Trying to Make Sense of Strange Folder in C:\WINDOWS

[Will]

I have a very strange looking folder under my C:\WINDOWS folder, which if it

is not a trojan then it must be some kind of device driver install that went

very bad. I would like help identifying what it might be.

The folder is named:

C:\WINDOWS\EFUZEJYDIXC1AZ4D

and it contains copies of many Windows system files. The contents of this

folder are posted here:

http://pages.uschw.com/usenet/EFUZEJ-folde...er-contents.txt

Of special note is a logfile in that folder whose name and contents are

linked here:

http://pages.uschw.com/usenet/EFUZEJ-folder/sthdae.log

You may want to open that logfile in an editor other than NOTEPAD that can

hand LF only at the end of each line. Word 2003 opened it fine here.

In that logfile I see attempts to add device drivers, that are failing with

various messages about an invalid pin. That almost looks like Bluetooth?

What I find most suspicious about this folder is that it copies over so many

critical Windows system files. Why would any device installation need its

own private copies of those files?

--

Will

 

[Malke]

Will wrote:

<span style="color:blue">

> I have a very strange looking folder under my C:WINDOWS folder, which if

> it is not a trojan then it must be some kind of device driver install that

> went

> very bad. I would like help identifying what it might be.

>

> The folder is named:

>

> C:WINDOWSEFUZEJYDIXC1AZ4D

>

> and it contains copies of many Windows system files. The contents of

> this folder are posted here:

>

> http://pages.uschw.com/usenet/EFUZEJ-folde...er-contents.txt

>

> Of special note is a logfile in that folder whose name and contents are

> linked here:

>

> http://pages.uschw.com/usenet/EFUZEJ-folder/sthdae.log

>

> You may want to open that logfile in an editor other than NOTEPAD that can

> hand LF only at the end of each line. Word 2003 opened it fine here.

>

> In that logfile I see attempts to add device drivers, that are failing

> with

> various messages about an invalid pin. That almost looks like Bluetooth?

>

> What I find most suspicious about this folder is that it copies over so

> many

> critical Windows system files. Why would any device installation need

> its own private copies of those files?

> </span>

And what results do you get when you do virus/malware removal scanning?

http://www.elephantboycomputers.com/page2....emoving_Malware

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

 

[MARK TURNER]

i have vista ultimate 64 bit and have trouble with CA INTERNET SECURITY

SUITE,it is a virus and spyware program from road runner you get free.it is

32 bit and i cannot get the virus protector to work right.i chatted online

with a ca helper and he said i have to upgrade to vista 32 bit.is there

another way to get it to work without upgrading?

mark0325

"Will" <westes-usc@noemail.nospam> wrote in message

news:9eWdnTEJ45bqhPXVnZ2dnUVZ_gednZ2d@giganews.com...<span style="color:blue">

>I have a very strange looking folder under my C:WINDOWS folder, which if

>it

> is not a trojan then it must be some kind of device driver install that

> went

> very bad. I would like help identifying what it might be.

>

> The folder is named:

>

> C:WINDOWSEFUZEJYDIXC1AZ4D

>

> and it contains copies of many Windows system files. The contents of

> this

> folder are posted here:

>

> http://pages.uschw.com/usenet/EFUZEJ-folde...er-contents.txt

>

> Of special note is a logfile in that folder whose name and contents are

> linked here:

>

> http://pages.uschw.com/usenet/EFUZEJ-folder/sthdae.log

>

> You may want to open that logfile in an editor other than NOTEPAD that can

> hand LF only at the end of each line. Word 2003 opened it fine here.

>

> In that logfile I see attempts to add device drivers, that are failing

> with

> various messages about an invalid pin. That almost looks like Bluetooth?

>

> What I find most suspicious about this folder is that it copies over so

> many

> critical Windows system files. Why would any device installation need

> its

> own private copies of those files?

>

> --

> Will

>

> </span>

 

[David H. Lipman]

From: "MARK TURNER" <rturner011@woh.rr.com>

| i have vista ultimate 64 bit and have trouble with CA INTERNET SECURITY

| SUITE,it is a virus and spyware program from road runner you get free.it is

| 32 bit and i cannot get the virus protector to work right.i chatted online

| with a ca helper and he said i have to upgrade to vista 32 bit.is there

| another way to get it to work without upgrading?

| mark0325

Remove it and replace it with a Win64 compliant AV solution.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp