It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Help ATS via PayPal:
learn more

Malware changing file types in Win7

page: 1

log in


posted on Dec, 12 2014 @ 02:03 AM
Hello again, computer experts of ATS.
I recently created a few threads detailing an issue I was having with being redirected to unwanted web pages after clicking links. I had done a bunch of scans on my computer with various software, and it seemed that no matter what I did, the problem would not go away. Finally, after running CCleaner, I found the apparent root source of the issue; 2 malicious browser plugins, which I appropriately deleted. They seem to be gone, at least for the time being.

However, I have a new and even more concerning issue at hand. Several files on my computer, around 520 of them, have had their "types" or extensions changed to the name of one of those plugins, "eastobuy". When you look at a file on your computer such as a picture, it might show as a jpg file, for example. However, these 520 or so affected files are showing as "eastobuy" files. In the attached picture below, you can see on the top, circled in red, where the file is showing as an eastobuy file, while on the bottom a jpg file is showing as a jpg file, as it should.
Many of these eastobuy files are within the Steam httpcache folder, but I'm particular concerned about these system32 files being changed.

What exactly is going on here? I'm becoming a bit frustrated with this whole thing. I'll be going to bed, but I will definitely be keeping tabs on this discussion.
Thanks in advance. Any and all help is welcome

posted on Dec, 12 2014 @ 02:40 AM
a reply to: trollz

when all else fails , i find that ComboFix on will fix it. you might to want try that. it will take time tho, be patient with it.
edit on 12-12-2014 by thishereguy because: (no reason given)

also, if you want/need to delete it when you're done, check their forums. different methods for different systems.
edit on 12-12-2014 by thishereguy because: (no reason given)

posted on Dec, 12 2014 @ 03:22 AM
It looks like the files with no extension were "hijacked" by that malware.

I don't know if it works or not, as I don't have that problem and I don't have Windows Vista or 7, the only operating systems this program works on, but you can try this and see if it works.

posted on Dec, 12 2014 @ 04:23 AM
a reply to: trollz The AppCache folder is just a repository for the main Steam.exe application to obtain quick access to information downloaded from Steam regarding your account so that it does not need re-downloading each time.

Your inventory, purchase history, friend interactions and other account-related data is also copied here.

It typically contains two directories, "httpcache" and "stats". "httpcache" is a cache for the html pages that help make up your general Steam application, such as the News, Store and Community pages. Having the data locally makes it much faster to re-display. The "stats" directory is a similar cache for the data of your achievements and stats for the games as displayed under the Profile pages. Note: these are not the recorded achievements, editing these will not affect the game's achievements since this data is recalled from the information that has been collected on the servers. It's one-way only

Aside from the two directories, are some vdf files which apply to the 'Library' portion of the application. The games (& DLC/expansions)/Tools and Media (including for example, the developer/publisher, metacritic scores etc.) and details as well as your current and historical downloads.


Removing this folder will simply enable Steam.exe to re-download the information from the Steam Servers. Theoretically, this should ensure only accurate and correct information is then present. You can't damage anything by removing the fodler, since anything that Steam.exe does not find, but expects to be there will be acquired from the server when next connected.

posted on Dec, 12 2014 @ 07:12 AM
If you already removed the malicious software, and you're confident that you have, then it looks like you need to go through your file associations and remove all of the associations for system files to that malicious program. Manual and tedious, but that looks to be your problem if you've removed the other malicious software and references.

CCleaner by itself is not enough. You'll also want to check out Malware Bytes... it's free for a while and will remove just about everything that's hiding around.

ComboFix is also another good tool for removal. Usually, you run ComboFix first (follow the instructions to the letter!), reboot, run it again, reboot, run Malware Bytes, reboot into Safe Mode, run Malware Bytes again (to verify that it worked and removed everything). Then run your normal anti-virus tools. If you are comfortable with the Windows Registry, you might need to go through and remove the registry keys that are related to that software that you removed. (the tools don't always get them). The most important place to look is in the "Run" and "RunOnce" keys of the registry. (Google to find their exact location). These are important because they get executed when you boot, so if there is an entry there, the malicious software could potentially keep downloading itself every time you re-boot.

Worst case, if you know a really good tech guy, get something like Team Viewer, LogMeIn (trial) or Windows Remote Desktop and let them log in to your computer remotely.

Hope this helps, and good luck!


posted on Dec, 12 2014 @ 09:09 AM
I am all for people doing what they can to fix their own computer, but there is a time to take it to someone who knows what they're doing. When my vehicle needs work above my knowledge, I take it to a good mechanic. I don't keep fiddling with it until I break something else, or worse.

Several times a year, people bring me computers that have been worked on by the family "guru". By the time the guru gets finished listening to every bit of advice they get online, and messing with things they know nothing about. It usually costs these people 3 times or more, what they could have gotten it fixed for if they had taken it to a good tech to begin with. (NOT the Geek Squad)

Do yourself a favor, and let a good tech clean that machine up properly, and you'll save yourself some headaches.

posted on Dec, 12 2014 @ 03:31 PM

originally posted by: Klassified
Do yourself a favor, and let a good tech clean that machine up properly, and you'll save yourself some headaches.

And an opportunity to learn something new.

top topics


log in