Make new folder and a malaware runs. I select left click exe file and I click on New folder (tool bar), the file open buy itself, it start running . (Window 7 Sp1 ) NO ANTIVIRUS DETECT IT

I Strongly wish to find a solution  

VIDEO EXPLANATION YOUTUBE

Youtube delete the private link video.

Windows bug:

"Every time I clicked on 'new folder' in the command bar while an exe was selected, Windows would attempt to launch the application as if I had double clicked on it."

Windows security problem:

If the file is download, a second file is attach to it and runs too. (Trojan)

You can scan the file with antivirus and the antivirus will scan 2 files not one.

If you execute the Windows bug, the second file runs free wild.

If I select a file.exe (left click) and I click on "New folder" in the tool bar of the window to create a new folder,  the file selected start running. It open buy itself in execution and a new windows asking for Administrator password .

I'm am Not logged in to Administrator mode in Windows7 Home Premium.

So when the file start running it ask for password

I make a restore but I'm having the same issue. Not with all files.exe; with some files .exe

40% of the files I download from internet (Normal and secure sites)

I format disk, make a full new install and the problema is still there

 

Question Info


Last updated March 15, 2018 Views 305 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi Alan,

 

I would suggest you to run an Online Scan and check if it helps.

 

A fast way to check for viruses is to use an online scanner, such as the Microsoft Safety Scanner. The scanner is a free online service that helps you identify and remove viruses, clean up your hard disk, and generally improve your computer's performance.

 

To run the Microsoft Safety Scanner:

 

a. Go to the Microsoft Safety Scanner webpage to download the scanner.

 

http://www.microsoft.com/security/scanner/en-us/default.aspx

 

b. Click Download Now, and then follow the instructions on the screen.

 

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

 

Hope it helps.

K.Z. Sharief Khan
Ex-Microsoft Forum Moderator

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

 

Windows chat suggest me to do a clean boot and a clean scan.

Supposing I star the pc in clean boot,

1) Is there difference between "Safety Scanner" you suggest me  and "Clean Scan"?

2) Do I has to make a Safety Scanner in Administration mode or one for each user?

 

thanks for the advice.

 

I has g-data, Kaspersky and superantimalawer...

 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Alan,

 

- Which Windows chat are you referring to?

 

To help troubleshoot error messages, you can start Windows Vista or Windows 7 by using a minimal set of drivers and startup programs. This kind of startup is known as a "clean boot." A clean boot helps eliminate software conflicts.

 

We are not sure about Clean Scan, let’s run the Microsoft Safety Scanner and check if it helps.

 

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software and works on all user accounts.

K.Z. Sharief Khan
Ex-Microsoft Forum Moderator

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Engineer Sherief,
Thanks for your time.
I make a A clean boot and Microsoft Safety Scanner did not resolve the problem in my case
This is a video explanation of my problem.
the link is private and not public. Only here for this question.
Hope the video help to understand the problem
 I started Windows 7 in minimal set of drivers and startup programs and made a Microsoft Safety Scanner and found one virus in one old backup file that i never use.
The problem is still there.
If i zip the folder with the 2 files and then i unzip it into a new folder, the problem disappear.
I discover this when i was making a test trying to upload the files to the antivirus webpage.
I wish Microsoft look this two files. one with the problem and one without.
Regards, and thanks for your time

Ps:
I delete the desktop.ini file and the problem is still there,
 It can be a Microsoft bug? Can be a hide Rootkit? 
I make the test with 6 antivirus with no resolve the problem.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I made a full format.

I made a New Windows Installation

I add drivers from CD

I add Antivirus internet security from cd

I add driver Wi-Fi from cd

I click in Windows Update and download 300Mb

I open iexplorer and download a driver or comodo antivirus

and the file has the same problem. I do not think comodo file is the problem

there is something else.

 

1) The Icon is working with a script in it?

 

2) What can I do?

 

3) I make a isolation of the 2 files download from the same place.

  One suspicious with the problem and one not.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Alan,

 

1.      Does other web browser installed on the computer?

2.      What is the name of the suspicious file?

 

Please get back to us with the above information to assist you in the right direction.

