Jump to content

Recommended Posts

Hi all,

I'm sorry if this is in the wrong section or whatever - I just made an account here because I'm having a bit of trouble with this problem and I was hoping I could sort it out here. But something weird is happening on my computer. It's probably familiar to some of you, but this is my first encounter with this alleged malware, so if you can help that would be great. :)

It all started on Tuesday when I was browsing the Internet, and then all of the sudden my computer started jerking around a bit. So I checked my task manager (which I normally do when my computer behaves weirdly, in case an unnecessary program is using up a ton of CPU) and came across an unfamiliar program (I can't remember the name of the file, surprisingly... There's been a lot thats happened in-between now and Tuesday...). I tried to end it, but it said access was denied. I then went to the file location and tried to delete it, but instead it said it was in use (obviously, since it was still running in task manager... Also, bear in mind that this was the only file in said folder that I looked in, so it couldn't have been an important file). In a haste to figure out this problem, I quickly attempted to memorise the file location, and restarted the computer in an attempt to end the program.

Upon restarting, the program didn't seem to be running, but I could not determine the location of the file upon much searching. Nevertheless, I ran a full scan using MalwareBytes all the same in case the file was indeed hostile and it would be found on the scanner (I also normally disconnect my Internet whenever something like this happens, in case unwanted data is being transferred, or something else similar) Upon returning to the finished scan the next morning, MalwareBytes found but only two of the same files: stolen.data

Good thing I disconnected the Internet, if this is indeed what I think it is. I had the option to open the file location, so I did so and it was located in a complex directory in a folder called imlgs or some gubbins. Not sure what that exactly is...

But one of the files was 18 KB and the timestamp (the date it was last modified) was earlier the previous day. The other one was 1 KB, and the timestamp was mysteriously the exact time that the scan ended. These files were both found by the scanner and quarantined before removal. Worried that nothing else came up that possibly explained the conjuration of these files, I ran another one that morning. Upon returning to the finished scan when I got home after school, it had the same results. One stolen.data from earlier that day, and one from when the scan ended. Both files, however, were around 1 KB this time.

Still no trace of the host, so I ran one more scan using MalwareBytes. Exact same results, except the second file's timestamp was the exact time that I opened the folder it was in. O.o

Confused and somewhat worried, I ran another scan using the default windows scanner that came with the computer: Microsoft Security Essentials. No results came up, therefore I'm not sure if that's a good thing or a bad thing - like whether the files have stopped showing up and are gone or MSE just doesn't have said "essentials" to find them like MalwareBytes does.

So, in a nutshell, I'm a bit kerfluzzled over the whole thing and I'm not quite sure what to do. I've done everything in my knowledge that I can but it hasn't seemed to have proven much effect, so I'm posting here in the hope that somebody knows what's going on. I still haven't and won't reconnect my Internet in case said "stolen.data" still exists and gets "sent" back to its sender. I'm yet to change various passwords and info (there's been a bit going on recently - plus it's not easy to change personal website passwords on a handheld device...), but I will do ASAP just in case.

But in the meantime, any help is appreciated. Also, if you need any more information (like computer details), please let me know. :)

Additional info: I don't have a credit card or anything as of yet, so that is probably a good thing - unless the sender wants to wipe my videos off YouTube or troll my friends in my forum or something... *rolleyes*

Cheers,

Lachlan Ruhr

Link to post
Share on other sites

Update:

 

I *think* I may have solved the issue, actually...

Turns out that the mysterious program I initially found on Tuesday was still running in camouflage, masked as an "audiogui.exe" file in Task Manager. I found the location and eventually managed to end and delete the file (hopefully), and whilst I was in that directory I also came across the original file I first discovered on Tuesday, so I deleted that as well.

So I ran several quick scans to see what they came up with, and the first one came across three more stolen.data. Two were ordinary files and one was the folder they were in. I quarantined and removed them and then ran two more quick scans that came up with no further results. Hooray!? Is it fixed now?

Task Manager still shows the audiogui.exe file running with the other file's name for some reason, however. Perhaps it is a default file as it keeps on recreating itself every time I restart my computer upon deleting it. Maybe it was just damaged by the malware, hence why it's still named that? I don't know, but if no more stolen.data is showing up, then hopefully that's a good thing. Will run one final full scan tonight to confirm this.

Various passwords have also been changed just in case.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.