Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cache Files Won't Defrag - Malware Problem?


  • Please log in to reply

#1
Charles from Tennessee

Charles from Tennessee

    New Member

  • Member
  • Pip
  • 1 posts
My stepdaughter came home from college at Christmas with a laptop that was infected with at least 7 different adware/spyware programs (A.Better.Internet; MyPCSearch.exe; Cool whatevers, etc.; AND at least one visible Keylogger). After vigorous investigation with AdAware, Spybot, Norton, Uninstall, even a step through of the registry with RegEdit, I think I have cleaned them all. The computer is running well.
BUT

When I run defrag I get a list of files that cannot be defragmented. Here is the list of the files:

Fragments File Size Files that cannot be defragmented

5 57 KB \Program Files\Cybws nt\Cache\00005005_4375f740_0000dc68
5 57 KB \Program Files\Cybws nt\Cache\00000860_438e82c7_00055591
5 57 KB \Program Files\Cybws nt\Cache\00005de1_439145e7_000e7470
5 61 KB \Program Files\Cybws nt\Cache\00004a4b_438e4239_000c41d4
5 62 KB \Program Files\Cybws nt\Cache\000015a2_438e39a4_000676b8
6 71 KB \Program Files\Cybws nt\Cache\00003c6d_438e8403_000f2e53
5 73 KB \Program Files\Cybws nt\Cache\00007ada_438d06ab_00049b3b
5 79 KB \Program Files\Cybws nt\Cache\000071f6_438bd318_000b2c88
6 77 KB \Program Files\Cybws nt\Cache\0000253f_438e36cd_000be1f8
6 80 KB \Program Files\Cybws nt\Cache\0000165d_438ffbd8_000a4edc
6 83 KB \Program Files\Cybws nt\Cache\0000422d_4395cc47_000062fc
5 86 KB \Program Files\Cybws nt\Cache\000015e2_438ffc53_000adf13
5 87 KB \Program Files\Cybws nt\Cache\0000288f_4395cf8b_000d1a18
5 104 KB \Program Files\Cybws nt\Cache\00004983_438d0683_000344e0
7 129 KB \Program Files\Cybws nt\Cache\00000c15_43970da2_00094b99
5 133 KB \Program Files\Cybws nt\Cache\00003632_439374d4_000b1500
7 146 KB \Program Files\Cybws nt\Cache\00001949_438f19ed_000c445e
7 148 KB \Program Files\Cybws nt\Cache\00002aea_438e82b9_000a38db
6 169 KB \Program Files\Cybws nt\Cache\0000565a_438e8a92_00013028
7 177 KB \Program Files\Cybws nt\Cache\00007d4b_438e3512_000b7856
8 215 KB \Program Files\Cybws nt\Cache\00000d05_438e851b_000a7be4
8 214 KB \Program Files\Cybws nt\Cache\00006f6a_438e8555_00009a79
9 269 KB \Program Files\Cybws nt\Cache\00006795_438e82e6_000bf993
7 300 KB \Program Files\Cybws nt\Cache\000034b2_4393213f_00009413
10 328 KB \Program Files\Cybws nt\Cache\000041fd_438d06da_00002354
10 328 KB \Program Files\Cybws nt\Cache\00005256_438e84ae_00035a16
9 378 KB \Program Files\Cybws nt\Cache\00004230_4374eef9_00043136

199 816 KB \Program Files\Cybws nt\Cache
25 1 MB \Program Files\Cybws nt\Cache\index
5 74 KB \Program Files\Cybws nt\Cache\dns


All begin with the (apparent) address: \Program Files\Cybws [space] nt\cache

The ones at the end appear to be a directory, a dns address, and an index of the other cache files.
I have searched for these files both manually (via Windows Explorer) and with the Windows Search function. I cannot locate any such files, even will full searches for hidden and system files.

I know just enough of computers to suspect that these are hidden in some way, and are probable caches of user information waiting to be transmitted to the address of the Keylogger or other malware that I removed.

A web search for "Cybws" turned up nothing, the start of the address may be a random selection.

Does anybody have any suggestions on how to uncover these files and delete them? They are apparently not doing any harm (other than taking up a few megs on a 32 gig hard drive) but I would like to get them out.

My worst fear: Could these be artifacts of a rootkit program that is interceptig my directory requests?

Edited by Charles from Tennessee, 24 December 2005 - 10:04 PM.

  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
I only found cybus for cisco routers

Please go here:

Malware Removal Guide

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, ask for advice in the Malware Forum
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP