Skywalker.exe ??

Alejandro85 · 23 Jun 2013

Layback Bear said:

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe

The location is VERY suspicious, to say the least. Maybe I'm missing something, but here's what I think.
The folder is the IE cache, so someone or something downloaded it using IE. The browser's cache is per-user based. But what I see very bad is that it's in the system user profile (nt authority\system) which should NEVER access internet, let alone using IE. The file itself is probably safe to delete, but have a look at all the running processes to see if there is something suspicious (remember to elevate task manager and look at every process and service).
It would be a good idea to do a full system scan with a good, updated antivirus. Maybe I'm wrong, but I think there is more in the system beyond that strange file.

Layback Bear · 23 Jun 2013

Good point Alejandro85. I have done scans with Microsoft Security Essentials and Malwarebytes Anti Malware and I doing a scan now with Eset.

Layback Bear · 23 Jun 2013

All that was found by Eset was
SweetIM.E App
Sweet.E
Checked a few more method and Sweet is gone.

maxie · 23 Jun 2013

Looking good then Lady

Jacee · 23 Jun 2013

Download and "KEEP" TFC!! Temporary file cleaner by Old Timer:

TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Layback Bear · 24 Jun 2013

Thanks Jacee. Done.