new virus not discovered by anti virus software

[liambarr]

I discovered some strange folders on my computer. When I deleted them they reappeared with random names.
2 folders in each hard drive
c: and d:
one in windows/temp called Db007C and this is the ONLY one that keeps its name.
2 in windows/users
again with random names
these users have full admin user access
when I delete them they reappear under different names
so I went in and edited their access as users and blocked them
new ones appear again with full USER ADMIN access

I tried every possible online scanner software and installed a lot anti virus software and the ONLY anti Virus to FIND them was Tencent PC manager and it deletes the 2 folders in D: drive but they reappear within 2 minutes
One time I had difficulty deleting a folder and used FileASSASSIN
It said file is being used by another program and stated
pid 4 using port 80
I have attached 2 of the files here
some claim to be .jpg
The following error occurred
The uploaded file was not an image as expected.

learned_jackson_enterprise_city.jpg

when I tried to upload this file I got this message.

anyone have any ideas?

 

[Norton]

I don't think anyone will click on the unknown files. It would help if you list the scanners you have tried. On line scanners will say they found malware, they are in the business of selling software.

 

[davehc]

Run Malwarebytes. Free. If anything can find it, that can!

https://www.malwarebytes.com/mwb-download/

 

[Tim Locke]

I think I'd want a rootkit scanner ( I think MalwareBytes has one available) loaded from a USB stick that was produced on another PC.

 

[liambarr]

I have malware anti malware installed.
I have malware anti exploit installed.
I have baidu anti virus installed.
I did an online scanner with EVERY online scanner I could find.
ESET, PANDA Kaspersky etc and NONE found anything except Tencent.
the dangerous files are the random USER files that install with strange names
Baidu has a SANDBOX in tools
when I tried to add, drag or copy ANY of these files there I got the windows blue screen of death.
the attached images show the strange users
when I delete them or change USER permission a new one appears

 

[liambarr]

when I run Tencent PC Manager this is what I get
It will deletes these 2 folders but the folders reappear within 2 minutes under new names

 

[Norton]

You mention delete the files. Have you attempted to uninstall "Ashampoo and Baidu antivirus?
Control Panel > Programs and Features.
I would uninstall everything I see in the screen shot with the exception of Ad Blocker, System and Network repair. Create a restore point first. You can always install the programs individually if you fell the need.

 

[liambarr]

I have been using Baidu anti virus for more than 1 year and these strange files have only appeared within the last week. Baidu has a sandbox in their tools. I tried to put some of these files there and every time my computer crashed with the blue screen of death. I even created a new folder on my desktop and copied these files there. No Problem. but as soon as I tried to add any to the sandbox, even copies my computer crashed. So it has built in protection to stop the files being added to a sandbox.
I already uninstalled a lot of virus checkers etc.and other programs one by one and these folders keep appearing.
I even disconnected from the internet and deleted these files and they reappear under new names within 2 minutes.
I plugged in an external drive to copy programs from my hard drive and within 2 minutes, 2 new folders appear on the external drive. I am using an ssd drive and hard drive and both drive have 2 strange folders as does the windows/users folder. 1 is there and 1 is hidden.
the worry is that they can install users with full admin access. If I delete them they reappear. If I edit them and deny them access then new files appear with new names and full admin access.
I googled 'online anti virus software' and I manually installed the first 10 or 12 programs, 1 at a time
and none found these files. So it is something that must be new to the anti virus world. I don't believe that I will be the only computer targeted
I saw Tencent PC Manager and downloaded it and it found these files and deleted them but they reappeared. I then tried to contact Tencent but they are Chinese and their website https://guanjia.qq.com/main.html
is also in Chinese with no way of contacting them.
If I cannot solve this problem then I may be forced to do a clean install of win 10.

 

[Norton]

Sounds like you have many problems to deal with. Backup your important data and do a clean install, when asked if you want to keep files and data select "Keep nothing"

 

[Tim Locke]

I would go all out on the clean install. USING A 2ND MACHINE get the media and Rufus it onto a new USB stick and set the write lock on.
I might even get a Linux distro and do a full install of that first with all the partitions Ext4 Then Windows will have no choice but to completely reformat the disc...in fact all the disks need reformatting

 

[Tim Locke]

Sounds like you have many problems to deal with. Backup your important data and do a clean install, when asked if you want to keep files and data select "Keep nothing"

Norton I bet you a $ that if you back up the important data it will immediately reappear on the fresh install. This virus will quietly go with it. It would not surprise me if formatting a new USB drive would not get the virus on there. In fact from the post about an external drive I'd be sure it would.

 

[Norton]

Tim I agree However I would scan My Documents with Malwarebytes... before backing up.
The OP calls them strange files? Those strange files are most likely not malware as nothing is flagging them as such. They could be bloatware, from what looks like numerous malware and tracking program downloads. The poster did mention that they tried every on-line malware program, the million dollar question is, downloaded from where?
Then I see Baidu Anti virus, not a wise move using a Chinese antivirus program.
The screen shots is what comes with Baidu, nothing but bloatware.

