[unixnerd]

I'm a software engineer and have a probable malware on my Win 7 32 bit PC.

 

About a month ago I noticed *.scr files were being generated in C:\users\public with names like CockSatisfies.scr, DeepHousewife.scr and other sexual titles. AVG identifies them as a threat and MalwareBytes calls them ransomware.

 

At the time I tried about 8 different malware and anti-virus programs, cleaned any unknown programs and files, cleaned my registry, you name it. Didn't find a cause but the injection seemed to stop. Today it's back and I'm getting half a dozen files an hour being generated in that directory. No other symptoms.

 

If anyone has any ideas I'd be very grateful.

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!



Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!



Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[unixnerd]

I think it's actually coming from a PC only used when my nephew visits, the dates match. I've disabled sharing \users\public and it's not come back. I'll run a scan on his machine......

[zep516]

Hello,

I see that you spent quite a bit a time on this maybe last month at the Malwarebytes forum, quite a bit of scans were run with little results. So that sounds like the culprit.

[zep516]

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe