Appearance of "info.zip" on my hard drives

PhilipJ

Hi,

does anyone else find that occasionally they find a file named "info.zip" on their hard drive(s) ?

When I scan with F-Secure it finds that these ZIP files contain some kind of worm or BitMiner type infection but don't remove them because F-Secure doesn't have this capability (delete an "archive" that is found to contain a suspicious file).

I delete these ZIP files, but a month or so later they are back, perhaps in different folder locations and perhaps with a different infection in them but they are remorseless in re-appearing!!

This suggests that I have something on my computer(s) that keeps re-creating these ZIP files in the hope that I will open them and thus install the worm!!

Does anyone know what this original infection might be and why F-Secure can't seem to find it and remove it ?

This is not a complaint about F-Secure as I previously used AVG and that also never seemed to get a handle on it.

Any suggestions or thoughts will be gratefully accepted

PhilipJ

Ukko

Hello,

Probably it is crucial to understand where these files located (like which folder, which hard drive). You wrote that it is different places each time, but is it so? And how much it is differ?

Also, the detection type is also important. Is it always with related 'wording'?

For example, by mention of info.zip and bitminer - in the web a lot of old stories about some bitcoin threats which somehow altered with user's systems in the past. Mostly NAS drives.

As such, those files can be temporarily browser's files. Meaning: somehow downloaded to system while visiting a certain website or web resource.

The other way is to plug some sort of 'drive' (USB or something) into system. Or even 'syncing' from older copies of your system (if you do use any backup software). Although... it will not explain anything.

Thanks!