PC Mag Review of Baidu Anti virus.
http://www.pcmag.com/article2/0,2817,2430255,00.asp

 

[Trouble]

2 in windows/users

Looks to me like you've include an image of C:\Users (which is what I assume you meant, as I don't seem to have a "windows/users" folder)
AND
It sure looks like you have more than just two problem entries there.
I see the ones I would expect
All Users
Default
Default Users
Liam (which I assume is you)
Public

But then I see several that appear to be randomly generated and that is definitely not a good thing.
I'd definitely go with the clean install after backing up all your critical data as mentioned above
AND
Then I'd be very careful about what I recovered from that backup because as Tim points out above, that backup could very well include the malicious files at the root of the problem.

 

[liambarr]

Tim I agree However I would scan My Documents with Malwarebytes... before backing up.
The OP calls them strange files? Those strange files are most likely not malware as nothing is flagging them as such. They could be bloatware, from what looks like numerous malware and tracking program downloads. The poster did mention that they tried every on-line malware program, the million dollar question is, downloaded from where?
Then I see Baidu Anti virus, not a wise move using a Chinese antivirus program.
The screen shots is what comes with Baidu, nothing but bloatware.

PC Mag Review of Baidu Anti virus.
http://www.pcmag.com/article2/0,2817,2430255,00.asp

 

[liambarr]

The poster did mention that they tried every on-line malware program, the million dollar question is, downloaded from where?
FROM GOOGLE SEARCH in order as they appear on Google searching for online virus scan.
1. House Call Trend Micro.
2. Nortons Security.
3. Bit Defender.
4. ESET.
5. Kaspersky.
6. Microsoft Safety Scanner.
7. VirusTotal.
8. AVG.
9. MCAfee Security Scan.
10. F-Secure.
11. Avast.
12 Panda.

I tried ALL of these 1 at a time and they found NOTHING.
I have Malware anti Malware etc installed and it does not find these.
I noticed Tencent PC Manager on Majorgeeks and downloaded it and IT was the first to recognize these folders as malware/ virus.
If I back up my data and do a clean install it may reappear. Within 2 minutes of plugging in an external drive... 2 NEW FOLDERS appear on my external drive. I of which is hidden. Like the other folders these have ADMIN access to the computer.

In Fact in C: the files there are registered as
1. Administrators
2. Authenticated Users.
both with FULL admin access.

 

[liambarr]

Looks to me like you've include an image of C:\Users (which is what I assume you meant, as I don't seem to have a "windows/users" folder)
AND
It sure looks like you have more than just two problem entries there.
I see the ones I would expect
All Users
Default
Default Users
Liam (which I assume is you)
Public

But then I see several that appear to be randomly generated and that is definitely not a good thing.
I'd definitely go with the clean install after backing up all your critical data as mentioned above
AND
Then I'd be very careful about what I recovered from that backup because as Tim points out above, that backup could very well include the malicious files at the root of the problem.

Yes it is the users directory I was referring to. I was also referring to the windows/temp directory which as house a folder.
The fact that these folders can be generated as USERS with FULL Admin access is troubling.
If I delete them they appear as new folders with new names.
If I keep them and deny them access as Admin users then they generate new folders with full admin access.
in fact in c: they are down as
1. Administrators
2. Authenticated Users.
both with FULL admin access.

 

[Grizzly]

If I back up my data and do a clean install it may reappear. Within 2 minutes of plugging in an external drive... 2 NEW FOLDERS appear on my external drive. I of which is hidden. Like the other folders these have ADMIN access to the computer.

Maybe you should scan your external drive instead, just a suggestion. BTW: if Malwarebytes does not find anything there is no virus. I am thinking more like bloatware as already mentioned, I am suspecting that Baidu.
Have you seen this review?
http://www.pcmag.com/article2/0,2817,2430255,00.asp

 

[liambarr]

Tim I agree However I would scan My Documents with Malwarebytes... before backing up.
The OP calls them strange files? Those strange files are most likely not malware as nothing is flagging them as such. They could be bloatware, from what looks like numerous malware and tracking program downloads. The poster did mention that they tried every on-line malware program, the million dollar question is, downloaded from where?
Then I see Baidu Anti virus, not a wise move using a Chinese antivirus program.
The screen shots is what comes with Baidu, nothing but bloatware.

PC Mag Review of Baidu Anti virus.
http://www.pcmag.com/article2/0,2817,2430255,00.asp

what is BLOATWARE?
I understand Bloatware was a word used to describe the ever increasing size of Microsoft software like Windows and Microsoft Office. I would be happy with BLOATWARE
this software on my computer is MALICIOUS and wants full ADMIN ACCESS so it is either MALWARE/ Virus or PUP certainly not BLOATWARE

 

[liambarr]

Maybe you should scan your external drive instead, just a suggestion. BTW: if Malwarebytes does not find anything there is no virus. I am thinking more like bloatware as already mentioned, I am suspecting that Baidu.
Have you seen this review?
http://www.pcmag.com/article2/0,2817,2430255,00.asp

I had my external drive put away and only decided to use it to copy important files from my c: and d? drives after I saw these folders on my computer.. Within 2 minutes of plugging it in I saw the 2 new folders being installed on it. The external drive is not the problem. The problem is folders being installed in c: d: users, windows/temp etc and the folders being granted FULL ADMIN ACCESS to my computer.

 

[Grizzly]

Just FYI (for your information): SYSTEM and Administrators always have full access to everything.