How can I figure out what's creating a folder?

T

Tabs

Limp Gawd
Joined
Aug 24, 2005
Messages
147
I have an empty folder called "FPA" that's getting created in my root C:\ every time I boot and I can't figure out where it's coming from. Everything looks normal to me in Process Explorer and Autoruns and the system passes a Defender scan.

Anyone else seen this?

Thanks
 
Nope.
Run scans using more products that the anti malware community recommend.
Theres many free ones ie spybot, adaware, crap cleaner.

You might wanna run a virus scan too !
 
Is this folder being created on a new OS install? Or is this some recent event?

If recent, did this begin to occur after some SW install?

Just asking some questions to see if it related to something you may have installed or if it is something else.

Or..., been to any p0rn sites lately?:p j/k!
 
I just noticed it yesterday - haven't really installed much new recently. World in Conflict like 2 weeks ago I think was the last thing installed to that OS (XP Pro, the other half of my dual boot w/ Vista)
 
I'm pretty sure you have picked up some nastiness there.... Download and run HiJackThis and post the log here... after a quick search, I think it's some form of malware that's causing your problems....
 
download sysinternals filemon and you'll see every visible process.
 
I don't freaking believe this:

System was infected with two separate backdoor trojans, one in Vista and one in XP - the XP one was a freaking keylogger too.

I have NOD32 and Defender running in both OSes at all times, always updated with real time protection on. I'm a smart user - I don't open stupid attachments or download questionable stuff etc... How in the hell did this happen?

I'm thinking I should probably do a full reformat just to be safe right? I mean how do I know there's not some rootkit or something that's the source of this etc...
 
How do you know it was 2 trojans?

Just becuase you're protected doesn't mean it's a 100% A condom isn't 100% now is it?
 
Did you run HJT?
If not, do, and post the log here so we can double check it for you.. once that is done you should be ok.... I suppose you could reformat... don't really think you need to, but if it would make you feel better...
 
Tabs said:
How in the hell did this happen?
Click to expand...
The reason I usually see is that people don't keep their OS and/or definitions up to date.

Relying on AV/anti-malware as the only defense is a poor choice when there are known and unpatched exploits in the OS. All it takes is a novel vector to exploit it.
 
Yeah, I'm not a dumb user guys, I have automatic updates on and I check Windows Update manually almost every other day. Definitions are all on autoupdate too.

I've actually worked as a tech cleaning malware infections, which is why I can't understand how this happened. I'm super careful with this stuff... I know all the tricks for phishing, bad email attachments etc...

I'm gonna reformat and go change all my passwords in a little bit here. I don't trust it even though it's coming up clean in the NOD32 scans now.

The trojans both came up in repeated NOD32 and Ewido/AVG scans in both XP and Vista, so I gotta assume they were real.
 
So my confusion thus lies in this:

If NOD32 picked it up in a scan, why didn't it just detect it prior or during install/download/etc?
 
I would love to know the same thing guys... NOD32 got it in the scans but I know I never saw a virus warning when running a file or downloading something etc. Starting to make me question that program's effectiveness. (of course this has to occur just after I got a 2 year renewal on it...)
 
Tabs said:
I would love to know the same thing guys... NOD32 got it in the scans but I know I never saw a virus warning when running a file or downloading something etc. Starting to make me question that program's effectiveness. (of course this has to occur just after I got a 2 year renewal on it...)
Click to expand...

Nod32 is pretty close to the best you can get. The problem with AV is that they can never be 100% safe.

The best protection you can get is not to stick your plug in the socket if you catch my drift. People rarely want to be that protected though.
 
You must log in or register to reply here.
Back
Top