UnIdentifiable folder and contents.

Discussion in 'malware problems & news' started by KansasMan, Nov 9, 2005.

Thread Status:
Not open for further replies.
  1. KansasMan

    KansasMan Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    3
    I have a folder in my C drive under Program files named:

    qtrsrwsr and in this folder are unidentifiable contents.

    bEQCEgRM
    bEQCEgRM.dll
    cnml
    dfs
    MRgECQEb
    Nh4FDwIR
    obj
    profile
    RIwDF4hN
    RIwDF4hN.dll
    url8
    url9

    there they are listed as seen in my folder... I cannot delete them or do anything else with them.. what do you suggest I do.. I do know that if I dont hit ctrl+alt+delete and close them in my programs that are currently running that pop-ups become a severe problem.. please help me.
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Have u scanned your system and that folder in paticular with any AV program?

    Can u give us a description of the popups u are getting?


    snowbound
     
  3. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    Get FileAlyzer and see what you can find out about those files. Make a Zip file of the unknown folder and contents; if some applications/processes stop functioning just unzip and restore the folder.
     
  4. KansasMan

    KansasMan Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    3
    I have downloaded Kerio personal Firewall 4 to monitor my computers traffic on the net. I repeatedly get messages from it telling me that the contents in that folder were trying to access the internet and the warning prompt message says "Intrusion Attempt Blocked" So Im thinking its some kind of spyware or worm.. Worm just because of its unique name which they all have a few similarities to other worm names. still downloading other programs to assess the problem including the ones you have suggested.
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You can use Unlocker to delete them. You may want to do some online scans with the one's in my signature.:)
     
  6. KansasMan

    KansasMan Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    3
    Tried the unlocker... didnt work... Whoever made these worms.. I am assuming thats what they are.. really encrypted them big time.. I get an error with the unlocker program saying it doesnt have the power to do what it needs to do... I have submitted my "worms" to Spyware on pctools.com.. Hopefully they can find a solution to my deletion problem.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  8. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Start your pc up in safe mode then you will be able to delete them.
     
  9. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    hi

    this looks like its apropos rootkit, wilders no longer does hijackthis logs, but see this post by LWM:
    https://www.wilderssecurity.com/showthread.php?t=42148
    please see this page: http://www.tomcoyote.org/hjt/
    then proceed to post your hijackthis log here using the add reply button ;)
     
  10. controler

    controler Guest

Thread Status:
Not open for further replies.