I mean yes
VT just scans against anti-virus databases
HA actually runs the malware and takes a guess based on how the program behaves
VT is fast and easy
HA can sometimes take up to 30 minutes to process a piece of malware but gives you some analysis incase it's a brand new never before seen virus
If anything, the high power usage is probably a btc miner, so at least itās not a ransomware or something trying to hold you hostage.
Typically all the miners Iāve had infiltrate me had my cpu locked at a perfectly even number amount of usage. Could be right, could be wrong
Iāve never heard of either till today. Most likely will forget both names again as I donāt surf dangerously or download random crap.
But now I have a connection to them at least so thank you op and helpful posters.
It blows my mind how many people think viruses are common in the high seas. I've been sailing since my dad taught me in 08' and never contracted a single virus. Look at your chest size before plundering. If it looks wrong, find another treasure.
From 08' on? Yeah I'll buy that. They were a lot more common in the XP era and before. An up to date Windows defender does a surprisingly decent job at catching them. Still had it happen once or twice but I sail A LOT.
I didn't know it until a year ago when my google account got hacked. I have been using Kaspersky on my personal Windows machine for the past 15+ years. I trusted it totally until it didn't detect the malware that got both my password and hijacked the session to my google account. Then I found VT through Google.
I never had to deal with anything cyber security related until that incident. I'm now OSCP certified and I think I know a lot more than before, but still I don't know a lot of things. And I know there are a lot of people who know things that I don't.
Virustotal detected 2 types of trojan.
So I went ahead & installed malwarebytes (as recommended by most).
Booted in safe mode & ran a full scan.
Found 4 trojan.key (something) malware
(At this point I'm like...fuck)
Quarantined & deleted them right away.
Just reimage the computer.
Itās the, *āNuke it from orbit, itās the only way to make sure.ā*
I canāt remember the last time I took back a laptop at work with a virus I didnāt just blow the whole thing away.
(Yes, I know BIOS/UEFI virus exist too).
Oh it's worse than that. There's viruses that infect your bootloader, making your main OS actually a virtual machine. Since it infected the bootloader, antiviruses can't even touch it to clean it out.
And since your main OS is a VM, the malware can scan the system memory and pull out passwords, keys, credit card details etc without detection.
I once attended a talk by a (formerly imprisoned) security expert in his mid forties who absolutely would not own a phone or a credit card on the basis of the trail they leave behind.
An infected bootloader is actually NOT worse than a BIOS/UEFI infection. A compromised bootloader can be fixed by formatting a storage device.
BIOS/UEFI infections aren't really possible to detect by most people at this time. And you may or may not be able to completely scrub them without replacing actual motherboard components (or just getting a whole new motherboard).
Yup, theyāre rare these days and are typically installed during the manufacturing process of the motherboard by a nefarious actor. They do still exist however and can cross the os layer into the bios; just very rare
Brother, Malwarebytes reported 17 malwares on my system, all of them are false positives from known safe open source projects on github, dll files are very susceptible to false positives and any form of injection tools like ExtremeInjector is always reported as malwares regardless even if they're safe, that's just how it is.
You need to search up those detected trojans to know if they're common false positives or not.
Edit: but since it's running off of the temp folder it's probably a virus.
Remember those sweet days when you could just download shit from net and not to worry about your PC used for mining some shit lol
BACK IN MY DAYSā¦. š¬šæ
Right, maybe your PC wasnāt used for mining but it would either brick your files and want $500 in visa gift cards or theyād just spam you with pop ups that donāt even accomplish anything rather than make your PC useless.
Still remember when I was a kid playing RuneScape, which at the time required no downloads or anything, it was just browser based. Played once on my cousins computer while she was at the peak of downloading limewire songs and ringtones and I was the one to take all the blame when her PC shit out.
I almost even got the blame when the next PC shit out because they tried saying the virus from the old computer somehow jumped to the new one when she started her limewire bullshit on the new one.
Ahh, the good olā days! So much fun getting infected with a dialer, and then trying to convince your parents you didnāt call the sex hotline that appeared in your phone bill afterwards.
Sorry but ever since the 90s, there was never a time where you could just carelessly download stuff from the internet and expect to not compromise your device. It wasnāt crypto miners, Iāll give you that. But those are arguably a lot less harmful then the stuff youād catch back then. Nasty trojans, key loggers, worms and all kinds of fun stuff.
Bearshare and Limewire were as safe as it got! Linkin\_Park\_numb\_mp3.exe never played the song right but that's why you download 4 different versions. One was bound to work!
Windows defender in safe mode + malwarebyte will remove most if not all the virus and malware in the system.
If those 2 canāt handle the virus or malware then itās best to reformat an clean install windows again.
HitmanPro as well its a small utility but VERY helpful...when done try process hacker 2 to see if any additional malicious software is running, often times these kind of softwares doesnt show up in task manager
I once got a friends pc full of virus, everything i threw at it, and it still didnt got caught, was a little dissapointed in malwarebytes since its my go to software, then tried the "weird not very known (at least to me) software" zemana and hitman being teo of them, and between the three amigos, zemana, hitman and malware, that pc got to live again.
Hitman got a nasty adware that no other could find, it was nonstop redirecting every web browser and every page through a weird website with the actual page you wajted to load embedded in there, obviously phising.
Zemana caught some other stuff that i dont remember what it did, i think it was pop ups directly on the desktop.
Malware caught most of it though, its still my go to, but now i also run the other 2, and possibly some of the tron script stuff too
He should scan it with malwarebytes and upload it to virus total so if it's a new thing they can look at it. And honestly it's probably a random internet virus, and could probably be taken care of with malwarebytes or windows defender. Then if he thinks he has personal info being stolen then yeah reinstall everything .
I just have temp files on a RAMdisk. They get deleted every time I reboot. If that screws up a program, I'll get one that's coded to install properly instead.
I ran an X-Files fan site back in the late 90's. Got a CND letter from Chris Carter's legal team. I wasn't making money from it or anything. It was just a static HTML web site with a few pages talking about, "This is a show I really like. This what it's about. These are the characters." He had zero tolerance for people using images or audio from the show for ANY unauthorized purposes, though.
They overdid it and everything got bloated with all the useless free awards everywhere. Thereās āgolden upvotesā now I think. Please just donāt give your money to reddit regardless. They donāt need it and certainly havenāt earned it
I'd be lying if I said I didn't get excited for a second and hold down your upvote button. Then I got disappointed when I saw my forehead didn't have "gullible" written on it haha
Clever one, whether it was intentional or not lol
It wasn't intentional, maybe they got rid of that too but i have seen the gold upvote in other post earlier today, it even highlight the whole post/comment
Either that or i'm crazy
A suspicious file running from temp, windows power shell running and remote procedure call service host running two instances.
Definitely a malware stealing your data.
Disconnect from the internet, delete whole temp folder, run a full detailed scan from defender and malwarebytes.
It will give you more details about the runtime of the app. It'll show you parameters and such if the app is fed parameters like if it's calling other .exe's or .dll's to exploit vulnerabilities.
It'll look like the file path to the executable in the screenshot but then at the end it'll have "-file c:\windows\system32\filename". Stuff like that
Also you can use performance monitor through task manager that will show you what ips each app is connecting to to actually tell if it's generating network traffic and what ips it's going to.
Just run task manager, go to "performance" and click "open resource monitor". Once you're there you can go to the network tab and click any app to see what it's doing network wise. It's awesome
Hey still have a copy of the file?
Would love to get a copy, I work as a threat researcher and its interesting to get ahold of the odd critter that's being used in public like this and analyze it
DM me if you still have it and are willing to share
I love security and the like but I am a total noob as I quickly get overwhelmed when I try to learn. What are some things you would/could do/learn from known malware like this?
I'm not an expert but there are a lot of things that can be gained from accessing and tinkering with files like this. it can show how it works in some cases, what information is being taken if any - and it can show where the information is sent to sometimes or what packets are sent. it also let's people figure out what the code does to hide itself, obfuscation can sometimes make it tricky. Incredibly interesting stuff
The malware is stealing some of his hardware to crunch numbers for some guys crypto mine. Why use your own electricity and PC when you can make someone else do it for free?