K.Z. Sharief Khan
Ex-Microsoft Forum Moderator

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

1.      Does other web browser installed on the computer?


2.      What is the name of the suspicious file?


1. Only Explorer 10 (with last upadte). ( The same problem in other PC with chrome and firefox )

2.For example windows sidewinder x6 keyboard driver

try by yourself , download and then do this:

Select a .exe file* and then press "NewFolder" on the tool bar. The file auto execute and the folder is create late.

*The file must be a .exe download from internet.  Left click for selecting it.
Is Not necessary a Microsoft file. Can be a antivirus, a driver, etc.

No antivirus detect the problem

Try by yourself, is a bug that 50% file has.
But this allows a door to malaware i think in the icon.

The problem is since 98 and there is no way to report a bug to Microsoft in a direct way.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Alan,

 

We tried to recreate the issue, however did not find any delay or issue with the execution of exe from the link you have provided and with other exe files.

 

The issue might be due to the version of Windows that you have installed being corrupt.

 

1. How did you install Windows? Was it Microsoft CD, a download or a recovery disk you have created?

 

2. Are you using a OEM computer or a custom built?

 

If it is an OEM then I suggest you to contact the manufacturer for better assistance.

 

If it is not an OEM computer, which media are you using and from where you bought the Windows?

 

Please get back to us with the above information in order to assist you accordingly.

K.Z. Sharief Khan
Ex-Microsoft Forum Moderator

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Looks like I'm a little late to the party here, but I was experiencing the exact same infuriating/mind-boggling behavior. Every time I clicked on 'new folder' in the command bar while an exe was selected, Windows would attempt to launch the application as if I had double clicked on it. The behavior appeared to be random as well - some exes would behave, others wouldn't. I quickly suspected that my system had somehow been compromised as watching an application begin to execute without my explicit approval definitely falls into the realm of suspicious behavior.

So I completely reformatted my drive and reinstalled Windows.

To my absolute dismay, the exact same thing happened in my brand new install. I had wiped the drive, repartitioned (effectively wiping the MBR), and still, somehow, I was still getting this strange issue. At this point I was thinking it must be some kind of HD corruption / rootkit / infected bios / explorer bug.

Not quite. After hearing Alan say that the problem disappeared when he zipped up his files and then unzipped them, an epiphany struck. :) Alternate data streams. I had recently read that prior to version 3, Firefox will automatically append an alternate data stream with the content of "[ZoneTransfer] ZoneId=3" to every downloaded file when the setting 'browser.download.manager.scanWhenDone' is set to true (which is default). This is discussed in detail here: http://blog.case.edu/bes7/2008/04/21/removing_security_warning_on_files_downloaded_with_firefox_30 - but the general idea is that Windows will heighten security for files downloaded from the internet, defined by a per-file zone identifier stored in an ADS. When Alan zipped and then extracted his files, he likely stripped out the ADS content in the process, thus eliminating the issue for that file.

After testing this theory out, I am positive that a major contributing cause to this behavior (and the reason why you failed to reproduce Alan's described issue) is in fact the existence of the the ZoneTransfer ADS, as loading an affected application in NirSoft's AlternateStreamView (http://www.nirsoft.net/utils/alternate_data_streams.html) and then stripping the ADS from the file eliminates the new folder glitch for me completely. But this also leaves me a little bit more vulnerable to a mistake if I accidentally double click on an exe I didn't intend to, because Windows will no longer prompt with a security warning upon file execution, without a ZoneId.

This unfortunately still leaves a couple questions unanswered. Why aren't more people reporting this? This should be affecting a large range of users - and why is explorer attempting to launch a file that has a zone identifier set to the maximum level when clicking on 'new folder'?

Looks like a pretty big bug here to me.

Updated steps to reproduce:

1. Find or create an exe with attached ZoneIdentifier ads
2. Select, but do not launch, the exe file in an active explorer window
3. Click new folder

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Engineer Sharief K,

 Pleace try with more download files on your pc or at home.

Try till you find it. Is a very common problem windows bug.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.