths/filenames, but nothing seemed to be
    highlighted as any kind of threat. Did I miss anything, or is that how
    it is?
     
    Spriva, Aug 1, 2009
    #15
  16. From: "Spriva" <>

    | On Fri, 31 Jul 2009 16:17:46 -0400, "David H. Lipman"
    | <DLipman~nospam~@Verizon.Net> wrote:

    >>From: "Art" <>


    >>| On Thu, 30 Jul 2009 18:09:54 -0400, "David H. Lipman"
    >>| <DLipman~nospam~@Verizon.Net> wrote:


    >>>>Run a full scan with Gmer.
    >>>>http://www.gmer.net/


    >>| Pretty geeky! :) Have you found it more effective than others?


    >>| Art


    >>Yes and I have contact with the author.
    >>Gmer just recently updated his Anti RootKit scanner for the latest TDSS threats.


    | How do you use it? I downloaded it and ran a full scan. It filled the
    | scan window with hundreds of paths/filenames, but nothing seemed to be
    | highlighted as any kind of threat. Did I miss anything, or is that how
    | it is?


    Most threats would be in Red. Others listings are more subtle to recognize. Limit them
    by closing as much running software as possible.
    Read the Gmer example pages for hints.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Aug 1, 2009
    #16
  17. Iapetus

    Guest

    Spriva <> wrote:

    >>Yes and I have contact with the author.
    >>Gmer just recently updated his Anti RootKit scanner for the latest TDSS threats.


    >How do you use it? I downloaded it and ran a full scan. It filled the
    >scan window with hundreds of paths/filenames, but nothing seemed to be
    >highlighted as any kind of threat. Did I miss anything, or is that how
    >it is?


    Do you read? http://en.wikipedia.org/wiki/Rootkit

    Or would you rather a PayPal account be set up for you.

    Of course you didn't run this Gmer program from your OS, use a USB
    boot drive or BOOT CD, the HP program SP27213.exe can create a
    bootable USB pen drive, freebies.
    --

    Wilt Chamberlain and Andre the Giant -- holding up Arnold Schwarzenegger (on the set of Conan).
    http://theselvedgeyard.files.wordpress.com/2009/07/andreconanwilt.jpg
     
    , Aug 1, 2009
    #17
  18. Re: GMER reports meaning (Was: Re: Unknown folder)

    From: "Wolf K" <>

    | David H. Lipman wrote:
    >> From: "Spriva" <>


    [...]|| How do you use it? I downloaded it and ran a full scan. It filled the
    >> | scan window with hundreds of paths/filenames, but nothing seemed to be
    >> | highlighted as any kind of threat. Did I miss anything, or is that how
    >> | it is?



    >> Most threats would be in Red. Others listings are more subtle to recognize. Limit
    >> them
    >> by closing as much running software as possible.
    >> Read the Gmer example pages for hints.



    | I've installed Ubuntu, along with XP and Win7. GMER listed only MBR
    | sectors, some were marked "rootkit like behaviour". I suspect GMER is
    | picking up grub's replacement of the Windows MBR. I don't see any
    | evidence of bad behaviour in Windows, so I don't think GMER's warnings
    | are serious. Is this a reasonable inference?

    | TIA
    | wolf k.

    Yes. A second opionion on the LOG wouldn't hurt.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Aug 1, 2009
    #18
  19. Iapetus

    1PW Guest

    Re: GMER reports meaning (Was: Re: Unknown folder)

    Wolf K wrote:
    > David H. Lipman wrote:
    >> From: "Spriva" <>
    >>

    > [...]| How do you use it? I downloaded it and ran a full scan. It filled
    > the
    >> | scan window with hundreds of paths/filenames, but nothing seemed to be
    >> | highlighted as any kind of threat. Did I miss anything, or is that how
    >> | it is?
    >>
    >>
    >> Most threats would be in Red. Others listings are more subtle to
    >> recognize. Limit them by closing as much running software as possible.
    >> Read the Gmer example pages for hints.
    >>

    >
    > I've installed Ubuntu, along with XP and Win7. GMER listed only MBR
    > sectors, some were marked "rootkit like behaviour". I suspect GMER is
    > picking up grub's replacement of the Windows MBR. I don't see any
    > evidence of bad behaviour in Windows, so I don't think GMER's warnings
    > are serious. Is this a reasonable inference?
    >
    > TIA
    > wolf k.


    Hello Wolf & Dave:

    The most recent GMER (1.0.15.15011), when run on my (GRUB) dual-boot
    RHEL5/XP Pro SP3 x86 32bit system, fails to show any comments like
    "rootkit like behaviour".

    However, this might best be described as comparing apples to oranges
    and could be inconclusive without further and much closer like
    comparisons.

    HTH

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
     
    1PW, Aug 1, 2009
    #19
  20. Re: GMER reports meaning (Was: Re: Unknown folder)

    From: "1PW" <>


    | Hello Wolf & Dave:

    | The most recent GMER (1.0.15.15011), when run on my (GRUB) dual-boot
    | RHEL5/XP Pro SP3 x86 32bit system, fails to show any comments like
    | "rootkit like behaviour".

    | However, this might best be described as comparing apples to oranges
    | and could be inconclusive without further and much closer like
    | comparisons.

    | HTH

    | Pete
    | --
    | 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

    Gmer has to run from within the possibly affected OS.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Aug 1, 2009
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest
    Replies:
    55
    Views:
    1,630
    Guest
    Apr 15, 2004
  2. Paul - xxx
    Replies:
    2
    Views:
    632
    Monsignor Larville Jones MD
    Aug 20, 2003
  3. Gary Rose

    XP Q uests: Cookies Folder? Pop-Up Ads Folder ?

    Gary Rose, Oct 15, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    437
    Gary Rose
    Oct 15, 2003
  4. Tommy T

    Folder options - Like current folder

    Tommy T, Apr 10, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    551
    Tommy T
    Apr 10, 2004
  5. %monkey%

    Unknown Folder in "My Computer"?

    %monkey%, Sep 18, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    2,511
    %monkey%
    Sep 19, 2004
Loading...

Share This Page