So I noticed strange activity on my bandwidth monitor and decided to investigate. Here whats I discovered:
-After 65 seconds of inactivity, the files in the pic are created in a new temp folder
-It keeps connecting to "contentiously.com" through vds.exe
-upload and download rates are at 1.2 K
-It will not do any of this if TaskManager is open
-It will delete all the files it created if I touch the mouse or keyboard
-When TaskManager is opened, 2 instances of "COM Surrogate" suddenly closes (not sure if this is normal behavior)
Avast doesn't detect anything, but this is highly unusual and I suspect its a virus. From the "blake256" file alone, I assume its mining bitcoins. I googled the symptoms, but only one other person mentioned it and they never got a solution - so I suspect its something new.
Does anyone know what this is? Suggestions? Is there a tool to let you see what service/file is creating these files?
>>54900449
install gentoo
nslookup contentiously.com
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find contentiously.com: NXDOMAIN
It doesn't real
>>51971506
>/g/ is NOT your personal tech support team
>For tech support/issues with computers, use /wsr/ - Worksafe Requests or one of the following:
backup and reinstall
>>54900495
whois.net says it is. Also, it's changed what it connects to now. See pic.
Is there a tool to let you see what service is creating files in a folder?
Just reinstall.
>>54900622
sysinternals probably has something you could use.
MBAM or make a bootable USB with some free antivirus SW that allows it
https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx?f=255&MSPPError=-2147217396
Use this to find what program or service is creating those files and nuke it.
I think I may have found the problem, but I don't have a solution
http://www.pcworld.com/article/2461120/stealthy-malware-poweliks-resides-only-in-system-registry.html
Just FYI to future readers, I used system restore and rolled back to a week earlier (when the problem wasn't present). That worked.
