Share via

Found this suspicious folder in my program data and im wondering if its a malware

Anonymous
2024-05-13T16:07:08+00:00

The folder is called {150F4013-6884-4350-8DDC-6BFCB4C5DC15} and contains 3 files named:AUpdate.itdtGwkrymvt.datInstall.itdtWhen i found the folder i got suspicious and checked progams and features and found out Microsoft edge WebView2 runtime was installed yesterday. I dont know if its relevant tho, but its what made me suspicious to start with.But when i open the files with notepad its all just written in chinese or something. And that must be why virus total cant compute the hash.AUpdate.itdt:쌮ꊸ꿥秣챗ꭘ粦뎰욃疿鐫侐﹨⤮푢案綢⃑䃋὇ꦁ쫔뇬揹拎捇젳縹譥讞첦ﱬ갤১禺뭔జ㩓㷽Ś��嶱▝W䃡裺�Ə嶕ᷤ䭪̀䃳斔ჾ�Ⅸ恍낵ូ䭋篞꘦ᤲᭀ셑褊沐죫澺゘墹ꎡퟋ츪楃슭趩■擻巛֫뼁웻팭焞鳔泐敇켚龏鮀無⬬珛舕椊ኰᑲ눕訍먰⮡蘳꫐틐짢ꗻ캱쿡䴽둵࿴쩾ꊀ櫊鋉鈃裒휑悏䎖輝⽳쏝樸䱳除媦얘ቴ܂逕긳遑櫥鄅췢뜪ꏂ摞껆ႉ셸裳눲䴩�誻쿖炤惓궡싟慀٭탈岨Аá驨큊砪♚࿁ᄚ൯ﲘ먽殣᧼噆ቫ툤玞몳㮩瘥ຨ먂狺띹⏑졕唻睡뺼蕽떩೗圴弢㉁鱼輋ﶳ몛ﱉ댿쯄啎䞣�맺쎕훖໰뙋㭩優ꂅⲃ大襑둳嘻㖫᫅涓㲔ݴⅱ년癏ꔇ�媌証蒾꾭㴳㥃侐ၩ丞蝪魞ﳴ␈注㢖矜詝ఁ烚ꪘ멤䁼᪷ꉨꄒꜧ墤䖽槄ꀤﺢGwkrymvt.dat:㲓斂쏂ᔀﰝ첍ꞯ괙淟튏ꯦᵹ쌧镎㏫앻爴踰腡뺞鄹Ⱜ囜㭜莐멺孞᠊瀈┐弰鍻䊜ꀪ筤祸놹径륳銥줸㽅殲⚍ꚿ뺂ㅜ㏹絹蛶ꇬ猞च쿭䕍侄귆虯೯ﻷ㚷侏䨓⫋굨ﱳ譶�ﶹ뫪캯ᆷ帨⦅䣁ά�᐀箲ꞝ抱牊꧆傉ᵁ丆☗쁰抆⻝ޓ潐骸渎㡓턛ġ⩟�硧࣒긐䟫鸍걷ᴯ๧怭䍞幩堍箱뙳ణ轪띂礪燅╤搂⸓짙ૠ充ᓠᏍ৖視㕧骢⃰䑝胏鰿ַ�ꮪ⌱⩶꽍킄蜭�님훟켇㥋벛퓛��ꨍ夼꾑䷬삟ᔤ쓝반᫈⎜낓ᆲ⚋佘४빮丘퓋⩜놮螛ꑶ㸮촅꜈캧᪡磭횟ሏ椫㙨灇秼ዸ철⫇㡘떻룡ᑴ㮋萵쫵턫䊒ও뎇諀얤Ã嫅쫤�쩝㦵㑯ﻼ罿愄箭읢꽍睋럛䷘휆Ѹ蘩ꇯ䁹ꎊ⻨麗፦簔摤셃ěլ蚧⒒좚哎౨桴휆᪺蛸�鹤䯳ꎛ鬤ꥦ㩗쮴�皢铰ㄉ밬逾≒䥮ޤ텡⇫兔⑐鯮䅐꛰播Ȋ₼⏗ﴲ전㷤嶕觠䃸礨螀こ똕ꦚ삸⺴䃄Install.itdt:wÃýd«~©*»Ê²GÅš_¥Ãú1ûnIõEûÀ}‹‹YdÏÎÝ_ß1eg8¢ô.{c^5ÏO|@;ºz÷Æ•Á2òŒè mbËpz,o/¹˜µžD2k ðDj‹ýþ<¯@ÏŸg¨D^ ÏõÅç§ ¼S r§ R@ï+2F/·F[Œ§méfÜh2—.áÌ_¡ë.ávºtThanks in advance

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-08-18T13:19:55+00:00

    Hi, I found the same like you did under C:/ProgramData/{150F4013-6884-4350-8DDC-6BFCB4C5DC15} with inside the same 3 files. What I found out is that these are "left overs" from IOBIT iTop Easy Desktop, a program to organise the view of your desktop. It comes with other IOBIT Program installations like Driver Booster, Uninstaller, Advanced System Care, Smart Defrag a.s.o. Even you didn't install iTop Easy Desktop you find this indizes on your PC. Just erase it manually or use an uninstaller-program. IOBIT is a chinese company, that's why all information is in chinese language.

    This link might also help you: https://www.advanceduninstaller.com/iTop-Easy-Desktop-3ff23785399d54f2acd1a04291b2e9bf-application.htm

    Hope this was helpful to you.

    Was this answer helpful?

    4 people found this answer helpful.
    0 comments
  2. Virginia M 41,105 Reputation points Independent Advisor
    2024-05-13T17:43:49+00:00

    Hello, I’m Virginia, a fellow user like yourself.

    Sorry to hear you’re experiencing problems. May I ask which Windows 10/11 build are you running - 22H2 (Win 10/Win 11) or 23H2 (Win 11)?

    I understand you’re having problems with a potential malware infection, Don’t worry as I’ll do my best to assist you today.

    Try running these programs:

    MS Safety scanner: https://learn.microsoft.com/microsoft-365/secur...

    MBAM free: https://www.malwarebytes.com/mwb-download/ ensure scan for rootkits is enabled.

    Eset online scanner: http://www.eset.com/us/online-scanner/

    Adwcleaner: https://www.malwarebytes.com/adwcleaner/

    If these find one or more infections but do not fully remove them it will be wise to register with a malware removal site to receive dedicated malware removal instructions, an expert will remain with you throughout the process until confirmation that your PC is 100% clean.

    Malwarebytes virus/malware removal forum:

    https://forums.malwarebytes.com/forum/7-windows...

    Bleeping computer malware/virus removal forum:

    https://www.bleepingcomputer.com/forums/forum22...

    Disclaimer - This post contains reference to non-Microsoft websites and there may be ads on the page for products & services including products frequently classified as a PUP (Potentially Unwanted Product). Please thoroughly research any product / service advertised on the page before you decide to use them. Your discretion is very much advised.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments