Strange "new" folders!

Discussion in 'Application Software' started by RASelkirk, Sep 1, 2016.

  1. RASelkirk

    RASelkirk MDL Senior Member

    Feb 4, 2010
    266
    13
    10
    Hi All,

    I have a multi-partitioned drive and use "D" to store my e-mail and photo folders. I went in on 31 August to drop some new photos and saw 4 folders that were put there on 21 August. This is 4.5 GIG's of data that I did not put there! I'm behind a router and all my 'puters are running ZoneAlarm and Malwarebytes. I cannot remember what I was doing that day, but it assuredly had nothing to do with these folders. I tried one of the movies and it plays good with no suspicious activity noted by the above programs, nor TCPView and ProcessExplorer. I played one of the Mearl tunes and towards the end a voice broke in saying my 'puter has been locked and to call blah, blah, blah. I logged off and on (OK), then did a reboot and that was good too. So far, no abnormal programs running or trying to dial out. I searched my entire system and these are the only abnormalities...

    Even with my 15/1 RoadRunner, this would take over an hour to DL. So, HTF did this crap get laid down on my drive?

    Russ
     

    Attached Files:

  2. Enthousiast

    Enthousiast MDL Tester

    Oct 30, 2009
    47,026
    93,874
    450
    So, you find "suspicious/unknown to you" folders with files in it and you execute/play the files????
     
  3. RASelkirk

    RASelkirk MDL Senior Member

    Feb 4, 2010
    266
    13
    10
    Yup, I have no worries about it. I have daily backups and Malwarebytes has caught anything that's been thrown at it.

    Russ
     
  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,222
    2,272
    240
    That are simply Music and Trailer files, which you (down)loaded and had run somehow on your own!

    You could look under Program and features if they was installed somehow, just it seems that they were come as some adware, if you don't know them. In later, if you install anything, not just hit some button, read each page, and you'll find mention such apps etc. which will be auto-installed if you didn't decline!

    There's also some small freeware apps, called Unchecky, which will warn about such autoinstallation of adware apps! Google for it!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. RASelkirk

    RASelkirk MDL Senior Member

    Feb 4, 2010
    266
    13
    10
    I may be 63, but I still have a mind. I did not DL these files, they just "showed up" and all are dated 21 August. I wouldn't even have a clue where to find them. The movies are actually full-on shows. One is compressed with the new h.265 encoder (mkv), one is an avi and the other is mp4. Two are foreign films with separate subtitle tracks. All the Mearl music is mp3 format and checks out with Media Info. Scanning each file shows no malware. Here's my system layout:

    IP Address User Text

    192.168.1.1 Router WiFi
    192.168.1.2 WIN7-SERVER LAN
    192.168.1.3 DTV Rec'r LAN
    192.168.1.4 Russ-C75D WiFi
    192.168.1.4 HP5530 Printer WiFi
    192.168.1.5 Samsung TV LAN
    192.168.1.6 RUSS-DESKTOP WiFi
    192.168.1.7 Vivent Alarm
    192.168.1.8 Galaxy Note 4 Phone
    192.168.1.9 RUSS-L675 WiFi

    The TV, DTV, and Win7-Server and all LAN-cabled, the rest are wifi. C75D has been disconnected since June, the others are active. Router and wifi have serious passwords. Oh, and I also have WNetWatcher which shows what's connected to my router, it's IP, and when it first connected. Now I'm wondering if DTV or Vivent could have backed into my system...

    Russ
     
  6. Flipp3r

    Flipp3r MDL Expert

    Feb 11, 2009
    1,962
    904
    60
    Does anyone else use your pc? They look like torrent/magnet downloads...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. bphlpt

    bphlpt MDL Junior Member

    Aug 2, 2010
    60
    36
    0
    Those two statements don't jive together. You can't have it both ways unless the malware that made the announcement is somehow hooked to your media player.

    I'm with Enthusiast. Even if you "have no worries about it", IMO you were very foolish to have played the files, regardless if you liked the music/movies or not. I hope it doesn't end up biting you in the butt. I'm about your age, 61, and unless someone else has physical access to your computer and downloaded them, then whatever put them there had to be up to no good. You don't EVER get something for nothing. Good luck!

    Cheers and Regards
     
  8. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,443
    275
    60
    That's called a clue ... you've been invaded. If Malwarebytes didn't find it, you should try other anti malware programs. Several in fact. If none of them can cleanse your system it's time to think more drastic measures: restore point, System Image restore, repair install and etc.

    And ... I'm 70, but I fail to see what that has to do with anything.
     
