Oddly named hidden folders in "My Documents"

[codyg102]

Recently, I found a couple of hidden folders in my "My Documents" folder; the contents of each were a collection of equally oddly named files of various extensions. I figured they were just artifacts from some old program installation and deleted them, updated and ran AV and Malwarebytes just in case, and forgot about it.

I "unhid" my hidden folders again today to take care of something else and found two similar folders had appeared - once again, nonsensical folder and file names.

I grabbed screenshots (and obscured info, where appropriate) to show you what I'm seeing. One other thing that was consistant, they were first and last folders in "My Documents" both times I noticed this.

Docs Folder
Contents of first folder
Contents of second folder

Does anyone have any ideas?

 

[Layback Bear]

Welcome to our forum codyg102.

Please use this to post snap shots on this forum.

Screenshots and Files - Upload and Post in Seven Forums - Windows 7 Help Forums

Jack

 

[codyg102]

As requested, screen shots of "My Documents" and contents of the two subfolders in question.

 

[codyg102]

I deleted the original "ghosts" but they're back... well sort of! :huh:

Different folder and file names/contents but still no explanation as to where the hell they're coming from.

 

[Syncopator]

I had a similar problem a little while ago. I found two oddly named items in my user/apps folder. I reported this - I don't remember on which forum - but someone suggested that ESET did tricks like that, planting what was described as honey traps as bait for ransomeware.
I had recently installed similar software which claimed to guard against ransomeware. I forget what it was called now. Anyway, I uninstalled it and the unknown entries in the apps folder disappeared.

 

[codyg102]

Interesting, but I've never had ESET installed (on any machine I've owned) so I can rule that out. I just checked and the files have changed again - new files/folders with TODAY's date. It looks like they're generated when the PC boots (or is rebooted) but that still doesn't get me to why they're appearing or for waht purpose...

 

[Syncopator]

My point was that as one program, ESET, had done this, then it was quite likely, or at least possible, that other programs did this too. And that is what I found.

 

[Callender]

My point was that as one program, ESET, had done this, then it was quite likely, or at least possible, that other programs did this too. And that is what I found.

It seems that RansomWare Free by CyberReason is likely to be the culprit in this case.

See list of files that another user reported as being created by the program and compare file extensions with your screenshot.

 

[torchwood]

I also believe its malware of some form
There should NOT be any hidden folders in My Documents.

Roy

 

[Syncopator]

I also believe its malware of some form
There should NOT be any hidden folders in My Documents.

Roy

I can only reiterate what I found.

After reading of ESET's honey traps, I thought that the program I had installed might be doing the same.

I uninstalled the program I had, and the strange files no longer appeared in the apps folder.

I then re-installed the program as a check, and found that strangely named items had again appeared in the apps folder. With different names this time.

Calling the planting of honey traps malware is, I think, a matter of semantics.

I'm just reporting my experience.