SOLVED suspicious executables - folder_name.exe

[yky]

I found some strange executables (.exe) in several folders. Let's say, if folder E contains four folders (A, B, C, D), there would be four executables (A.exe, B.exe, C.exe, D.exe, for example, folder: car photo, .exe: car photo.exe) in the folder E. The size of the .exe is always 46,620 bytes. If I double-click one of the .exe files, a cmd window would come up for a split of a second before going away. It seems nothing else has happened (cannot be sure if some viruses, spywares, trojans have been download, though anti-virus program doesn't flag anything).

I scan the folder with AVG, Avast, Malwarebytes. They found nothing. However, the same .exe files on a network drive are reported by AVG as containing Luhe.Fiha.A virus (only those on network drive; the same files on the local drive are not flagged by AVG; the files on the local drive are actually backup of those on the network drive, hence, the original (on the network drive) and backup (on the local drive) are identical; yet AVG only flags those on the network drive).

Has anyone seen such a thing?

Windows 7 Ultimate
Windows 7 Home Premium SP1

 

[TrainableMan]

Have not seen it but I agree it definitely sounds bad.

There are a couple of things I suggest.

The first is to create a Windows Defender Offline CD (on another virus-free computer) and then boot this computer with it and have it run a virus scan.

Second, download TDSSKiller and RKill from our Freeware DB. If you do not have an anti-virus that will run in safe mode then download, install, and allow to update Malwarebytes Anti-Malware (MBAM). Then reboot your system into safe mode without networking (Reboot and, when it says "Starting Windows," Press F8; If you get a message asking continue in safe mode or perform a system restore, choose continue in safe mode). Now run TDSSKiller and after that run RKill and after that run a full virus scan. The first two will take maybe 5 minutes each but a full virus scan can take anywhere from 30 minutes to several hours depending on your hard drive size and number of files.

Booting in safe mode makes sure only minimal services/programs are started. TDSSKiller is designed specifically to look for rootkits. RKill is designed to stop the stealthing programs that hide/protect/regenerate some nasty viruses. Running these first will help ensure your A/V has the absolute best chance of cleaning up infected files.

 

[yky]

Thank you for your reply.

I have downloaded rkill and TDSSKiller but haven't got time to run them. Shall do it in the coming week.

 

[yky]

rkill and TDSSKiller did not find anything wrong. I deleted those files anyhow.

 

[TrainableMan]

Sounds like a good idea but I would still watch your system closely.

Have you run msconfig to make sure no unusual programs are in your startup?

 

[yky]

No. But I'll try. Thank you.

 

[TrainableMan]

If you run MSCONFIG.exe and look in the startup tab you will see the programs that run at start.

You can also look at the services tab and check the box in the corner to hide Microsoft services. All the other services would be your printer, anti-virus, etc.

You can always run a search for any you don't recognize or post them here.

 

[yky]

I did not find any suspicious program. I think some programs just don't show up in the start-up window.

 

[TrainableMan]

Hopefully you are virus-free; just monitor your system for odd behavior, strange files, and unusual BSODs or freezes.