Folder named Virus

[SiriusD]

Hello. I hope im not In the wrong section. I found by accident a folder named Virus on my android phone. It was created on 8th January 2021. Inside there are many files called deletme_01_08_01_30 and they all have exactly 50mb. I use my phone only for yt and spotify. I did a scan with Malwarebytes, Kaspersky and ESET for android and the result showed no infected files. But this is so weird having a folder called Virus and some suspicious files..I connected the phone to a older laptop that I dont use anymore and scanned the files on virustotal.com and the files were infected. I didnt find not even one result on google about someone having a folder named virus. This is so weird. I regulary clean my phone for junk files and folders and this folder wasnt there. What do you guys think about all of this?

 

[Night]

Open the file in a hex editor and read the header to know with what you're dealing with. Could be an application, compressed file, etc. Post a screenshot of the first 4 bytes.

Edit: If you want, send me one of those files in PM, I'll investigate.

 

[SiriusD]

Open the file in a hex editor and read the header to know with what you're dealing with. Could be an application, compressed file, etc. Post a screenshot of the first 4 bytes.

I never used Hex before, I dont know if i screenshoted the right thing or not. Looks empty although it has 50mb.I also tried to open the file with notepad but nothing appeared although the scroll bar was going down and getting bigger so it was loading something... Also, isnt it weird it has no extension?

 

[Night]

Yeah, no info so far, you should send the file to me in PM.

 

[SiriusD]

Sent.

 

[Night]

It's a dummy file with no data at all. Now I'm wondering what generated these.

 

[Bill_Bright]

I would simply rename the folder to virus-delete and use the phone as normal for awhile. If nothing is broken, delete the folder. I would not open any of those files.

 

[SiriusD]

I would simply rename the folder to virus-delete and use the phone as normal for awhile. If nothing is broken, delete the folder. I would not open any of those files.

Well there isn't any way to open them...they dont have any extension. I scanned them with 5 differenti anti-malware apps and uploaded them on virustotal.com and they are not infected. I think they are some sort of logfiles or dummy files with nothing inside. I deleted them and changed my passwords. But why the hell would the person that is behind the malware would name the folder Virus and make it so obvious ? Im a bit worried that since it could write on my phone's internal storage probably it also had the ability to read...

 

[Bill_Bright]

Im a bit worried that since it could write on my phone's internal storage probably it also had the ability to read...

Just because the files were there, I would not automatically assume the offender could read your personal files or harder still, send copies of them back "home".

It actually sound like someone was be mischievous rather than malicious. Still, I am not very familiar with Android malware so at this point, with all the scans you did and with them all coming up clean, plus the fact your changed your passwords, I think you are safe. But it would still be wise to check for unfamiliar files every so often.

I would also make sure you disable Bluetooth and wifi when not using them.

 

[SiriusD]

Yes, I will keep an eye on suspicious file/folder names and do some regular scans. Thanks everyone, thread can be closed as far as I'm concerned.