• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

540c6

A new link appeared in my startup folder this morning "540c6". It points to C:\Windows\System32\cmd.exe /C start "" "C:\Users\JEB1\AppData\Roaming\c1a6f\ada5a.8b8c5e". I deleted it and it reappeared after 5 seconds.

Replies

Kudos0

Re: 540c6

If you go into that location you can see exactly what the program is and file is. Did you actually delete the file or just delete it from start up? Some program is causing this. You can upload the file to Virustotal.

https://www.virustotal.com/

Kudos0

Re: 540c6

I  deleted both the file and the link (in that order) and both reappeared. File size is 33KB. I can't find any info on the web. I scanned with up to date Norton 360 and no risks detected. I had just completed a Java update.

Kudos1 Stats

Re: 540c6

It sounds like a persistent malware has gotten onto your system. I would suggest you contact Norton Support via online chat and ask about virus removal under the Norton Virus Protection Promise. See information here.  There is no additional cost for this service.    www.norton.com/chat

Please let us know how you make out. 

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: 540c6

Did you perform a full scan? Also you can run a scan with NPE. 

Kudos0

Re: 540c6

Norton Power Eraser is only suggested for people who have knowledge of systems and the fact that the NPE if used in inexperienced hands, can delete critical system files.

Windows 10 Home X 64
Kudos0

Re: 540c6

@jebcpa: I too recommend scanning your system (Windows 10?) in its Safe Mode w/ networking. Before that, you need to update your Norton 360. Then, recheck the said location > this time, you may take additional steps as outlined below:

  • Run MSCONFIG > check the Startup tab > share us any info re the Publisher, if you find it there.

  • More, check Task Scheduler: Control Panel > Administrative Tools > Task Scheduler > Task Scheduler Library - upload the screenshot of that list to here. E.G.:

  • right click on that file (exe? Google tips on how to show the file extensions) > look closely at the file properties like the General + Details + Digital Sinatures
  • Upload that file to the said VirusTotal so we can get extra details

Please contact Norton Support for more help, if you can deal w/ your issue here.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos1 Stats

Re: 540c6

Thank you all for your excellent advice. The scan revealed the KOTVER Trojan. I had dealt with this on another machine and went through all the steps only to finally end up manually removing the virus via the Norton instructions found in the article "Removing Trojan.Kotver from your computer". I decided to get to the bottom line on this machine and performed a manual removal which seems to have resolved the issue on this machine. With the amount I pay, I wonder why Norton360 did not block this virus? I hope this issue is being addressed as I write this

This thread is closed from further comment. Please visit the forum to start a new thread.