I am in the process of consolidating all my files onto one external hard drive. During the transfer process, Avast found multiple sources of Win32:Mutama, VBS:Malware-Gen, Win32:VB-UBR, and a few autorun-gen@bhv. All instances were found and alerted ONLY during the transfer of files from one drive to another using a file sync program (Superflexible). Direct scans of any and all drives using Avast and MBAM are always negative for any malware (MBAM found one PDFcreator adware in Temp file). Scans of flash drives and external drives are negative.
Whenever I plug in a camera, flash drive, or external drive, a new folder autogenerates in the DCIM folder (or other) on the external drive. The folder is named after an old folder I created called “My Docs_DellD Backup”. The folder is empty and cannot be deleted as error messages report the file is under use. Even after I format the camera internal memory or drive, the “My Docs_DellD Backup” folder recreates immediately after I plug it in my computer USB port. All direct scans of the folder are negative.
This problem began after accessing files dumped from an external flash drive and transferring those files between other external drives. My computer is also running a bit sluggish, esp boot up.
It appears on every drive I plug into my computer USB. For example, if I format the drive on my Sony Camcorder, then connect it to the computer via usb, the “My Docs-DellD Backup” autocreates immediately. If I check the properties of that folder, it was created exactly when I first plugged it into the computer after the format. However, it remains on the drive after I unplug it. This happens no matter what kind of drive I plug in: flash, camera, SD, external hard drive, etc.
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
It doesn’t appear on F:\ but does on other media and still can’t be deleted. I over a TB of data on that drive, but a search for the folder was negative.
As an interim measure you could run Panda Vaccinate on all cards and sticks … This will place a blocker on the autorun functions after removing any bad ones
Tried that. Doesn’t seem to work. I’ve narrowed down 2 folders (both empty) on my laptop C:/ drive that also cannot be deleted, possibly where the suspect program is located. Now all drives have the undeletable folders.
You will need to have the drives plugged in for the duration of this run
Please downloadThe Avenger by Swandog46 to your Desktop.
[*]Right click on the Avenger.zip folder and select “Extract All…”
[*] Follow the prompts and extract the avenger folder to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:
Folders to delete:
C:\Users\Deft\Documents\DellD FIles to Backup
E:\My Docs_ DellD Backup
F:\My Docs_ DellD Backup
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Now, open the avenger folder and start The Avenger program by clicking on its icon.
[*] You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
[*] Click on Execute
[*] Answer “Yes” twice when prompted.
The Avenger will automatically do the following:
[*]It will Restart your computer. ( In cases where the code to execute contains “Drivers to Delete”, The Avenger will actually restart your system twice.)
[*]On reboot, it will briefly open a black command window on your desktop, this is normal.
[*]After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
[*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply.