Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Weird file in my C: drive, virus? (PLEASE answer soon)
New Posts  All Forums:Forum Nav:

Weird file in my C: drive, virus? (PLEASE answer soon)

post #1 of 9
Thread Starter 
Hi, today I was looking through my C: folder when I found a file I hadn't noticed before. It's 40 bytes, has a random string of numbers and letters for the filename, and Windows can't find anything to open it with. It was created about two weeks ago on the Fifteenth, and has this weird icon with a lock next to the default "unknown file" icon. I scanned with with Microsoft Security essentials and nothing came up.
Here's a screenshot of it, file's at the bottom:

Should I delete this or is it a system file?
post #2 of 9
hey ive got something like that on mine, never bothered with it though tongue.gif
my toy :D
(16 items)
 
  
Reply
my toy :D
(16 items)
 
  
Reply
post #3 of 9
No virus could be 40B long. A PE header couldn't even fit in that, let alone any executable code. It's probably some setting that some program saved and will refer back to later, or something that a program is using to say, "Another file is open, and I'm going to check if this file '885E617...' exists to remind me later on."

However, it could be an indicator that you have malware of some sort... It's just too hard to say, as there could be a billion different reasons that the file was created and put there.

Can you open it with Notepad.exe or something?
post #4 of 9
Thread Starter 
Quote:
Originally Posted by The Hundred Gunner View Post

No virus could be 40B long. A PE header couldn't even fit in that, let alone any executable code. It's probably some setting that some program saved and will refer back to later, or something that a program is using to say, "Another file is open, and I'm going to check if this file '885E617...' exists to remind me later on."

However, it could be an indicator that you have malware of some sort... It's just too hard to say, as there could be a billion different reasons that the file was created and put there.

Can you open it with Notepad.exe or something?
Yeah, it just says this:
FBB653A3B3F96623AFC90A58C6FFB15123E914C5
post #5 of 9
Quote:
Originally Posted by KKvantas View Post

Yeah, it just says this:
FBB653A3B3F96623AFC90A58C6FFB15123E914C5

I can't think of what would create that. 40B... that's 320 bits. I don't know of any encryption algorithms that use 320-bit keys, so I don't think it's a key...

Your best bet is going to be to try really, really hard to remember what you were doing around the time it was created a couple of weeks ago smile.gif If you have any system logs that go that far back, it might be helpful to go back to that date and time.

Otherwise, I doubt it's anything to be worried about. I use OSX, and I remember some mysterious files were dropped on / in my filesystem sometime back. It turned out that QuakeLive decided to put some settings there instead of staying confined to its own folder where it should have been.
post #6 of 9
Thread Starter 
Quote:
Originally Posted by The Hundred Gunner View Post

I can't think of what would create that. 40B... that's 320 bits. I don't know of any encryption algorithms that use 320-bit keys, so I don't think it's a key...

Your best bet is going to be to try really, really hard to remember what you were doing around the time it was created a couple of weeks ago smile.gif If you have any system logs that go that far back, it might be helpful to go back to that date and time.

Otherwise, I doubt it's anything to be worried about. I use OSX, and I remember some mysterious files were dropped on / in my filesystem sometime back. It turned out that QuakeLive decided to put some settings there instead of staying confined to its own folder where it should have been.
I hope that's what it is. Does the fact that it's a hidden file change anything?
post #7 of 9
That's impossible to say without knowing where it came from. It could be malware hiding a bit of information, or it could just as easily be a program creating an indicator file and for some reason doesn't make it visible.

If you're suspicious, you should take basic steps such as running a malware scan, checking for open/listening ports, looking for processes that don't seem normal, etc.

For fun, you could try moving (or maybe deleting) the file and see if it does anything.

If you're really into analysis, you might like to download Process Monitor, let it run for a while, and see if any program accesses that file. I don't know if that's practical since Process Monitor captures thousands of events per second. That's would try, but then again I go over the top and have fun with everything malware-related smile.gif
post #8 of 9
Quote:
Originally Posted by KKvantas View Post

Yeah, it just says this:
FBB653A3B3F96623AFC90A58C6FFB15123E914C5


that's just an MD(5?) hashmark from s.th. that was encrypted
post #9 of 9
Quote:
Originally Posted by Joa3d43 View Post

that's just an MD(5?) hashmark from s.th. that was encrypted

You know what, you're probably right. It does look like a hash. I'd say probably SHA1, though, since MD5 produces 32B 16B (32 hex chars = 16B).

But then again, the question is: who took the hash? smile.gif
Edited by The Hundred Gunner - 9/29/13 at 8:08pm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Weird file in my C: drive, virus? (PLEASE answer soon)