Help with removing strange files.

[Leo]

I suddenly have a couple directories with many sub-
directories appear on my hard drive that I am unable to
remove. They contain strange names and the sub
directories contain some names like com9 and lpt3. I
have taken care of the FTP connection to prevent any more
from being created, but I still can not remove the
directories I now have on my drive. I have tried
removing them via CMD using dir /x as well as using wild
cards with the rmdir command and made sure the attributes
were set properly. So far no help. I really want to
clear these files and have tried everything I know short
of formatting and rebuilding. Does anyone know how to
remove these directories with command or even some kind
of utility? Below is an example of one of the
directories I am talking about.

C:\8383~1\ \ \com9\BTFRulez \lpt1\ScanneD \com9\by
\lpt3\Josifly\com3\TaGGeD \aux\by \com1\TWC\com6\ \with
Neo1907's PuB-tAgGeR \com7\uPPed \lpt1\BY \com7
\Schnider\lpt1

 

[Jim Macklin]

They may be legit system files that are normally hidden.
They also could be viruses but I suspect they are legit
system files.

You opened the C:\windows folder and selected to show hidden
system files is my guess. I don't know what those files and
folders are, you can put them into a Google search and see
what you find out. Update your anti-virus and do a scan.


| I suddenly have a couple directories with many sub-
| directories appear on my hard drive that I am unable to
| remove. They contain strange names and the sub
| directories contain some names like com9 and lpt3. I
| have taken care of the FTP connection to prevent any more
| from being created, but I still can not remove the
| directories I now have on my drive. I have tried
| removing them via CMD using dir /x as well as using wild
| cards with the rmdir command and made sure the attributes
| were set properly. So far no help. I really want to
| clear these files and have tried everything I know short
| of formatting and rebuilding. Does anyone know how to
| remove these directories with command or even some kind
| of utility? Below is an example of one of the
| directories I am talking about.
|
| C:\8383~1\ \ \com9\BTFRulez \lpt1\ScanneD \com9\by
| \lpt3\Josifly\com3\TaGGeD \aux\by \com1\TWC\com6\ \with
| Neo1907's PuB-tAgGeR \com7\uPPed \lpt1\BY \com7
| \Schnider\lpt1
|

 

[Leo]

These files are directly off the c drive and are not
legit. I am almost sure I was FTP tagged. I just do not
know how to get rid of these things.

I use Norton antivirus and it is up-to-date and runs full
scans twice a week.

Any other suggestions?

Leo

 

[Sharon F]

The trouble here is that the discovery of these folders is after the fact.
It can be very difficult for an advanced user, impossible for a novice, to
track down what the intruders may have added or altered on the
system. Think root kits, remote access trojans, etc. Their changes may
even mask their activities as "normal" and you would receive no security
alerts.

Without knowing how far they have gone, it may be best to disconnect from
the internet. Do a burn and rebuild (get rid of everything and clean install).
Put a firewall and antivirus program in place and then go online to get your
updates: security updates, current antivirus definitions, etc.

 

[Christopher]

Try installing Ad-Aware 6. It will find ALL the spyware
on your PC and remove them.

Website: http://www.lavasoftusa.com/support/download/

 

[Sharon F]

Try installing Ad-Aware 6. It will find ALL the spyware
on your PC and remove them.

Website: http://www.lavasoftusa.com/support/download/

Normally I would agree that AdAware could remove *most* spyware if present
(not all). But with directory names such as: \BTFRulez, \ScanneD, \TaGGeD
and so on -- I would suspect the shenanigans that created these are more
involved and more serious than your run of the mill spyware. Looks more like
hacking to me. Impossible to guess at what level the compromise was
achieved.