Something is writing dll and exe files to random directories. Help?

[gmcbee]

Running XP SP3 with all updates. McAfee is also running.

For the last few weeks, after I unzip or unrar a downloaded file (from here or the sister forum, PS) I've noticed random dll (occasionally exe) files being written to the directory I use to unpack the file. Doesn't matter if it's my C, D, E, F, or G drives, or a USB flashdrive. File compares show the files identical to my Win OS files.

I've tried scanning the .rar and .zip files before I unpack them with malwarebytes, mcafee, iobit malware fighter, and super anti spyware, and no problems are ever found.

The system is cleaned regularly with Advanced System Care and ccleaner, scanned regularly with mcafee and malwarebytes, and defragged when ASC shows it needs it.

When I see these dll or exe files, I delete and shred them (Eraser 5.86), and I don't have any viral symptoms or performance problems. I've used a couple online sites to check ports, and can't find any problems there either.

This is driving me batty. Any ideas where these files are coming from? Thanks much in advance!

[NIN]

Do you think they could be the so called 'Download Managers' from hosts such as Filefactory, Uploaded etc ?

I always refuse the option & take the RAR or Zip without these additional .exe files

[gmcbee]

Quote:

Originally Posted by NIN

Do you think they could be the so called 'Download Managers' from hosts such as Filefactory, Uploaded etc ?

I always refuse the option & take the RAR or Zip without these additional .exe files

No. I know it's not those, I always refuse those options and uncheck the boxes also. I never download exes unless I go directly to a software vendors site to get them.

[CARLTON BROWN]

Probably a silly question, but what are the names of these files and have you tried to identify them?

[gmcbee]

Quote:

Originally Posted by CARLTON BROWN

Probably a silly question, but what are the names of these files and have you tried to identify them?

I haven't kept track of the names, but I have done quick google searches and they're valid Win XP OS files. Sometimes there are 1 or 2, sometimes 10 or 15. When I've done file compares, the checksums match my existing OS files, so they don't seem to be malicious.

Could a d/l from r*p*dgator, dep*s*tf*les, upl**ded, k**ptoshare, etc. Be leaving something open when it completes, and someone else scanning for open ports finds it and starts pushing stuff down the pipe? It always happens in whatever disk and directory I was last working in when I unzipped or unrared the file...

[NIN]

Installed any software recently?

[CARLTON BROWN]

Something in your system has obviously altered to cause/allow this.

I'd probably try to do a little more research before attempting any fixes. I'd be surprised if the same thing hasn't been encountered by anyone else. At least this doesn't appear to be causing you any problems. Over the years, I've encountered a number of strange files that have appeared here and there on different MS systems.

Most have turned out to be completely harmless, although I've not always entirely understood their purpose, despite checking with buffs on various technical forums. The only relatively recent bad stuff has been picked up and fixed almost immediately by my AV prog.

[gmcbee]

Nope, no new software. I don't do emoticon packs, or funky cursors or toolbars. I'm really puzzled.

[buttsie]

Its all guess work unless you can replicate the exact same conditions especially given cleaners are involved.

I'd try running 2 programs simply to scan and see what they return

Rkill - which will give you a log as to malware stopped and any issues with windows integrity like missing Dlls that may be missing ie optomising software / cleaners inadvertently removing them

Adw cleaner which will tell you if you have any crapware mucking around with your browser
Just be warned if you go ahead after the scan and run it it does fool around with the browser settings.

Both are on bleeping computer

http://www.bleepingcomputer.com/download/rkill/

http://www.bleepingcomputer.com/download/adwcleaner/

[sweatyhat]

Try a malware/spyware scan. Some antivirus programmes miss the low-level nuisance stuff. I run MalwareBytes every so often. It's free. I've upped it to SendSpace for you here:

http://anonym.to/http://www.sendspace.com/file/ittdpi

You don't need to set up an account or anything. Just go for the updates and run a scan. If you find something, get rid of it and scan again. Carry on until the scans come back negative. I tend to use the Quick Scan function but it sounds to me like you need the Full System Scan.

PS: The file is a .exe. If your computer won't let you download it, let me know and I'll put it in a Zip for you.