A new link appeared in my startup folder this morning "540c6". It points to C:\Windows\System32\cmd.exe /C start "" "C:\Users\JEB1\AppData\Roaming\c1a6f\ada5a.8b8c5e". I deleted it and it reappeared after 5 seconds.
If you go into that location you can see exactly what the program is and file is. Did you actually delete the file or just delete it from start up? Some program is causing this. You can upload the file to Virustotal.
I deleted both the file and the link (in that order) and both reappeared. File size is 33KB. I can't find any info on the web. I scanned with up to date Norton 360 and no risks detected. I had just completed a Java update.
It sounds like a persistent malware has gotten onto your system. I would suggest you contact Norton Support via online chat and ask about virus removal under the Norton Virus Protection Promise. See information here. There is no additional cost for this service. www.norton.com/chat
Please let us know how you make out.
Did you perform a full scan? Also you can run a scan with NPE.
Norton Power Eraser is only suggested for people who have knowledge of systems and the fact that the NPE if used in inexperienced hands, can delete critical system files.
@jebcpa: I too recommend scanning your system (Windows 10?) in its Safe Mode w/ networking. Before that, you need to update your Norton 360. Then, recheck the said location > this time, you may take additional steps as outlined below:
Please contact Norton Support for more help, if you can deal w/ your issue here.
Thank you all for your excellent advice. The scan revealed the KOTVER Trojan. I had dealt with this on another machine and went through all the steps only to finally end up manually removing the virus via the Norton instructions found in the article "Removing Trojan.Kotver from your computer". I decided to get to the bottom line on this machine and performed a manual removal which seems to have resolved the issue on this machine. With the amount I pay, I wonder why Norton360 did not block this virus? I hope this issue is being addressed as I write this
If you are experiencing an issue that needs urgent assistance please visit our customer support area:
There are currently 5 users online.