Okay, had some time after work to get a handle on this file. I was
about to load up a USB drive with some mp3s when I noticed this file on
the drive, so I deleted it. After about 15 seconds it came back. I
tested two other USB drives and though they were blank, after a few
seconds this file appeared. I found nothing recognizable under task
manager. I searched for the file, found it and when I tried to delete
it, it refused as it was open in wscript.exe. Stopped that process and
deleted the file. Found the entry under startup in MSconfig where it
started, and uncheck it and rebooted. File came back (it was stored in
the user temp folder). Checked MSconfig again, found that there were
four entries to start it. Unchecked all 4, restarted and success, was
able to clean off all instances of the file, even on the USB drives. At
this point I have no idea what it was doing, if anything, other than
reproducing to USB drives (it didn't touch my harddrives).
Note that virustotal, Trend Micro, Malwarebytes, did not detect the file
as virus or malware.
On 12/1/2015 9:52 AM, Thane Sherrington wrote:
Have you tried uploading to virustotal?
Do you want to open the file in notepad and send the contents?
T
On 01/12/2015 7:36 AM, Steve Tomporowski wrote:
I'm looking for information on this file. This morning, popped a USB
drive (sole owner, but it's been used for a year or so) and this file
was on it. Deleted it and suddenly it came right back. Did the
malware scan it detected something, but that didn't change the
behavior at all. Malwarebytes says I'm clean, but this file keeps
coming back onto this Sandisk drive. Just wondering if I need to do
something drastic here. Searching through Google gives me nothing.
Thanks....Steve
