Bizzare incident with suspected malware

Not open for further replies.


New Member
Thread author
Jan 10, 2023
Hello, I registered to share something odd that happened to me a few days ago and hopefully hear the opinion on the matter of more knowledgeable people. Normally after a suspected virus/malware infection I would just format and move on but this time I’m not even sure it was malware and the whole thing was strange and has left me confused and intrigued.

I have an old computer around that I’ve hooked to my tv and been using as a secondary pc, pretty much just use it to watch movies, play old games and browse the net. Main hardware is q6700 processor on a p35 motherboard with a rx480 gpu (the only somewhat modern thing on it) and two hdds (one old 256gb ssd for the os and a secondary 1tb mechanical drive for storage)
It has windows 7 installed (I know the os doesn’t receive updates anymore and is unsafe but I don’t use personal accounts or do anything sensitive on it so I couldn’t bother moving to win10) with up to date Kaspersky internet security and Firefox with ublock origin as browser.

Now, as for the incident with the suspected malware, I was browsing around websites with emulation resources and end up in some blog with external links to download romsets from filehosts. So I downloaded one to try out, it was a rar file uploaded in late November that supposedly contained roms but upon inspection it just contained a large txt file (about 60mb) with the same name as the rar.

This was probably reckless but since I was curious and this is a secondary pc with nothing of value stored on it I went ahead and uncompressed the file with 7zip. I also scanned the rar with KIS and later the uncompressed txt file and both came clean, this probably doesn’t mean much since I don’t expect any av to be infallible but I think it’s worth mentioning.

I also have the windows option to hide known extensions disabled and the file had a notepad icon so it seems that the file was a legit plain text unless the uploader used some other trick I don’t know about to hide the true file extension.

So curious as I was I opened the txt file with notepad, the program became unresponsive for a while which isn’t that alarming since it was a large txt file and the computer is old, when the text started appearing there was just a strange and out of context sentence written over and over “happiness and blessed days for you!”, as I scrolled down notepad started to become laggy and the text seemed to continuously load more lines so I freaked out a bit and closed it before trying to reach the bottom. I disconnected the computer from the net and deleted the files, I guess it would have been better to keep them to get more information now that any possible damage was done but I guess I wasn’t thinking straight. I did a full scan with KIS to see if it would catch anything but the results were clean other than some warnings for potentially harmful software from a recovery live cd with tools I had in my downloads.

At this point I turned off the computer, disconnected the secondary drive and powered it back on to do another full scan, this time with the admin account. I expected to be greeted by some ransomware affecting my files after logging in but to my surprise everything seemed fine, the scan came clean too. I plugged back the secondary drive and ran another full scan which also came clean. I used the computer a few hours afterwards and there were no obvious signs of malware infection. Maybe if I went online it would have started to act up?

While everything seemed fine I was still wary so what I did is replace the hard drives with another old one that I had with a clean install, I also flashed the motherboard bios before powering it on and reset the router. This might not be enough if it’s some sophisticated malware but since I’m not even sure if it’s malware I don’t want to go overboard.

What I find strange is that from what I’ve read a lot of malware comes in compressed files with office related document format files but never plain text as supposedly you can’t execute code that way. It might be that the malware is deployed by uncompressing the rar, but then why add the strange large text file? It seems like some kind of taunting ironic message, if this was some kind of malware meant to steal information it would be made to be as discrete as possible to remain undetected and keep the victim oblivious while it steals as much data as possible, wouldn’t it? The strange text just makes anyone that isn’t too computer savvy like me freak out and think something’s wrong.

Then there’s the possibility that this was some ransomware but I don’t see any sign of it like encrypted files and ransom notes.

What are your thoughts on it? Have you heard of a similar occurrence? Some possibilities I’ve considered if it isn’t malware:

- It’s some kind of prank, a harmless file uploaded with malicious intent. An antivirus wouldn’t pickup a simple compressed txt file but people like me with not much technical knowledge could get scared and waste time formatting their hard drives or taking the computer to a tech shop. However creating a blog with various entries and waste time uploading the files just for this seems a bit over the top.

I tested this out by creating a txt file myself of similar size with the same sentence and opening it. It did behave similarly with notepad becoming unresponsive for a while but once the text loaded I could swiftly reach the bottom without any lag. Could it be that because I created and edited this file it was stored in the ram and ran more smoothly?

- Another possibility is the blog creator makes money from the filehost from people downloading files and purchasing premium but instead of using roms that could be removed and get him in legal trouble he uploads this fake compressed files. This sounds a bit contrived and seems less probable, it would also be pointless to add the large text file and if this was monetary oriented they probably would also use a link shortener between the blog and the filehost link.
  • Thanks
Reactions: vtqhtr413


Staff Member
Nov 5, 2019
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Let's run these programs to find out if any malware is present.

Once done please do not add or do anything that may change the way this computer works at the moment.

Please download Malwarebytes Anti-Malware from Malwarebytes or
from BleepingComputer

Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Please download AdwCleaner by Malwarebytes your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the LogFile button and the report will open in Notepad.


If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Check off the element(s) you wish to keep.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleanerCx.txt (x is a number).

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "Upload file" button.
Do this for both files. Then press the "Post reply" button.

The Farbar program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
You should restore the program from the Quarantine folder.

Wait for further instructions


Posted recently.
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.