Strange Folders In Documents And Settings

P

Pegleg

The following folders and files have shown up in my Documents & Settings
Folder under the Application Data Folder:

Folder: Upload Bleh Drive Regs
File: hide delete.exe

Folder: Win Genuine Advantage
File: data.dat

I have run Pest Patrol/Trend Micro & MS Anti Spyware with no negative
results.

I'm suspecting some kind of Virus/Trojan but have found nothing on the
net.

Any help greatly appreciated!



U.S. Navy Retired
Support Our Troops,
Question The Policy!

All great things are simple, and many can be expressed in single words:
freedom, justice, honor, duty, mercy, hope.
Sir Winston Churchill
 
W

Wesley Vogel

These look suspicious.

Folder: Upload Bleh Drive Regs
File: hide delete.exe

Right click hide delete.exe | Properties | Version tab

There should be a description on both General and Version tabs.

This info is part of the file and not all files have real good info.
Especially if it is spyware or a virus. Or whoever put it together was lazy
or secretive.

Version tab.

Click a category on the left to display the information on the right.

Other version information
Item Name:
Company
File Version
Internal Name
Language
Original File Name
Product Name
Product Version

Sometimes, if someone was really industrious, there is info under the
Summary tab also.
-----

Legitimate folders...

C:\Documents and Settings\All Users\Application Data\Windows Genuine
Advantage\data
or
%allusersprofile%Application Data\Windows Genuine Advantage\data

The Windows Genuine Advantage
http://www.microsoft.com/genuine/downloads/whyValidate.aspx

Genuine Windows FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
P

Pegleg

These look suspicious.

Folder: Upload Bleh Drive Regs
File: hide delete.exe

Right click hide delete.exe | Properties | Version tab

There should be a description on both General and Version tabs.

This info is part of the file and not all files have real good info.
Especially if it is spyware or a virus. Or whoever put it together was lazy
or secretive.

Version tab.

Click a category on the left to display the information on the right.
Click to expand...

Thanks for your response...right clicking and selecting properties shows
only the following tabs:

General/Compatibility/Virus properties/Summary.
No Version Tab is displayed.
General tab shows file size/created date/ modified date and accessed
date.
All compatibility boxes are unchecked.
Virus Scans shows no virus detected.
Summary blocks are all empty.

Also another questionable folder is :
Documents &Settings/All Users/ Application Data/shimbitsinsideerror
which contains one file: Active mess flap

Doing a right click/properties results in the same results as those
sited above for Upload Bleh Drive regs.

Neither these folders or the files in them can be deleted.

Once again, any help appreciated.

Regards,
Brian

U.S. Navy Retired
Support Our Troops,
Question The Policy!

All great things are simple, and many can be expressed in single words:
freedom, justice, honor, duty, mercy, hope.
Sir Winston Churchill
 
W

Wesley Vogel

Brian,
No Version Tab is displayed.
Click to expand...

A 16-bit program does not have a Version tab in this dialog box. So, hide
delete.exe
is a 16-bit program, a.k.a MS-DOS program. Probably some sort of malware.

All Users\Application Data\shimbitsinsideerror\Active mess flap

shimbitsinsideerror\Active mess flap are probably some sort of malware also.

What error message do you get when you try to delete?

Try rebooting into Dafe Mode and deleting.

To start the computer in safe mode
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
P

Pegleg

Brian,


A 16-bit program does not have a Version tab in this dialog box. So, hide
delete.exe
is a 16-bit program, a.k.a MS-DOS program. Probably some sort of malware.

All Users\Application Data\shimbitsinsideerror\Active mess flap

shimbitsinsideerror\Active mess flap are probably some sort of malware also.

What error message do you get when you try to delete?

Try rebooting into Dafe Mode and deleting.

To start the computer in safe mode
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
Click to expand...

Thanks WES...was able to delete the folders/files in question from Safe
Mode. Interesting also, it appears one of those files was preventing
Spy Bot Search & Destroy from running...prior to deleting them SBS&D
would not run from a shortcut/the task bar/programs or windows explorer.

Am surprised that Pest Patrol/Trend Micro PC-cillin Internet Security
and Microsoft Anti Spyware all failed to recognize these files.

Thanks very much for your assistance!

Regards,
Brian

U.S. Navy Retired
Support Our Troops,
Question The Policy!

All great things are simple, and many can be expressed in single words:
freedom, justice, honor, duty, mercy, hope.
Sir Winston Churchill
 
W

Wesley Vogel

Brian,

Glad you got rid of 'em. Keep having fun. ;-)

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Long Shutdown Time With Win XP (SP2) Home. 7
Is It Best To Partion A HD For XP Home? 8
mspeupx.exe 5
Hot To Check For boot Sector Virus? 1
Strange Folder Action 3
.NET Framework 1.1 & 2.0 6
Can't find winipcfg! 6
Removing Internet Explorer 4

Top