-1

The following folders appeared on my PC: 2cdocuments23, 2cvalues168, xfiles107, xsettingsettings34.

all in range of 20 minutes. In each of them around 10 files with names such as "TF0Dmp.xlsx", "patchen-advance-sorry-wished.txt", "pages.chinese.population.black". There is no doubt they were not created by me or any of my programs. The virus scan did not found anything. I'm sure there is some suspicous activity going on in my computer, what is your recommendation?

Waiting for you recommendations. Thanks!

Yair
  • 99
  • 1
  • Wipe it and reinstall whatever OS you're using. That really is the only recourse you have if you want to play it safe when something suspicious is going on with your PC, especially when you can't even find the source of it. – n8te Feb 10 '17 at 23:56
  • I cannot reinstall my OS currently, is there any other option? is there anyway that any changes on my computer will require a confirmation from the user side? – Yair Feb 11 '17 at 00:15
  • You haven't mentioned which OS you're using but if it's Windows you could change your User Account Control Settings to the strictest level that asks for confirmation before practically any change to Windows. The strictest setting is called Always Notify. – n8te Feb 11 '17 at 00:27
  • That's not a safeguard against all malicious activity but if nothing else it will mitigate your risks slightly. – n8te Feb 11 '17 at 00:30
  • I'm using windows 10. So only reinstalling my OS is the solution here? I'm sure there's some other way out. – Yair Feb 11 '17 at 02:32
  • 4
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Ramhound Feb 11 '17 at 04:23

1 Answers1

0

Seeing as I can't comment it sounds like you have either downloaded a malicious executable or installer which installed those documents or have a Random Access Trojan. While there exist certain tools or programs designed to help you detect these, I would opt for a more hands-on approach.

Start by looking for any strange processes or services you have running, and perhaps at any resources that are under heavy usage. One thing I would keep in mind is that a skilled eye is needed to detect things that can appear to be Windows related. If you don't have much experience or intuition, I would consult another source. I wouldn't just type in them to Google because sometimes they are said to be viruses but you need them.

Familiarize yourself with the registry, BUT BE ADVISED THAT ANY CHANGES MAY RESULT IN YOUR COMPUTER RENDERING ITSELF USELESS.

Firsthand experience, I thought "cimv2" was version two of a root and I deleted all that and I messed up because I didn't take proper precaution. I would backup and create System Restore points if you don't already have them.

If you would like further explanation, a/o methods if your problem runs deep feel free to PM me.

Abe Shudug
  • 151
  • 7
  • Thanks for you answer. Can you recommend on a particular software? – Yair Feb 11 '17 at 03:05
  • I forget the name I think it is abbreviated as TDSSKiller, also MalwareBytes has a rootkit detection software available if I am not mistaken. I must say that I would not personally take this route. It has the potential to lead to further complications, and it will bar you from understanding the SysInternals which can prove to be quite an asset. – Abe Shudug Feb 11 '17 at 03:18