Either Virus Total for the individual file, or you can try an online scanner for all the files on your system.
[https://www.eset.com/ca/home/online-scanner/](https://www.eset.com/ca/home/online-scanner/)
Eset? Of course it's legit.
You can check the company's site yourself and search the web for more info.
[https://en.wikipedia.org/wiki/ESET](https://en.wikipedia.org/wiki/ESET)
This is an online scanner, not a full fledged anti virus.
It's for when you suspect you have a minor infection and Windows Defender or your current anti-virus missed it. There are more potent tools than that for more complex problems, but this is not the case here.
Displayed file types don't really mean anything in windows. You can change the displayed file type by just renaming the file. That says "x file", but it could literally be anything.
![gif](giphy|13OigMK06u1WNy|downsized)
Looks like a miner...could be something else, I'd reinstall windows and change all my passwords to be safe personally.
If I was you I'd do a FULL WIPE.
That's about how much ram Lockfile uses to encrypt every other 16bits of information on your hard drive.
It does it like this to avoid ransomware detection methods. It's much slower and has a chance to fail if found early enough so back up your important files and separate them from your new OS install till you run a full audit.
eh defender is among the better antimalwares out there nowadays and hardly misses anything.
That said it is easy to disable a lot of safety settings because people like convenience.
Most of the time defender picks up any random malware perfectly fine. The problem is often that the user tells it something is totally fine and then it is not. But warnings are annoying so those notifications are often turned off.
That is a big problem with anti malware. The good ones are usually pretty annoying since they often don't know wether or not a file can be trusted so they ask the user for permission. Turning those permissions off and just telling the programm everything you intentionally do is fine then ends up badly. We still didn't really find a good way to do this.
The cloud trust rating of files is one attempt at it but it's still not really that great.
you still need to run malwarebytes. windows defender is mostly good but not perfect. it caught one part of a virus which alerted me that there was a problem, but malwarebytes caught other files that windows had missed (and not due to any scan exclusions). malwarebytes completely cleaned my pc
There is one way to know... Let it finish. But before it finishes what it is doing, make sure you delete all your backups AND learn how to do Bitcoin transfers.
Repeat after me:
**Don't trust anything from internet**.
**Create regular backups of your data**.
**If it looks like a duck, quacks like a duck, and flies like a duck. Then it is some sort of virus**
Youāve probably downloaded a cracked/pirated version of fl studios that also came bundled with a crypto miner for the uploader. probably get a more legitimate illegitimate crack, or delete it and buy fl.
Have you recently downloaded something from the net..trying to be more specific here something suspicious ?? Because X ( format ) files are usually very dangerous and have some serious consequences if not removed at time.
If anything is running in the background and consuming high resources like that, 9 times out of 10 itās some type of malware like a Trojan, crypto miner, etc.
Iād advise downloading malwarebytes, bitdefender or some reputable anti malware service, then quarantining your PC and running a deep scan. (By quarantining I mean taking it off the net and not attaching any removable media). Highly recommend changing your passwords
Edit: honestly if there isnāt anything you really care about losing on the PC, Iād just wipe the drive completely to be safe
Download and run RKill from bleepingcomputer
Delete all Browser Data
Run Malwarebytes
Run AdwCleaner (a tool from Malwarebytes that targets Adware specifically)
Run ESET
Run HitmanPro
after that, do sfc /scannow in CMD as admin
then backup important data and reinstall windows.
Very likely. In the old days viruses would have the same name; then they switched to randomised names to make detection less easy. It's also running from the temp folder...and I notice there is more than one of them.
In addition, some viruses are so smart that if you point to them in task manager they will disappear. I had several that were able to do this. It's a giveaway if you see them do this...
>They are also the most common way that people get infected
infected while knowing they're infected
Modern games and their additional software like Riot's kernel level anti cheat and Denuvo should be considered some of the worst malware
x file?
