[scarlet.rose]

Hello,

 

Recently I have started to see "New folder" always running under Applications / Task Manager that I have never seen before.....but I cannot see any untoward processes running (please see attachments).

 

I use Avast Free and have just run Malwarebytes - zero threats were detected.

 

What is this please?

 

UPDATE

 

I've just clicked on 'Go To Process' - it goes to explorer.exe?

Edited by scarlet.rose, 22 May 2016 - 01:53 PM.

[Advertisements]

Hi Scarlet,
I suggest you to try Comodo KillSwitch, which is part of Comodo Cleaning Essentials. You can download it from HERE. Be sure to download the right version for your PC (32-bit or 64-bit).

[MystiqueWolf]

Hi Scarlet,
I suggest you to try Comodo KillSwitch, which is part of Comodo Cleaning Essentials. You can download it from HERE. Be sure to download the right version for your PC (32-bit or 64-bit).

[scarlet.rose]

Thank you very much for helping me GeekU Freshman. Very impressed with Comodo Cleaning Essentials.

 

No issues were picked up.

 

All processes showed as being safe......the "New Folder" (which I discovered links to Process explorer.exe) still shows under Applications in Task Manager but does not under Applications in KillSwitch (please see attached screenshot)?

 

[MystiqueWolf]

Hi Scarlet,

• Open Comodo KillSwitch (not CCE), make sure you are logged in with the admin account when you are running it.
• Click options -> tick "Scan for Hidden Services" and "Scan for hidden processes".
• Click on "View" -> tick "Show only untrusted processes"
• Wait for it to analyze every process
• When it's ready, click on "KillSwitch" -> "Save"
• Upload the COMODO KillSwitch.csv file here.

[scarlet.rose]

Hi MystiqueWolf,

 

I've tried several times to attach the COMODO KillSwitch.csv file you wanted:

 

"Error You aren't permitted to upload this kind of file"

 

Under KillSwitch 'Options' (or any of the other drop down lists) I couldn't see 'Scan for hidden services' or 'Scan for hidden processes'.

 

When I click on 'Show only unsafe processes' only one process shows as 'Unknown' - LexBceS.exe but this is definitely linked to my Lexmark printer.

 

[MystiqueWolf]

There is a difference between the version integrated into Comodo Firewall and the one on the website, this is why you might not get these options.

Please upload the COMODO KillSwitch.csv file to a file sharing website like FileDropper or SendSpace and post the download link to the file.

Edited by MystiqueWolf, 25 May 2016 - 04:44 PM.

[MystiqueWolf]

Was that "New folder" visible in Task Manager at the time you checked your processes with KillSwitch?

[scarlet.rose]

Thank you for the information.

 

Here is the COMODO KillSwitch.csv file:

 

https://www.sendspace.com/file/4k0va3

 

Yes, the "New folder" was visible in Task Manager at the time I checked the processes with KillSwitch - please see the  Comodo KillSwitch.bmp I attached above, I captured both.

 

Same with Process Explorer and Process Hacker - none of them pick it up, but it shows in Task Manager all the time.

 

I am wondering whether it is an error?

 

I ran a Comodo Cleaning Essentials scan......at the end my computer was restarted to check for 'hidden services' - no threats were found other than an amber coded one near the beginning:

 

"Abnormal System Settings

Modified hosts"

Repair option was given

 

I also ran a HitmanPro scan......no threats were found again other than one 'trace':

 

"Hosts file is compromised.

Hosts file contains byte order mark (BOM) obfuscation"

 

I clicked on repair >>>

"Preparing malicious software removal tool

Malicious software removed"

 

I carried out a second Comodo Cleaning Essentials scan.

 

The "Abnormal System Settings

Modified hosts" didn't show.

Edited by scarlet.rose, 25 May 2016 - 05:58 PM.

[scarlet.rose]

Update to my new post above.....

 

I'm wondering if CryptoPrevent made helpful changes to the hosts file (just been reading about the hosts file, knew nothing about it).

 

Might have been coincidental but after I downloaded CryptoPrevent anti ransomeware I couldn't install anything automatically (Flash Player included), which had never happened before - after investigation I found this:

 

"This file came from another computer and might be blocked to help protect this computer"

 

Have to go to 'Properties' and unblock each download now.

[MystiqueWolf]

I can't see any strange processes on the PC, it's not a big problem if CCE fixed your hosts file, there are many programs that may have changed it and actually the fixes that were runned on it might be useful. I can't tell you if CryptoPrevent has changed the options for blocked files, they are changed through Group Policy. If you have many files that you need to unblock you can use the SysTools Unblocker tool, which you can download from HERE. If you think that you might have malware on the PC, you might want to create a new topic in the Virus, Spyware, Malware Removal forum and post your logs from HERE inside it, as I am still in training. If you do this, give a link to this topic there. However, I don't think this is necessary for now as I can't see anything strange except the "New Folder" thing, which I believe is just an instance of explorer.exe (Windows Explorer).

• I would like to take a look at your autoruns:

• Open AutoRuns.exe from the unzipped CCE folder
• Click on "View" -> "Hide trusted entries".
• The program will scan for all autoruns on your PC, after that it will begin analyzing them.
• Wait till only the Untrusted ones are left in the list.
• Click on "File" -> "Save"
• Upload the "AutoRunsData.ard" file to SendSpace and post the link here.

[scarlet.rose]

Thank you for checking my scans / computer - your help is much appreciated.

 

The 'New folder' application / process is odd, I've had this computer a long time and have never seen it before......did make me wonder, but you can't see anything strange on the PC and the malware scans I have run haven't showed anything other than the hosts file issue, which I repaired so I don't think it necessary to test further for malware either.

 

Here is the file you require along with a 'Hidden Processes' scan result - I used Process Hacker (none were found).

 

In case you're unfamiliar with it, please note that the highlighted 'unlocker exe' is a file deletion package that I once downloaded and used.

 

https://www.sendspace.com/file/kuuygt

 

Edited by scarlet.rose, 26 May 2016 - 11:26 AM.

[MystiqueWolf]

Do you really need the Yahoo toolbar?

[scarlet.rose]

I no longer use Yahoo Toolbar. I use Yahoo Mail though (access through a bookmark) and sometimes Yahoo Messenger.

 

What made you ask, is there a problem with it?

Edited by scarlet.rose, 26 May 2016 - 03:02 PM.

[MystiqueWolf]

Best Answer

No, it's ok. I can't see a problem with your PC.

[scarlet.rose]

Pleased to hear that.......thank you.

 

If I remember rightly I did try to remove Yahoo Toolbar but couldn't.