  9. zen45

    zen45 MDL Addicted

    Feb 25, 2010
    918
    2,393
    30
    sounds like a little ransom ware tried to bite you in the butt but you cut it off before it could complete and you got lucky, or its sitting in the background waiting for you to click something . if you have a backup prior to this happening I would restore it to the earlier date ;)
     
  10. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,222
    2,272
    240
    Somehow, somebody must have (down)loaded that files, on what way ever! If you're the only person with access to that computer: WHO?!

    There simply many way to get such 'apps' or 'adware', or what it ever is! Even if those files are really 'hidden' somehow, some action of the user of that computer 'has hit the button' for to start the loading! Don't get me wrong, I didn't tell you (or who ever)done it knowingly, it's just very easy to missing something reading before hitting the button which starts the 'game'! We all have had sometimes similar problems with our computers! We just have to learn from it to be a bit more carefully and take the time special to read all upcoming pages by installations BEFORE hitting any button!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Michaela Joy

    Michaela Joy MDL Crazy Lady

    Jul 26, 2012
    4,071
    4,651
    150
    @Russ: I don't think that anyone here is questioning your abilities or skillset. The Internet is a creepy place and, if you're not careful, even the best can get snagged by malware. I got snagged by a Silverlight ransom ware Trojan. And I've been programming computers for decades.

    Do you torrent? Because as was said, it looks like you may have picked up malware from a torrent.

    Good luck.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. ofernandofilo

    ofernandofilo MDL Member

    Sep 26, 2015
    237
    140
    10
    #12 ofernandofilo, Sep 2, 2016
    Last edited: Sep 2, 2016
    Russ, you should have just downloaded the file in some way. Several download accelerators support the bittorrent protocol, such as the FreeDownload Manager or even browser extensions as Torrent Tornado for Firefox. You can download torrent from sites, without installing any program, like the BitLet.

    It seems to me it's much more likely that you have installed one of these kind of program or simply clicked unintentionally an ad or link to a site unintentionally.

    As a general rule, files without DRM content or scripts functions are free of infection.

    Infections are related to files with executable code - for example, DRM files, internal scripts in PDF or in some multimedia formats - but as a general rule if your PDF reader does not perform such scripts, or if your media player does not run scripts in files or search for usage licenses on external server (DRM), so your files are completely safe.

    I do not think that you are infected. I just think you have downloaded inadvertently, even using some said program.

    If you are very concerned about security, there is a series of free programs that you can use and get some peace of mind.

    Like: [Avast, AVG, Avira, BitDefender], [AdwCleaner, Junkware Removal Tool], [GMER, TDSSKiller], [MalwareBytes, Spybot]. Use one at time, at least one of each set separate by brackets, each group search for different things.

    cheers
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. RASelkirk

    RASelkirk MDL Senior Member

    Feb 4, 2010
    266
    13
    10
    OK, I'm an idiot. :hug2: Sucks to get old... My son's family came over that day and he loaded those folders for me. I did ask him about the Mearl tunes being jacked and he said he had run a full scan on them and they came up OK. Again, the voice being there means nothing in this case. Apparently, it was appended to a valid music file and (possibly) whoever he got them from was jacked. Problem solved, case closed!

    Thanks!

    Russ
     
  14. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,770
    295
    60

    "I may be 63, but I still have a mind. I did not DL these files, they just "showed up" and all are dated 21 August."

    You should consider the Vatican about this immaculate conception.

    As you simply played one those file, I suggest to wait for ar least one more surprise?

    That thing in front of you, is a computer... NOTHING just turns up on a computer!
    -> That sentence might be a good starting point.


    Go to restore system, and see if there ís a reasonably old (way before 21.8.) restore point and use it.
    If the machine will still let you!
     
  15. RASelkirk

    RASelkirk MDL Senior Member

    Feb 4, 2010
    266
    13
    10
    There is NO problem, other than my (admitted) senility. Thanks for your concern.

    Russ
     
  16. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,443
    275
    60
    [FONT=&quot]Glad you got it sorted out.; apparently you have no problems. But with regards to having others make changes to your system (that are unknown to you) in my neck of the woods we say you “dodged a bullet”. [/FONT]
     
  17. Rainey

    Rainey MDL Novice

    Apr 27, 2011
    25
    3
    0
    The problem seems to be that someone used your computer without your knowing, put questionable file on it, and never told you until weeks later after you thought it was a possible problem.

    But i understand the lack of memory as we get older and not remembering family visit on that day. I remember things i did when i was 8 but can't remember what i did five minutes ago.