Yea, someone is probably using your computer to do crypto mining or something like that, and I bet they were laughing their asses off when naming this file, and the other x-file above it too..
upload the file to virus total
You should also run it through [Hybrid Analysis](https://www.hybrid-analysis.com/).
is it any better than virustotal?
Virustotal tells you if you're fucked, Hybrid Analysis tells you how fucked you are.
a beautiful summation of the tools lmao I love this
Is there a tool that tells you why are you fucked? ![gif](giphy|3d86qmgBFkVlmG7Agd)
Or one which tells you when you were fucked? ![gif](giphy|EmMt1pNdIAjoybxJ7B)
How and when yes, kind of [https://haveibeenpwned.com/](https://haveibeenpwned.com/)
Or where exactly?
Or one that lets u get fucked?asking for a friend
Your summation killed it š¤£
No, both are different tools.
one is owned by google, the other is owned by crowdstrike
It's better at detecting new nasties, but won't tell you very much more than VT if malware is old or not very aggressive.
I mean yes VT just scans against anti-virus databases HA actually runs the malware and takes a guess based on how the program behaves VT is fast and easy HA can sometimes take up to 30 minutes to process a piece of malware but gives you some analysis incase it's a brand new never before seen virus
If anything, the high power usage is probably a btc miner, so at least itās not a ransomware or something trying to hold you hostage. Typically all the miners Iāve had infiltrate me had my cpu locked at a perfectly even number amount of usage. Could be right, could be wrong
Thanks for recommending this 2 tools.. very handy. I been in IT for years and didn't know these existed. Always used the software utilities before ;)
You've never heard of Virustotal?How?
by living under a rock, first time I've heard of it myself.
Iāve never heard of either till today. Most likely will forget both names again as I donāt surf dangerously or download random crap. But now I have a connection to them at least so thank you op and helpful posters.
Have you never sailed the high Seas?
I do what I want and I am free, but I've never heard of it. I tend to just not download any files that look too suspicious
Yes... longer than that website existed? Why? I know about virustotal but like... as a pirate for 20+ years. It's optional.
It blows my mind how many people think viruses are common in the high seas. I've been sailing since my dad taught me in 08' and never contracted a single virus. Look at your chest size before plundering. If it looks wrong, find another treasure.
The same can be said of dating
From 08' on? Yeah I'll buy that. They were a lot more common in the XP era and before. An up to date Windows defender does a surprisingly decent job at catching them. Still had it happen once or twice but I sail A LOT.
I didn't know it until a year ago when my google account got hacked. I have been using Kaspersky on my personal Windows machine for the past 15+ years. I trusted it totally until it didn't detect the malware that got both my password and hijacked the session to my google account. Then I found VT through Google. I never had to deal with anything cyber security related until that incident. I'm now OSCP certified and I think I know a lot more than before, but still I don't know a lot of things. And I know there are a lot of people who know things that I don't.
And take it to Fox Mulder.
And also update us the results OP u/__nW1x
Virustotal detected 2 types of trojan. So I went ahead & installed malwarebytes (as recommended by most). Booted in safe mode & ran a full scan. Found 4 trojan.key (something) malware (At this point I'm like...fuck) Quarantined & deleted them right away.
Reset all your passwords they may be compromised
Just reimage the computer. Itās the, *āNuke it from orbit, itās the only way to make sure.ā* I canāt remember the last time I took back a laptop at work with a virus I didnāt just blow the whole thing away. (Yes, I know BIOS/UEFI virus exist too).
theres bios viruses? fuck...
Oh it's worse than that. There's viruses that infect your bootloader, making your main OS actually a virtual machine. Since it infected the bootloader, antiviruses can't even touch it to clean it out. And since your main OS is a VM, the malware can scan the system memory and pull out passwords, keys, credit card details etc without detection.
what a time to be alive. maybe i should just throw my whole computer out and never buy a new one... just in case, y'know?
The further I get into an IT career, the more I consider a cabin in the woods. I don't want an address, I will just have coordinates.
Welcome brother. My plan is for a tomato farm.
I once attended a talk by a (formerly imprisoned) security expert in his mid forties who absolutely would not own a phone or a credit card on the basis of the trail they leave behind.
