Results 1 to 11 of 11

Thread: Chinese file

  1. #1
    New Lounger
    Join Date
    Apr 2013
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Chinese file

    I have just found a file with a name in Chinese characters in my Windows/system32 folder. What is this? A virus?

    jkl77

  2. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,142
    Thanks
    101
    Thanked 579 Times in 464 Posts
    You could upload it to VirusTotal to check and/or rename it by appending something like .old to it.

  3. The Following User Says Thank You to Rick Corbett For This Useful Post:

    jkl77 (2014-03-31)

  4. #3
    4 Star Lounger
    Join Date
    Feb 2010
    Location
    Fairfax County, Virginia
    Posts
    584
    Thanks
    11
    Thanked 61 Times in 49 Posts
    An interesting question. Could you tell us anything else about the file? If you cut the name, can you paste it into a reply?

  5. The Following User Says Thank You to Prescott For This Useful Post:

    jkl77 (2014-03-31)

  6. #4
    New Lounger
    Join Date
    Apr 2013
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Here it is.
    㩣摜捯浵湥獴愠摮猠瑥楴杮屳污獵牥屳灡汰捩瑡潩慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹ 慤

  7. #5
    New Lounger
    Join Date
    Apr 2013
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks Rick. Virus total is neutral on the file. I decided to take a chance and opened it with notepad. It seems to be a log but I dont have the knowledge to dig deeper or understand it.

  8. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    Coild you post the VirusTotal result URL, please?

  9. #7
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,142
    Thanks
    101
    Thanked 579 Times in 464 Posts
    If that's just the file name, Google Translate does indeed detect it as Chinese and translates it to:

    㩣 whipped Daotongtumeng Yunaoceonwen Tifeixianwu  Liefangxianlan Tailieshiyi  Queshechuxi number Huoxiashentuo Min Shi stove 㐱 〮 〮 whipped repeatedly Tanshijingchi Dongzhenligu ⹹ Harcourt

    Not that it makes anything clearer...

  10. #8
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Well, it could be part of a language pack installed with another program..
    "If You Are Reading This In English, Thank A VET"

  11. #9
    New Lounger
    Join Date
    Apr 2013
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    https://www.virustotal.com/en/file/9...is/1396339652/

    perhaps I could upload part of the file? Its in English.

  12. #10
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,142
    Thanks
    101
    Thanked 579 Times in 464 Posts
    jkl77 - It doesn't look like the file is malware-related but it might be worth checking your hard disk for any files that were created at the same time as the one you've already found. To do this, open My Computer, double-click on Local Disk (C: ) then click on the Search icon in the toolbar. When the Search Companion appears, select All files and folders from the list in the left pane.

    Next, amend the Search criteria as follows:
    searchXP.jpg
    Click to enlarge

    1. Leave the filename textbox blank.
    2. Make sure the Look in: dropdown list shows just Local Disk (C: ).
    3. Click on When was it modified? then, when the additional options are displayed, click on the Specify dates option and change the dropdown list from Modified Date to Created Date.
    4. Change the from and to dates to the same date as the Chinese file you submitted to VirusTotal. (The default display in Explorer only shows a Date Modified column. You'll need to click in a blank part of the column header and choose Date Created to add a new column showing this info.)

    created.jpg
    Click to enlarge

    5. Click on More advanced options then, when the additional options are displayed, make sure the Type of file: dropdown list shows (All files and Folders) and make sure there are ticks in the first 3 checkboxes.
    6. Click on the Search button and, when the search is complete, click on the Chinese file you submitted to VirusTotal to select it.
    7. Ensure you can see a Date Created column and click twice on the Date Created column header. This will sort the list in last/first date/time order allowing you to see easily what, if any other, files were created in the same time period as the Chinese file you submitted to VirusTotal. You may wish to submit any other files created at the time to VirusTotal for peace of mind.

    Hope this helps...

  13. #11
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts
    The VT analysis points to to something resembling a SQLite 3.x database file.

    Can you find the Created date and then search for any other files created on the same day, that might furnish further clues?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •