M
Maple38
Guest
Lately, I have had some issues such as apps crashing and stuff. I got suspicious of having a virus, so I searched and found slightly suspicious stuff. Here is what I did.
First off, when I launch my computer a command prompt window opens and says something like "C:\users\XXXXX\appdata\local". That was kinda sus but I knew what the local folder was already. Then after a day, I realized that there might just be a file there called local too. I went over there and deleted the local.exe file because it was suspicious and I couldn't find anything about it online, and deleting it didn't do anything except that the window now just opened the local folder. The local file also had an Nvidia icon, but I still deleted it because if it really was from Nvidia it would be re-created by whatever Nvidia app it belonged to, and worst-case scenario I would just have to re-install GeForce Experience.
One time there was also a random fatal error popup with an Nvidia logo in my taskbar, but it seemed unrelated to everything else. It said "Failed to execute script westeal". According to a random guy on r/nvidia, it might be a virus because it's called westeal, which is just we-steal. I also couldn't find anything about it when I googled it. That was kind of suspicious too but it only happened once. I used a search app called Everything by VoidTools to search for a westeal, and the only results were a bunch of files called westeal.exe.manifest. Here are the search results and their paths.
I also just found an appdata.bat file in C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, the file just has the command "start %localappdata%" which seems to be the cause of the command prompt window that opens when I restart my computer.
And lastly, in the startup part of task manager, I found 3 apps called "Program" with no icon and they were all random Wondershare folders somewhere on my C drive. They were empty and I deleted them.
Sorry about this long post, but I'm kinda concerned. Is there anything you advise doing? And are there any programs that would let me see which programs these files are linked to? Also, it might be good to know what my antivirus is. I use Kaspersky at the moment. And please tell me if I'm posting in the wrong place, or if there's some other forum which would be good to post on.
EDIT: appdata.bat is now in "C:\Users\XXXXX\AppData\Local\CareCenter\TuneUp\Config" for some reason.
Continue reading...
First off, when I launch my computer a command prompt window opens and says something like "C:\users\XXXXX\appdata\local". That was kinda sus but I knew what the local folder was already. Then after a day, I realized that there might just be a file there called local too. I went over there and deleted the local.exe file because it was suspicious and I couldn't find anything about it online, and deleting it didn't do anything except that the window now just opened the local folder. The local file also had an Nvidia icon, but I still deleted it because if it really was from Nvidia it would be re-created by whatever Nvidia app it belonged to, and worst-case scenario I would just have to re-install GeForce Experience.
One time there was also a random fatal error popup with an Nvidia logo in my taskbar, but it seemed unrelated to everything else. It said "Failed to execute script westeal". According to a random guy on r/nvidia, it might be a virus because it's called westeal, which is just we-steal. I also couldn't find anything about it when I googled it. That was kind of suspicious too but it only happened once. I used a search app called Everything by VoidTools to search for a westeal, and the only results were a bunch of files called westeal.exe.manifest. Here are the search results and their paths.
I also just found an appdata.bat file in C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, the file just has the command "start %localappdata%" which seems to be the cause of the command prompt window that opens when I restart my computer.
And lastly, in the startup part of task manager, I found 3 apps called "Program" with no icon and they were all random Wondershare folders somewhere on my C drive. They were empty and I deleted them.
Sorry about this long post, but I'm kinda concerned. Is there anything you advise doing? And are there any programs that would let me see which programs these files are linked to? Also, it might be good to know what my antivirus is. I use Kaspersky at the moment. And please tell me if I'm posting in the wrong place, or if there's some other forum which would be good to post on.
EDIT: appdata.bat is now in "C:\Users\XXXXX\AppData\Local\CareCenter\TuneUp\Config" for some reason.
Continue reading...