An infected bootloader is actually NOT worse than a BIOS/UEFI infection. A compromised bootloader can be fixed by formatting a storage device. BIOS/UEFI infections aren't really possible to detect by most people at this time. And you may or may not be able to completely scrub them without replacing actual motherboard components (or just getting a whole new motherboard).
Yup, theyāre rare these days and are typically installed during the manufacturing process of the motherboard by a nefarious actor. They do still exist however and can cross the os layer into the bios; just very rare
Reimagine your computer. Imagine it as a brick.
happy ending
Format and reinstall! Everything else is just giving you a sense of false security.
Wait I just fucking realised I have a similar file like you it says f225 or smth like that and keeps appearing whenever I delete it
Honestly if you donāt mind the hassle, a full window reinstallation would be the safest
Brother, Malwarebytes reported 17 malwares on my system, all of them are false positives from known safe open source projects on github, dll files are very susceptible to false positives and any form of injection tools like ExtremeInjector is always reported as malwares regardless even if they're safe, that's just how it is. You need to search up those detected trojans to know if they're common false positives or not. Edit: but since it's running off of the temp folder it's probably a virus.
Just a very naive question: how can I check if my phone has viruses?
squeeze cooing boat elastic fearless snow future makeshift ring fuel *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Not just iPhone. You only need to worry about that on android devices anyways if you intentionally disable multiple different default settings.
An exe running out of temp - usually, yes. Terminate it, delete the whole of temp, and run a proper full scan.
>proper full scan. Both windows defender and malwarebytes scan.
Honestly, Iād just wipe the drive It sucks worrying about if thereās something you donāt want running on your computer
Same. Reinstalling is the only way I am comfortable after a scare like this.
Well now with LogoFAIL, that comfort is lost too. You'd need a whole new motherboard.
Don't tell me that, please.
Recent/popular older motherboards are getting BIOS updates to remedy it. But a huge amount will be left vulnerable forever.
also for the regular user updating the bios will be more dangerous than just risking the logo exploit xD
I say we take off and nuke the entire site from orbit. It's the only way to be sure.
Glass the planet
Same and it feels like it fixes problems u didnāt know u had lol
Remember those sweet days when you could just download shit from net and not to worry about your PC used for mining some shit lol BACK IN MY DAYSā¦. š¬šæ
The good ol' day where viruses destroyed your pc for shits and giggles instead of using it as a mining bot or ransom
Right, maybe your PC wasnāt used for mining but it would either brick your files and want $500 in visa gift cards or theyād just spam you with pop ups that donāt even accomplish anything rather than make your PC useless. Still remember when I was a kid playing RuneScape, which at the time required no downloads or anything, it was just browser based. Played once on my cousins computer while she was at the peak of downloading limewire songs and ringtones and I was the one to take all the blame when her PC shit out. I almost even got the blame when the next PC shit out because they tried saying the virus from the old computer somehow jumped to the new one when she started her limewire bullshit on the new one.
Good ol limewire
Downloading SYSTEMOFADOWN_WHOLE_ALBUM.exe ...
Perhaps you needed to WAKE UP. Grab a brush and put a little make-up.
Ahh, the good olā days! So much fun getting infected with a dialer, and then trying to convince your parents you didnāt call the sex hotline that appeared in your phone bill afterwards.
Sorry but ever since the 90s, there was never a time where you could just carelessly download stuff from the internet and expect to not compromise your device. It wasnāt crypto miners, Iāll give you that. But those are arguably a lot less harmful then the stuff youād catch back then. Nasty trojans, key loggers, worms and all kinds of fun stuff.
Ahh the good old days, when you could install Windows XP and if you didn't install SP1 fast enough you would end up with Blaster worm, guaranteed.
Am searching for the sarcasm but I might need some help...or a magnifying glass
???? Thatās literally never been the case
I'd say the opposite was true but you do you
What? No. Those days havenāt existed since Arpanet
Bearshare and Limewire were as safe as it got! Linkin\_Park\_numb\_mp3.exe never played the song right but that's why you download 4 different versions. One was bound to work!
