Peek-a-Boo HTML file and Folder (w files) in my downloads folder

[disaksen]

Today, I noticed a "Peek-a-Boo" HTML file and Folder (w files) in my downloads folder.  I have no clue about how it got there, but am very leery about it.  I've read about there supposedly being a Peekaboo ransom virus that encrypts files and displays a ransom notification, but have not had any ransom notice display.  I have not shut down/restarted my PC since finding the files.

I ran Malwarebytes AdwCleaner 8.0.9 and the only thing it came up with are a couple "Preinstalled" software notices that it wanted to put into quarantine.  I did rename the HTML file and its Folder with different names to hopefully break the link between them.  I would appreciate any help that might help me determine if I'm in trouble with those files and how to deal with them, .. short of just deleting them.  Did not attach files because I have no clue if they would be passing on something nasty by doing so.

Thanks,

disaksen

[disaksen]

Below is a copy of the AdwCleaner(S13) log I just recently ran.

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-14-2021
# Duration: 00:01:13
# OS:       Windows 10 Pro
# Scanned:  31956
# Detected: 2

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 

AdwCleaner[S00].txt - [1379 octets] - [16/05/2019 00:41:45]
AdwCleaner[C00].txt - [1505 octets] - [16/05/2019 00:44:39]
AdwCleaner[S01].txt - [3137 octets] - [17/05/2020 01:02:32]
AdwCleaner[C01].txt - [2835 octets] - [17/05/2020 01:05:15]
AdwCleaner[S02].txt - [3810 octets] - [29/05/2020 12:23:59]
AdwCleaner[C02].txt - [2359 octets] - [29/05/2020 15:03:52]
AdwCleaner[S03].txt - [1595 octets] - [13/06/2020 00:40:36]
AdwCleaner[C03].txt - [1677 octets] - [13/06/2020 00:46:04]
AdwCleaner[S04].txt - [3174 octets] - [22/06/2020 09:07:04]
AdwCleaner[S05].txt - [1790 octets] - [28/06/2020 01:26:30]
AdwCleaner[S06].txt - [1839 octets] - [05/07/2020 10:21:04]
AdwCleaner[S07].txt - [3357 octets] - [13/07/2020 12:01:26]
AdwCleaner[S08].txt - [3418 octets] - [13/07/2020 12:03:16]
AdwCleaner[S09].txt - [3479 octets] - [24/07/2020 02:12:35]
AdwCleaner[S10].txt - [3540 octets] - [28/09/2020 00:30:49]
AdwCleaner[S11].txt - [3601 octets] - [01/01/2021 09:19:08]
AdwCleaner[C11].txt - [3745 octets] - [01/01/2021 09:25:42]
AdwCleaner[S12].txt - [2597 octets] - [04/01/2021 04:36:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S13].txt ##########

[kevinf80]

Hello disaksen and welcome to Malwarebytes, Lets gets some logs and see what is happening with your system.. Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 4 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Text file (*.txt), then name the file and save to a place of choice, recommend "Desktop" then attach to reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language right click on FRST, select rename then rename to FRSTEnglish.   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

[disaksen]

On 1/11/2021 at 11:10 AM, AdvancedSetup said:

Well that says the driver is not installed. So not sure how it's holding it up.

Okay, please get FRST from the link below. Then copy it to that USB stick. (you can pull it out, copy the FRST program and reinsert it)

 

Please download Farbar Recovery Scan Tool and save it to your USB stick.

 

Then save the following text file to the same location on the USB stick as the FRST program.

fixlist.txt 2.33 kB · 12 downloads

Then from DOS run the command to start or open FRST (typically x:\frst64.exe )

Then click the FIX button.

It should run and create a new log FIXLOG.txt on the USB stick. Please post that back when done.

It should now be able to boot into Normal Windows mode

 

 

 

 

Would you possible post the contents of your "fixlist.txt" file in a post so I can copy it and create my own "filelist.txt"?  I have tried downloading your file numerous times, but my browsers (Brave & Vivaldi) flag it and won't let me download your file.

[AdvancedSetup]

Hello @disaksen

Please follow the advice from @kevinf80 above and post back the requested logs and he will assist you in cleaning your computer.

Thank you

 

[kevinf80]

Any progress...?

[kevinf80]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks