hobi

*FSProfile* Purpose of file, is it malware?

8 posts in this topic

Posted (edited)

What is purpose of program? C:\Program Files (x86)\Maxthon3\FSProfile\File System\001\t\00\00000000

My scanner detect it as malware.

Edited by hobi

Share this post


Link to post
Share on other sites

where did you download maxthon from ? there's no such folder here (FSProfile), neither in program files nor in app data....

Share this post


Link to post
Share on other sites

Don't have the folder either.

Share this post


Link to post
Share on other sites

Oliver One replied at 2015-3-25 09:04 back.gif

See here http://forum.maxthon.com/thread-11190-1-1.html

Maybe related with a player you have install ...

I havent installed any player, but how can i get it off?

Z:\_Temp\FSProfile\File System\Origins There is also FSProfile folder and Maxthon are using it.

There are 000010.sst, 000014.log, CURRENT, LOCK, LOG, LOG.old and MANIFEST-000013 files.

Those files contains text like "fôã0U 32leveldb.BytewiseComparator LAST_PATH-1Ü ­y? LAST_PATH000ORIGIN:https_plus.google.com_0000"

"SQLite format 3

· óÖ· ?IsOriginTableBootstrapped1;last_compatible_version2version4

º ºØô ?IsOriginTableBootstrapped;last_compatible_versionversion

® Ò® "=http://www.thesun.co.uk/ ,Chttp://www.ivillage.com.au/ .p¯/Ùj¾

¿ Þ¿ =http://www.thesun.co.uk/ !Chttp://www.ivillage.com.au/

à àà =http://www.thesun.co.uk/Chttp://www.ivillage.com.au/

í íó .p¯/Ùj¾

ž ž/Î f/tablemetametaCREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY, value LONGVARCHAR)'; indexsqlite_autoindex_meta_1meta))stableHostQuotaTableHostQuotaTableCREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));O) indexsqlite_autoindex_HostQuotaTable_1HostQuotaTabler++ƒtableOriginInfoTableOriginInfoTableCREATE TABLE OriginInfoTable(origin TEXT NOT NULL, type INTEGER NOT NULL, used_count INTEGER DEFAULT 0, last_access_time INTEGER DEFAULT 0, last_modified_time INTEGER DEFAULT 0, UNIQUE(origin, type)) ô úô

ÿ ÿ>‘ôw =Q+ indexsqlite_autoindex_OriginInfoTable_1OriginInfoTableQ)iindexHostIndexHostQuotaTableCREATE INDEX HostIndex ON HostQuotaTable(host)a++{indexOriginInfoIndexOriginInfoTable CREATE INDEX OriginInfoIndex ON OriginInfoTable(origin) ?+#indexOriginLastAccessTimeIndexOriginInfoTable

CREATE INDEX OriginLastAccessTimeIndex ON OriginInfoTable(last_access_time)C++indexOriginLastModifiedTimeIndexOriginInfoTableCREATE INDEX OriginLastModifiedTimeIndex ON OriginInfoTable(last_modified_time)"

I deleted all of those folders when Maxthon wasnt running and atleast now they are gone. Still i would like to know what was that?

Info about that 00000000 file "SoftwareBundler:Win32/OneClickDownloader"https://www.virustotal.com/en/file/606d53d2d619bbf347539726b4ec954a188330bd337c75b12a2f725fa1a4df21/analysis/1427259760/

Share this post


Link to post
Share on other sites

hobi replied at 2015-3-25 11:06 back.gif

I havent installed any player, but how can i get it off?

Z:\_Temp\FSProfile\File System\Origins Th ...

it looks like a malware, deleting the files may not be enough. You should perform a scan with an antivirus or malewarebytes

Share this post


Link to post
Share on other sites

Posted (edited)

Run these 2 free programs, in this order, remember to Right-Click on them and Run as Admin...

AdwCleaner Download ~ Free  ( this deletes Adware, Toolbars, Potentially Unwanted Programs, and Browser Hijackers on your PC )

Malwarebytes Anti-Malware ~ Free or Premium ( keep this always, very good to have )

Two other programs to remove Files, that won't delete " Access is denied " is this, to one day you need it ;
FileASSASSIN - Malwarebytes Free Software to Delete Locked Files.
GiPo@MoveOnBoot - GiPo@Utilities also works on a Win. 7.

If you need to make a CLEAN Install of ANY program, or installed Codec's / Codec Packs. Then use this free program...

Revo Uninstaller - Free or Pro, is just as good. ~> Uninstall software, remove programs, solve uninstall problems.

Revo uninstaller first uninstalls a program the normal way, it's not only uninstalls the programs, it will look for left behind files & folders, 

and also look & cleans for leftover registry keys, from those programs. Revo Uninstaller have another 8 handy and powerful tools, to clean up your system.

A very good and safe program to use, for cleaning up in Codec's or Codec Packs you may have installed, if a Player or Program won't work correctly.

More Help or Info : Blockandsurf - Off Topic (old-forum)
Best Regards Ohke

Edited by ~Ohke

Share this post


Link to post
Share on other sites

Thank you Ohke. I did have one malware, but thanks to Malwarebytes (i bought that premium couple years ago) it didnt do any harm (noticed from malwarebytes log that it was blockin connection to some website everyday at the same time). It was visual basic file that tried to download bitcoin miner.

Still it wasnt the one in the Maxthon folder.

AdwCleaner didnt find anything. Also tried couple other too, but nothing. So, i dont know what was that FSProfile, but atleast its gone now after i deleted it.

I think its releated to Maxthon because its also in there http://bbs.maxthon.cn/thread-866360-1-1.html i just dont understand what they are saying.

1 person likes this

Share this post


Link to post
Share on other sites

I have again one those FSProfile folders on my computer. One was in my temp folder and other was in Z:\_Temp\Maxthon3Cache\Temp\Webkit\FSProfile

 

It seems that those are Maxthon Download Manager files. And i get those if i download something from Mega https://mega.nz/

One of those was over 2 Gb.

Why Maxthon great those files?

Share this post


Link to post
Share on other sites