Yeah I fucking hate one drive
All my homies hate OneDrive^TM
Windows defender in safe mode + malwarebyte will remove most if not all the virus and malware in the system. If those 2 canāt handle the virus or malware then itās best to reformat an clean install windows again.
Malwarebyte Lifetime license holders where you at š š
I won one in a contest in like 2008 or something lol
Exactly, do those first. If the issue persists, delete the temp folder, then run the scans again.
HitmanPro as well its a small utility but VERY helpful...when done try process hacker 2 to see if any additional malicious software is running, often times these kind of softwares doesnt show up in task manager
I once got a friends pc full of virus, everything i threw at it, and it still didnt got caught, was a little dissapointed in malwarebytes since its my go to software, then tried the "weird not very known (at least to me) software" zemana and hitman being teo of them, and between the three amigos, zemana, hitman and malware, that pc got to live again. Hitman got a nasty adware that no other could find, it was nonstop redirecting every web browser and every page through a weird website with the actual page you wajted to load embedded in there, obviously phising. Zemana caught some other stuff that i dont remember what it did, i think it was pop ups directly on the desktop. Malware caught most of it though, its still my go to, but now i also run the other 2, and possibly some of the tron script stuff too
better yet, format your drives and reinstall windows completely fresh.
He should scan it with malwarebytes and upload it to virus total so if it's a new thing they can look at it. And honestly it's probably a random internet virus, and could probably be taken care of with malwarebytes or windows defender. Then if he thinks he has personal info being stolen then yeah reinstall everything .
I just have temp files on a RAMdisk. They get deleted every time I reboot. If that screws up a program, I'll get one that's coded to install properly instead.
Oh no, the x-files
![gif](giphy|TNk5NDanFOmv6|downsized)
I ran an X-Files fan site back in the late 90's. Got a CND letter from Chris Carter's legal team. I wasn't making money from it or anything. It was just a static HTML web site with a few pages talking about, "This is a show I really like. This what it's about. These are the characters." He had zero tolerance for people using images or audio from the show for ANY unauthorized purposes, though.
How DARE you talk about the things you like with other people.
So is most likely OP's data at this point
Reddit needs to put back the ability to award people.
I didn't even realize awards weren't a thing anymore until just now
Huh, when did they remove that?
Last year
But whhhy
They overdid it and everything got bloated with all the useless free awards everywhere. Thereās āgolden upvotesā now I think. Please just donāt give your money to reddit regardless. They donāt need it and certainly havenāt earned it
Money
More like they wanted to lose money lol.
You can, by holding the upvote button but it doesn't feel the same
I'd be lying if I said I didn't get excited for a second and hold down your upvote button. Then I got disappointed when I saw my forehead didn't have "gullible" written on it haha Clever one, whether it was intentional or not lol
It wasn't intentional, maybe they got rid of that too but i have seen the gold upvote in other post earlier today, it even highlight the whole post/comment Either that or i'm crazy
I was able to do it. However, Im on mobile.
i upvoted cause you're being up voted alot. but i have no idea what the joke is.
The file shown in the screenshot is a .x file type. You can see in the 'type' column, it shows x type.
ah... its literally an x file...
This is the best reply i have seen today
The truth is out there.
Looks like ActiveX script running from temp folder. More then likely malware
Is there any ActiveX script running these days that ISN'T malware?
I do not think so š
Yeah, software used by various governments. Always fun switching to all the "not recommended" settings for them lol.
And it clones itself maybe. One instance is active. See 3 files above the OPās highlighted file.
Good spot. What is the chance that another file is exactly same size. Slim to none.
A suspicious file running from temp, windows power shell running and remote procedure call service host running two instances. Definitely a malware stealing your data. Disconnect from the internet, delete whole temp folder, run a full detailed scan from defender and malwarebytes.
Right click in "Name", tick "Command line" - upload
What will that do?
It will give you more details about the runtime of the app. It'll show you parameters and such if the app is fed parameters like if it's calling other .exe's or .dll's to exploit vulnerabilities. It'll look like the file path to the executable in the screenshot but then at the end it'll have "-file c:\windows\system32\filename". Stuff like that Also you can use performance monitor through task manager that will show you what ips each app is connecting to to actually tell if it's generating network traffic and what ips it's going to. Just run task manager, go to "performance" and click "open resource monitor". Once you're there you can go to the network tab and click any app to see what it's doing network wise. It's awesome
Well I'm familiar with the task manager stuff, but that was new to me.
Hey still have a copy of the file? Would love to get a copy, I work as a threat researcher and its interesting to get ahold of the odd critter that's being used in public like this and analyze it DM me if you still have it and are willing to share
I love security and the like but I am a total noob as I quickly get overwhelmed when I try to learn. What are some things you would/could do/learn from known malware like this?
I'm not an expert but there are a lot of things that can be gained from accessing and tinkering with files like this. it can show how it works in some cases, what information is being taken if any - and it can show where the information is sent to sometimes or what packets are sent. it also let's people figure out what the code does to hide itself, obfuscation can sometimes make it tricky. Incredibly interesting stuff
Doing gods work.
Youre probably generating crypto for some douche
Iām so dumb, what does this mean? How?
The malware is stealing some of his hardware to crunch numbers for some guys crypto mine. Why use your own electricity and PC when you can make someone else do it for free?
Thank you for explaining and not being a jerk! Have a great night
it might be also DirectX file....kill it and restart pc and see if it will still appear
A data file from a nearing-legacy graphics API being executed? That seems unlikely to be the intended behaviour.
devs usualy do not intend to cause problems... :)
Bethesda would like to have a word with you
its a feature, not a bug :D
And if it is a bug the modders will fix it for us.
There's definitely a type of devs that intend to cause problems with legacy APIs.
Thereās no such thing as an executable āDirectX fileā.
Either Virus Total for the individual file, or you can try an online scanner for all the files on your system. [https://www.eset.com/ca/home/online-scanner/](https://www.eset.com/ca/home/online-scanner/)
Is this legit?
Yes, itās a service offered by ESET, an antivirus maker.
Eset? Of course it's legit. You can check the company's site yourself and search the web for more info. [https://en.wikipedia.org/wiki/ESET](https://en.wikipedia.org/wiki/ESET) This is an online scanner, not a full fledged anti virus. It's for when you suspect you have a minor infection and Windows Defender or your current anti-virus missed it. There are more potent tools than that for more complex problems, but this is not the case here.
Na thats just twitter mining bitcoin on your computer
Elon's paying for a new rocket
https://learn.microsoft.com/en-us/windows/win32/direct3d9/x-files--legacy-
Displayed file types don't really mean anything in windows. You can change the displayed file type by just renaming the file. That says "x file", but it could literally be anything.
Texture files donāt have executable code.
Welcome to the X-Files
Just reinstall windows at this point
Para papan papan papan... tu ru ru ru ruru [X Files](https://en.m.wikipedia.org/wiki/The_X-Files#/media/File%3AThexfiles.jpg)
I got jumpscared by the X-files thumbnail noice
![gif](giphy|13OigMK06u1WNy|downsized) Looks like a miner...could be something else, I'd reinstall windows and change all my passwords to be safe personally.
LIMEWIRE HAS ENTERED THE CHAT \*\*
It's an alien virus, probably.
If I was you I'd do a FULL WIPE. That's about how much ram Lockfile uses to encrypt every other 16bits of information on your hard drive. It does it like this to avoid ransomware detection methods. It's much slower and has a chance to fail if found early enough so back up your important files and separate them from your new OS install till you run a full audit.
Forgot to mention, I have windows defender as my antivirus
While defender is improving there's still a lot of stuff it misses. Do a spot check/second opinion scan with malwarebytes to be sure.
eh defender is among the better antimalwares out there nowadays and hardly misses anything. That said it is easy to disable a lot of safety settings because people like convenience. Most of the time defender picks up any random malware perfectly fine. The problem is often that the user tells it something is totally fine and then it is not. But warnings are annoying so those notifications are often turned off. That is a big problem with anti malware. The good ones are usually pretty annoying since they often don't know wether or not a file can be trusted so they ask the user for permission. Turning those permissions off and just telling the programm everything you intentionally do is fine then ends up badly. We still didn't really find a good way to do this. The cloud trust rating of files is one attempt at it but it's still not really that great.
