boost_interprocess

[nums]

Hello.

I recently discovered a folder called boost_interprocess in C:\ProgramData, inside there are 3 files. UWK_COMMANDBUFFER_MUTEX
UWK_DATABUFFER_MUTEX
UWK_TEXTUREBUFFER_MUTEX

A quick google search revealed this: Encyclopedia entry: Backdoor:Win32/Kelihos.A - Learn more about malware - Microsoft Malware Protection Center and WORM_KELIHOS.SM | Low Risk | Trend Micro Threat Encyclopedia

I have checked the registry, I don't have any of listed entries. This is the only thing I have in the Run directory: http://i.imgur.com/jQ687k3.png

I do have a google registry, though none of the entires listed above. I do have chrome installed. I've run quick and full scans with both Avast! and Malwarebytes which returned nothing.

Anyone know what these files are?

 

[VistaKing]

Click here DDS

:ar: Click on Download Now button

:ar: When the download is complete . Drag the DDS program from the Downloads folder to your Desktop

:ar: Double click the DDS icon on the Desktop then click the Run button to run the tool.

:ar: Place a check next to attact.txt and click Start . When done, DDS will open two logs

• DDS.txt
• Attach.txt

:ar: Save two logs onto your desktop and upload them with your reply

 

[nums]

Here they are.

 

[VistaKing]

Run ESET Online Scanner

On

Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the

button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
On

or

Click on http://download.eset.com/special/eos/esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on

choose

on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

 

[nums]

Hello, I did the scan, it found nothing (and so didn't give me an option to export anything to post).

 

[VistaKing]

AdwCleaner
Click here AdwCleaner

:ar: Click on Download Now button

:ar: Save to the Desktop

:ar: Right-click on AdwCleaner.exe and choose

:ar: Click on Delete and confirm the prompt.

:ar: Your computer will be rebooted automatically. A text file will open after the restart.

Upload the log : The log file is at C:\AdwCleaner[Sn].txt

 

[jharps]

I also found the boost_interprocess folder in C:\ProgramData, although the content is different to nums'.

The content I have is similar to that described on this Technet page. However, I have since discovered that the boost_interprocess folder, and its contents, are created by the Cloudfogger app on my system.

Cloudfogger is (was) an app to automatically encrypt the contents of folders synced with cloud storage services. Unfortunately, there has been no activity from them (see their blog) since December 2012, and they are not responding to contact.

I'm not saying that their software is purposefully malicious because I have no evidence, other than the creation of that folder, that anything untoward is happening. However, bearing in mind the lack of development and response, I have uninstalled Cloudfogger which has allowed me to delete the boost_interprocess folder, and without Cloudfogger running, it doesn't come back.

It may not be pertinent to nums' situation, but I post the info here because it seems generally pertinent.