1

If using the nirsoft’s OpenedFilesViewer, which prints file handles. There are some “processes” with strange chinese characters that have a handle on inexistent files on C: drive. I haven’t paid much attention to it, since I can’t find the files nor the process, of which one has PID 4 i.e. the NT Kernel & System process. But it still doesn’t look right and I am worried if it in fact is malware, since it appears on every boot.

Examples:

C:躋 (appears every boot)

C:ᅐ鎩ᅐ鎩Ј (other files vary in names)

OpenedFilesViewer list

If I try to close the handle C:躋 or kill the process it won’t work.

psisis
  • 19
  • 1
  • 6
  • Maybe delete the files with Unlocker (MajorGeeks) – John Mar 31 '22 at 23:02
  • @John How would that work if the files do not exist/can't be found? – Gantendo Mar 31 '22 at 23:08
  • Download and run MalwareBytes (it is free) http://malwarebytes.com/ – Gantendo Mar 31 '22 at 23:08
  • It seems the files must exist somewhere on your computer. – John Mar 31 '22 at 23:10
  • Thanks for the tip but as stated, Unlocker can’t find the file, in fact it doesn’t list any file on the C: drive root. I have run Malwarebytes @Gantendo. First I thought it’s a bug on openedfilesview, or a mistranslation of hex, but it seems to only affect me. – psisis Mar 31 '22 at 23:32
  • To rule out that it is a bug, try https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer – Gantendo Mar 31 '22 at 23:53
  • I have used Process Explorer, Process Hacker, Autoruns, Procmon. They don’t show anything like it. I think they all use the same API. Either it is a bug, or ofview shows me something alarming. Even though I block internet connections by default, it bugs me to see chinese letters. – psisis Apr 01 '22 at 00:10
  • I think Process Explorer uses Handle https://docs.microsoft.com/en-us/sysinternals/downloads/handle Do you have the latest version of OpenedFilesViewer? Maybe report it as a bug. – Gantendo Apr 01 '22 at 00:22

0 Answers0