Author Topic: Exe turning to zero bytes  (Read 3707 times)

0 Members and 1 Guest are viewing this topic.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Exe turning to zero bytes
« on: October 19, 2019, 05:35:21 PM »
Hello guys iv noticed that computers on my area have application turning to zero bytes .. so i wanted to know how i could avoid this malware
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Exe turning to zero bytes
« Reply #1 on: October 19, 2019, 10:00:36 PM »
This sounds extremely intriguing, I've never heard of anything doing that.

Please follow the guide here (and attach those logs) >> https://forum.avast.com/index.php?topic=194892.0
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #2 on: October 20, 2019, 08:09:08 AM »
Its undected Sir .... it once hit me sometime last year and i Friend on this Forum advised me to use a particular usb scanner for future protection ..i never managed to hit me after that ..

 but i never really found a solution to the application that has been hit ... even when i scan my computer its not traceable ...

but here is a sample on virus total : https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Exe turning to zero bytes
« Reply #3 on: October 20, 2019, 01:53:54 PM »
Its undected Sir .... it once hit me sometime last year and i Friend on this Forum advised me to use a particular usb scanner for future protection ..i never managed to hit me after that ..

 but i never really found a solution to the application that has been hit ... even when i scan my computer its not traceable ...

but here is a sample on virus total : https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection

The above programs aren't typical scanners. They won't remove anything unless directed to do so. However, it may give us an idea of what's modifying your files, that way we can grab a sample and remove it from your system.

Regards,
Michael.

Edit: I should specify, MBAM is a typical scanner. FRST is not. But please run both...
« Last Edit: October 20, 2019, 01:55:47 PM by Michael (alan1998) »
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #4 on: October 20, 2019, 04:43:32 PM »
Here are the logs  Sir
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Exe turning to zero bytes
« Reply #5 on: October 20, 2019, 05:00:38 PM »
Here are the logs  Sir

Hello Pako,

I certinaly see a lot of empty directories (temp folders, MBAM's directory is empty etc). I'll reach out to Sass Drake and see if they have any ideas. May take a day or so for them to swing around so please be patient.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #6 on: October 20, 2019, 05:27:51 PM »
Ok Thank You no problem
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Exe turning to zero bytes
« Reply #7 on: October 20, 2019, 10:53:54 PM »
Can you post screenshot (or explain it more detailed) of application reduced to zero bytes please?

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #8 on: October 21, 2019, 08:08:03 AM »
if you want more screenshot you want more screenshots you can Tell me..


But this is what is happening .. application memory (May it be Exe Files , Music , Pictures) their size change from a particular size to zero bytes .. and once they change to zero bytes the computer wont be capable of opening them ...
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Exe turning to zero bytes
« Reply #9 on: October 21, 2019, 02:36:59 PM »
What directory was that in?
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #10 on: October 21, 2019, 02:39:42 PM »
it hs always been at Documents but i moved it to desktop yesterday
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Exe turning to zero bytes
« Reply #11 on: October 21, 2019, 07:10:11 PM »
Is it only exe file which turns to zero bytes?

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #12 on: October 21, 2019, 07:52:00 PM »
Not really even music , Pictures , but at the moment i have samples for exes ....

Kind of deleted the Pictures and Music
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Exe turning to zero bytes
« Reply #13 on: October 22, 2019, 11:50:16 PM »
Please post new FRST.txt and Addition.txt.

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: Exe turning to zero bytes
« Reply #14 on: October 24, 2019, 12:34:08 PM »
Please post new FRST.txt and Addition.txt.

Check replay #4
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security