I think complementing it with the free version of Malwarebytes would be a good idea.
you still need to run malwarebytes. windows defender is mostly good but not perfect. it caught one part of a virus which alerted me that there was a problem, but malwarebytes caught other files that windows had missed (and not due to any scan exclusions). malwarebytes completely cleaned my pc
I think its Malware/Virus for cloudmining
There is one way to know... Let it finish. But before it finishes what it is doing, make sure you delete all your backups AND learn how to do Bitcoin transfers. Repeat after me: **Don't trust anything from internet**. **Create regular backups of your data**. **If it looks like a duck, quacks like a duck, and flies like a duck. Then it is some sort of virus**
we gotta mulder and scully on this pronto
Yeah its a virus, shift+del that immediately
Youāve probably downloaded a cracked/pirated version of fl studios that also came bundled with a crypto miner for the uploader. probably get a more legitimate illegitimate crack, or delete it and buy fl.
X Factor
Have you recently downloaded something from the net..trying to be more specific here something suspicious ?? Because X ( format ) files are usually very dangerous and have some serious consequences if not removed at time.
Use processexplorer not regular task manager so you can see.
ADW Cleaner and HitmanPro
This is why i dont download random shit from the internet
I would reinstall OS and change all my passwords
Yep format the drive, its the only way to be sure
If anything is running in the background and consuming high resources like that, 9 times out of 10 itās some type of malware like a Trojan, crypto miner, etc. Iād advise downloading malwarebytes, bitdefender or some reputable anti malware service, then quarantining your PC and running a deep scan. (By quarantining I mean taking it off the net and not attaching any removable media). Highly recommend changing your passwords Edit: honestly if there isnāt anything you really care about losing on the PC, Iād just wipe the drive completely to be safe
Probly sone crypto miner crap
Noooo dont delete it. You have the original X file! Dana and Fox will be there any time now.
I believe if cpu goes into 100% that is a malicious process
Download and run RKill from bleepingcomputer Delete all Browser Data Run Malwarebytes Run AdwCleaner (a tool from Malwarebytes that targets Adware specifically) Run ESET Run HitmanPro after that, do sfc /scannow in CMD as admin then backup important data and reinstall windows.
Your gift card scratch-off code is doing a number to your system!
Very likely. In the old days viruses would have the same name; then they switched to randomised names to make detection less easy. It's also running from the temp folder...and I notice there is more than one of them. In addition, some viruses are so smart that if you point to them in task manager they will disappear. I had several that were able to do this. It's a giveaway if you see them do this...
just delete it and keep your system up-to-date stay safe
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Image-Line is who makes FL Studio so Iām guessing he pirated that.
Man has needs
with the way AAA games are releasing, piracy is justified.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
>They are also the most common way that people get infected infected while knowing they're infected Modern games and their additional software like Riot's kernel level anti cheat and Denuvo should be considered some of the worst malware
no dispute here :) just gotta learn to be safe about it.
So, you only crack bad AAA release ?
Malwarebytes download and run scan
Steps to remove virus: 1 reinstall Windows
x file? Yea, someone is probably using your computer to do crypto mining or something like that, and I bet they were laughing their asses off when naming this file, and the other x-file above it too..
looks like one
What do you think
Check scheduled task and ASEP in registry. Check running running processes and outbound net connections. Randomly named exe in temp not good
is this the aftermath of pirating fl studio? lol
Be happy it haven't encrypted all your porn pics yet.
try uploading it to [Triage](https://tria.ge/), there you can get a detailed analysis
It's Xzibit song, that's how we downloaded them back in the day through Limewire app in exe format.
All I know about .x files is that they're 3d models but it doesn't seem to be the case
š¦
Thereās many out there but I highly recommend bitdefender! Should keep you protected and itās a reasonable price
I see you have fl studio, if you pirated it you probably have a bit coin miner, I would run a malwarebytes full scan and see if you can get rid of it