Hi All,
Newbie here - first time poster. Apologises if in the wrong section, however I have been searching all over the web to try and find info out any two files that have very suspicious activity, and have been unable to locate anything whatsoever.
Over the past couple of days I've seen some serious issues with one of my PC's.
This evening finally managed to take a further look.
As I'm not sure if this is the correct thread to raise the topic, ill keep it short.
Somehow a file(s) has managed to install itself on the system.
Create a startup item.
Trigger another file to load and the process sits within the process list hammering the CPU usage. It also appears to hit the network bandwidth up.
Upon reset, the process repeats. (You can see the file loads a command screen, but it has a black/blank screen).
File(s) is/are hidden flie(s). Only located via the CMD and searching for the process name and seeking hidden files across the whole drive.
Attributes are marked as - system, archived and hidden. (Hence unable to be seen by File Exp in Windows).
Changing attrib from CMD (as admin) and files appear.
500+ meg (each) in size.
NFI what they are doing...
"solicitation.cgb & thermometer.exe" - location hiding out in C:\Users\All Users\*user name* and C:\ProgramData\*user name*
Only remedy I have found so far; search and manually remove listing via reg edit. Disable in startup, and make changes noted above via CMD (admin) for visibility.
Does anyone have any idea what the file(s) is/are all about...?
Happy to compress and upload, but dont think 500meg will get under 100meg.
Keen to hear thoughts, and happy to be called out as crazy on this one...
